Wednesday morning a scathing audit of former Secretary of State Hillary Clinton‘s email usage (along with the email use of Colin Powell, Condoleezza Rice, and others) was released. Investigators with the State Department Inspector General’s Office found that Clinton likely violated federal record keeping rules when she maintained the private server at her New York home. However, buried in the 83-page audit report may be an even more significant new piece of information. A tech advisor servicing the Clinton private email system reportedly notified Clinton’s staff that someone was trying and then had possibly “attacked” her server. In the report, Clinton also complained about receiving suspicious emails. Auditors found that she may have violated procedure by not notifying the proper security personnel about the emails. The OIG’s report seems to contradict what presidential hopeful Hillary Clinton told NBC’s Andrea Mitchell in a recent interview about whether there was any “indication she had been hacked.”
Here is the section from page 41 of the report which references an “attack”:
On January 9, 2011, the non-Departmental advisor to President Clinton who provided technical support to the Clinton email system notified the Secretary’s Deputy Chief of Staff for Operations that he had to shut down the server because he believed “someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to.” Later that day, the advisor again wrote to the Deputy Chief of Staff for Operations, “We were attacked again so I shut [the server] down for a few min.” On January 10, the Deputy Chief of Staff for Operations emailed the Chief of Staff and the Deputy Chief of Staff for Planning and instructed them not to email the Secretary “anything sensitive” and stated that she could “explain more in person.”
Earlier this month, NBC’s Mitchell asked Clinton the following, “Any indication your private server was hacked by foreign hackers?” “No,” Clinton replied. “Not at all.”
However, the audit reveals that Clinton did have suspicions that someone had breached her email back in 2011. See footnote 159 from the audit:
In another incident occurring on May 13, 2011, two of Secretary Clinton’s immediate staff discussed via email the Secretary’s concern that someone was “hacking into her email” after she received an email with a suspicious link. Several hours later, Secretary Clinton received an email from the personal account of then-Under Secretary of State for Political Affairs that also had a link to a suspect website. The next morning, Secretary Clinton replied to the email with the following message to the Under Secretary: “Is this really from you? I was worried about opening it!” Department policy requires employees to report cybersecurity incidents to IRM security officials when any improper cyber-security practice comes to their attention. 12 FAM 592.4 (January 10, 2007). Notification is required when a user suspects compromise of, among other things, a personally owned device containing personally identifiable information. 12 FAM 682.2-6 (August 4, 2008). However, OIG found no evidence that the Secretary or her staff reported these incidents to computer security personnel or anyone else within the Department.
In a statement, Clinton’s campaign spokesperson emphasized that Clinton’s use of a private email was not unique (Secretary of State Powell also used private email), but he didn’t respond to any of the hacking allegations.