Foreign cyberattacks, many of which originated out of China, targeted Hillary Clinton’s private email server, according to a recently released congressional report.
Clinton’s server, which stored some 55,000 pages of emails from her time as secretary of state, was the subject to these attempted cyberattacks in early 2013. If she lost key US secrets to the Chinese military through her mismanagement of this server, it could spell disaster for Clinton’s already faltering presidential campaign.
Intelligence analysts say they can not yet tell if the Chinese efforts were successful. But if they were, these attacks could have leaked countless amounts of US top secret data to Chinese spies.
Clinton “essentially circumvented millions of dollars’ worth of cybersecurity investment that the federal government puts within the State Department,” said Justin Harvey, chief security officer of Fidelis Cybersecurity.
“She wouldn’t have had the infrastructure to detect or respond to cyber attacks from a nation-state,” he said. “Those attacks are incredibly sophisticated, and very hard to detect and contain. And if you have a private server, it’s very likely that you would be compromised.”
The congressional report reveals that there was a period of more than three months,from June to October 2013, when “threat monitoring” protection had not been installed on the servers, according to a letter from Sen. Ron Johnson, R-Wis., chairman of the Homeland Security and Government Affairs Committee. That means any state secrets contained on Clinton’s server was vulnerable to cyberattacks during that time.
Johnson’s letter to Victor Nappe, CEO of SECNAP, the company that provided the threat monitoring product, seeks a host of documents relating to the company’s work on Clinton’s server and the nature of the cyber intrusions detected. Johnson’s committee is investigating Clinton’s email arrangement.
A February 2014 email from SECNAP reported that malicious software based in China “was found running an attack against” Clinton’s server. In total, Senate investigators have found records describing three out of five such attempts linked to China. The attacks occurred in 2013 and 2014. The letter describes four attacks, but investigators have since found records about the fifth attempt.
The new revelations underscore the extent to which any private email server is a target, raising further questions about Clinton’s decision to undertake sensitive government business over private email stored on a homemade system.
Any hackers who got access to her server in 2013 or 2014 could have stolen a trove of sensitive email traffic involving the foreign relations of the United States. Thousands of Clinton emails made public under the Freedom of Information Act have been heavily redacted for national security and other reasons.
The FBI is investigating whether national security was compromised by Clinton’s email arrangement.
This is not the first time Clinton may have lost state secrets to foreign hackers. It was reported last month that Russia-linked hackers sent Clinton emails in 2011 – when she was still secretary of state – loaded with malware that could have exposed her computer if she opened the attachments. It is not known if she did.
The attacks Johnson mentions in his letter are different, according to government officials familiar with them. They were probing Clinton’s server directly, not through email.
The Associated Press contributed to this article