How Russian hackers tried to break into Hillary Clinton's email system
Five times, Russia-linked hackers tried to trick Hillary Clinton into infecting her computer systems while she was secretary of state. The phishing attempts highlight the risk of Clinton's unsecure email setup.
(AP Photo/Jon Elswick)
Russia-linked hackers tried at least five times to trick Hillary Rodham Clinton into infecting her computer systems while she was secretary of state, newly released emails show. It is unclear whether she was fooled into clicking any attachments to expose her account.
Clinton received the virus-riddled emails, disguised as speeding tickets from New York, over four hours early on the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets — and opening them would have allowed hackers to take over control of a victim's computer.
Security researchers who analyzed the malicious software in September 2011 said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. That doesn't necessarily mean Russian intelligence or citizens were responsible.
Nick Merrill, a spokesman for Clinton's Democratic presidential campaign, said: "We have no evidence to suggest she replied to this email or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam."
Practically every Internet user is inundated with spam or virus-riddled messages daily. But these messages show hackers had Clinton's email address, which was not public, and sent her a fake traffic ticket from New York state, where she lives. Most commercial antivirus software at the time would have detected the software and blocked it.
The phishing attempts highlight the risk of Clinton's unsecure email being pried open by foreign intelligence agencies, even if others also received the virus concealed as a speeding ticket from Chatham, New York. The email misspelled the name of the city, came from a supposed New York City government account and contained a "Ticket.zip" file that would have been a red flag.
Clinton has faced increasing questions over whether her unusual email setup amounted to a proper form of secrecy protection and records retention. The emails themselves — many redacted heavily before public release — have provided no shocking disclosures thus far and Clinton has insisted the server was secure.
During Clinton's tenure, the State Department and other U.S. government agencies faced their own series of hacking attacks. U.S. counterterrorism officials have linked them to China and Russia. But the government has a large staff of information technology experts, whereas Clinton has yet to provide any information on who maintained her server and how well it was secured.
Republican presidential candidate Marco Rubio told Fox News Channel on Wednesday, "The exposure of sensitive information to foreign intelligence agencies by communicating in an insecure manner is incompetent, it is malpractice, it's inexcusable."
The emails released Wednesday also show a Clinton confidant urging her boss and others in June 2011 not to "telegraph" how often senior officials at the State Department relied on their private email accounts to do government business because it could inspire hackers to steal information. The discussion never mentioned Clinton's own usage of a private email account and server.
The exchange begins with policy chief Anne-Marie Slaughter lamenting that the State Department's technology is "so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively." She said more funds were needed and that an opinion piece might make the point to legislators.
Clinton said the idea "makes good sense," but her chief of staff, Cheryl Mills, disagreed: "As someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don't do off state mail b/c it may encourage others who are out there."
The hacking attempts were included in the 6,300 pages the State Department released, covering a period when U.S. forces killed Osama bin Laden and the Arab Spring rocked American diplomacy.
New York State police warned as early as July 2011 about emails containing warnings of traffic tickets that actually contained computer viruses.
Clinton received five copies between 1:44 am and 5:26 am on Aug. 3, 2011. They appeared to come from "New York State -- Department of Motor Vehicles," warning that a car registered to Clinton was caught speeding "over 55 zone" on July 5. Clinton had no public events in Washington that day, following the July 4 holiday. The email instructed the recipient to "print out the enclosed ticker and send it to town court, Chatam Hall, PO Box 117."
The former first lady and New York senator had maintained that nothing was classified in her correspondence, but the intelligence community has identified messages containing "top secret" information. Clinton had insisted that all of her work emails were being reviewed by the State Department, but Pentagon officials recently discovered a new chain of messages between Clinton and then-Gen. David Petraeus dating to her first days in office that she did not send to the State Department.
As part of Wednesday's release, officials upgraded the classification level of portions of 215 emails, State Department spokesman John Kirby said. Almost all were "confidential," the lowest level of classification. Three emails were declared "secret," a mid-tier level for information that could still cause serious damage to national security, if made public.
"The information we upgraded today was not marked classified at the time the emails were sent," Kirby stressed.