Back in July, I read with great interest the statement from James B. Comey, the Director of the FBI, regarding the FBI’s investigation into Hillary Clinton’s use of a private email server, their cyber analysis in support of their investigation, and his ultimate decision to not recommend that she or others involved in this series of events be brought up on charges or prosecutes.
I read this with interest because, unlike others, I am not a self-described political blogger. I am a retired intelligence officer. I spent a lifetime living, eating, breathing these exact types of classified information, for 25 years. And currently, I teach these exact subjects to undergraduates and graduate students. This is what I do.
- I do not think anyone doubts that there was the unauthorized transmission or storage of classified information on any of a number of servers. The amazing thing, in reading these newly detailed FBI reports is that, holy Toledo, there are so many servers, computers, devices like iPads, tablets and phones, and even a missing thumb drive, onto which some or all of these emails have been transmitted and stored. This goes far beyond just a single server used for clintonemail.com and includes several for clintonemail.com – it goes to into the cloud, because people involved in this did things like mailed all of it to a Google account, allowing it all to be parked “in the cloud.” There are two whole copies of it all – one on a Macintosh laptop, the other on a thumb drive – that all parties involved cannot account for because someone mailed it – possibly via UPS, but maybe via the US Postal System – to someone else, but the recipient knows they did not receive it. It was transmitted everywhere, in transmission it passed through a lot of other servers that could do what they wanted with it, and these emails and classified information has been stored in manners that all have agreed was unsecure and not ok.
- There is a whole lot of technical stuff involved in this topic, and in this report. Nerd stuff. All kinds of server talk. And you know what? You can ignore 99% of it. You really can.
- Hillary Clinton contributed to four exchanges that were about information that was at the Top Secret / Special Access Program level. That’s not “Oh, she only received emails.” That’s “She was exchanging emails back and forth with someone,” about topics from a Special Access Program. That’s not “Oh, I sent an email to a foreign diplomat and afterwards, it was upgraded to Confidential and gosh, aren’t these classification rules so silly?” These are email exchanges – back and forth – about information that is very classified and heavily compartmentalized – among the crown jewels in the intelligence community. I will bet you dinner those were conversations about pending drone strikes or the deliberation of future drone strikes.
- Hillary Clinton’s office at the State Department was, in fact, a SCIF – the exact kind of Sensitive Compartmented Information Facility needed to talk about classified information. But here’s the thing – according to these FBI reports, she also had a SCIF at her home in DC, and one at her home in NY, too. She could have access to and work on all of these kinds of highly classified information – safely, securely, using all of the correct safeguards and equipment – while in the office or at home. How awesome is that?
- Now, add to that, her team was issued “regular notices” “highlighting cybersecurity threats and advising that mobile devices must be configured to the State security guidelines” primarily due to the foreign travel risk. But who configured Hillary Clinton’s Blackberry? Monica Hanley. Was she the information security and cyber threat expert at the Department of State? No – she was one Clinton’s aides.
- Not only did Monica Hanley have access to Hillary Clinton’s email account, so did others. Which means she and others, according to the FBI report, has access to the same emails Hillary Clinton was sending and reading, which we now know contained information that is classified up Top Secret / Special Access Program. Special Access Programs are an amazingly exclusive club – it’s a by-name thing. I really, really hope someone has gone back to determine if all of these other people who had access to her email account at the time of those emails, also had access to that specific Special Access Program (unlikely) and if not, appropriate action was taken. Ugh – the paperwork nightmare for that. Unauthorized disclosure for a SAP can be an absolute bear.
- The most telling comments from the two documents that the FBI released on Friday night – great timing, by the way – was that the FBI was able to do forensic analysis on the hardware to which they had access. During the entire time clintonemail.com was active, for about 4 years, Hillary Clinton had 13 different mobile devices – 11 of them were Blackberrys, 8 of which she used while Secretary of State. Why so many? According to this FBI report, Clinton’s Blackberry would “malfunction” and they would just get her a new one. In two instances, the FBI could account for how the devices were destroyed, but not the other 11. Here’s the thing – nowhere in the report does the FBI attempt to address why she was experiencing this high rate of malfunction, although they do point out that her devices – and devices in general – are the specific vector point in for foreign intelligence services when traveling overseas. With her Blackberry being configured by one of her aides, I will bet you dinner that her devices was being compromised again and again and again.
- But here’s the thing. When Hillary Clinton traveled outside of the United States (OCONUS), she would travel with the State Mobile Communications Team. Their job? Provide her and her team with the full suite of secure communications, exactly because she and her team (and their electronic devices) would be the deliberate target of just that kind of electronic attack. The SMCT provides the Secretary with everything she would need – email, voice, video, fax – the whole package. But what does she do? She uses her Blackberry to send President Obama an email from her Blackberry, about something that is later determined to be classified.
- At one point, the guy running the server says he found a “virus” on the server. The FBI report doesn’t release all of the details on this, and I sure would like to know more on this subject. But when your server admin says there’s a virus, that’s not a good thing. There’s not telling what this means – but the FBI has dismissed this. By her own admission, Hillary Clinton was the target of classic spear phishing attacks, as outlined in this FBI report.
- There were four mail ways Hillary Clinton’s communications – and this classified information that all of these people were transmitting and storing – could have been attacked. One was access to the server. One was through access to the devices – all of her Blackberries, but also to any of the devices – phones, tablets, computers, etc – used by any of these others. And the third is by attacking the email while it was in transit, and accessing it while it was en route or at rest of any of the servers through which they would have to pass. In the FBI report of their investigation, the FBI says – repeatedly – they did not have access to the hardware of all of the servers, and cannot say in anything close to any certainty if hackers or foreign intelligence services were able to penetrate the Clinton servers. The say the exact same thing about attacking the devices. But, there is a whole section in the report about whether hackers or foreign intelligence services could have targeted the emails and thus the classified information while it was en transit, and the whole of that is redacted – not released to the public. The fourth way, of course, would be to physically access any of the archives – and in the report, the FBI cites numerous examples in which the archives of the Clinton email have been lost, in whole or in part. Old fashioned theft is still alive and well in the intelligence world; it may be old, but it still works.
All the talk about the two men who were hired to set up and run these servers for her, their qualifications – really, their complete lack of qualifications – and the complete lack of security on the servers, and the amazing vulnerabilities that the FBI discovered on the servers – all of that is a barrel of red herrings. With regards to the issue of transmitting and storing classified information on an unsecure network, discussing the physical servers is entirely irrelevant – what kind of server and who ran it would not be called into question if humans did not make the deliberate decisions to write emails containing classified information up to and including Top Secret / Special Access Program information, on networks not accredited for that level of information.
Hackers and foreign intelligence services would not have to do hard work to gain access to this type of information. The most damage here was done through the disclosure by members of our own team. Clinton and her closest staff said that they discussed these most classified types of information on these most unsecure devices – and these devices that I suspect were compromised – “due to the operational tempo at the time,” and to a T, that all said that they “relied on the judgement of the individuals who sent the email” with regards to determining where the information was classified or not. The only problem is, they were sending emails, too. And by that logic, they should have been making that exact same determination – and they were not. As she and other recognized in this report, this is the exact type of information, the unauthorized release of which would cause damage to national security.
I would love to see the whole report. There are large sections that have not been released to the public. I’d love to know what they say.