Hillary’s Email was Hacked, but What was the Extent of the Damage?

This is a long and complicated story with many twists and turns, but it all begins shortly after Hillary Clinton became Secretary of State in 2009. According to some sources, Hillary was never really interested in using the government email system. She preferred to use her Blackberry for her emailing, even when such actions were forbidden within the SCIF (Sensitive Compartmented Information Facility) building in which she worked. To accommodate her and some of her staff, a separate room was set up so that she could use her Blackberry without compromising the network. I’m not sure if the IT staff would have been so accommodating to anyone else.

There was apparently some confusion among those communicating with Hillary as to the extent to which she was allowed to use her phone and her private clintonemail.com email to receive classified information. Clinton, herself, made no attempt to clarify the situation by dissuading her contacts from emailing her classified information. Some of those who sent her sensitive government information thought that her private email address had been approved by government IT security. This confusion may have led to 2,100 classified emails being sent to her private account, 22 of which were considered top secret.

Attention must then shift to how secure clintonemail.com was. Most security experts do not think it was secure at all. For example, it did not use VPN, which is a fairly common tactic when trying to protect sensitive data. As one analyst noted, “an attacker with a low skill-level would be able to exploit this vulnerability.”

There is some evidence that Hillary’s email may have become vulnerable when its internet service provider, Internap, fell victim to the Russian-based RSA hack in March of 2011. Whether this was a defining moment is not clear, but it ushered in a bad couple of years for Hillary, her friends, and her email.

First came the problems associated with her former Chief of Staff and current vice chairwoman of her campaign, Huma Abedin. Abedin is often referred to as Hillary’s shadow. You can’t get to Hillary without going through Abedin. Some have even termed her a ‘dark shadow’ because of her family’s links to the Muslim Brotherhood and her active participation in George Washington University’s radical Muslim Students Association (MSA), which had extensive ties to al-Qaeda.

In any event, Huma married New York Representative, Anthony Weiner, in 2010. He was ‘exposed’ in the Weinergate sexting scandal in May of 2011. Huma was pregnant at the time and gave birth in December of that year. Apparently, she sought, and found, solace from Hillary, another infidelity victim. Huma had her own clintonemail.com account and occasionally wrote in Hillary’s behalf from Hillary’s email. As cybersecurity expert, Alex McGeorge, noted, “Am I surprised that aides had access to her email? No I am not. Is that a security no-no. Yes,” It simply opens another avenue for attacks. Coincidentally (?), the month of May, 2011, also saw hacks of the Department of Defense and the Pentagon.

Things got no better in June of 2011. Hillary’s confidant, Sydney Blumenthal, one of the most frequently seen names in these emails, was, according to NSA sources, sending top secret information to her personal email.  Hillary’s husband, Bill, was opening a consulting company with some of his associates. It was called Teneo Strategy. He would become a paid advisor for the company until conflict of interest problems forced him to sever ties with it in 2012. We will return to Teneo later.

In July, Hillary had a puzzling email exchange with a friend in the state department named, Nora Toiv. This exchange seems to exemplify some of the problems with her private emails so I will put those excerpts here. The exchange begins innocuously enough.

nora1

To which Hillary replies a few minutes later,

nora2

Hmmm. Isn’t this email supposed to be dedicated to personal email? Why is she asking for a government address? Here’s the problem. If Hillary’s server could be penetrated and her email compromised, the attacker would have access to the addresses of everyone in her address book. If they had the addresses of people in government agencies, they could use Hillary’s own email address to send a phishing email. Think of it. If you were working in the state department and got a message purportedly from your boss, Hillary Clinton, asking you to look at an attachment, would you ignore it because you thought it might be a hacking attempt? Probably not.

However, a few minutes later, Toiv writes back,

nora3

Her gmail address is nora.toiv@gmail. It was redacted here but can be found in other emails as well as on the internet. I include it here to show how easy it would be for a hacker to guess it. They could even scrape it from the internet and put it on a saleable, valid email list that spammers like to purchase. Any potential cyber criminal, realizing that Nora Toiv was connected to Hillary, would have an easy access to her. As for the point of Hillary always writing Toiv via her government address, this seems to be true. However, the response seems to puzzle Hillary.

nora 4

First of all, notice that this email was sent from a different address. It is unclear why she says that she only has Toiv’s gmail. Maybe she only has this address in this particular account’s address book. Maybe Hillary thinks Chinese hackers have already infiltrated her email account and sent out phishing emails from it. Maybe the email from the HDR22 account was sent by attackers trying get Toiv’s government email address. Who knows?

We do know, however, that Hillary’s email was successfully penetrated the very next day.  Here’s the email that got through the clintonemail.com server.

neera1

Yeah, you would think that her server would be able to figure out this was a spam or phishing email, but, apparently, it accepted emails from valid addresses/contacts.

Hillary realized something might not be right and wrote back,

neera2

Of course, the question is: Did Hillary click on the link? It is pretty clear that Neera Tanden’s server let someone compromise her email.  So, who’s Neera Tanden and what, if any, important email connections did she have?

Neera Tanden worked as a health reform advisor for both the Clinton and Obama administrations. In 2011, she became president and CEO for the left-wing think tank, The Center for American Progress (CAP), which was originally funded by billionaire, George Soros, a long time friend of the Clintons. CAP is heavily funded by major businesses such as Lockheed, Boeing, General Motors, General Electric, Comcast, Wal-Mart, and Goldman-Sachs. Clearly, the Center for American Progress serves as a link between these donors and Clinton. Thus, the hacker who took control of Tanden’s account, and may have compromised Hillary’s, had access to numerous high profile contacts. Through Hillary, they would have access to high level government officials, possibly including the president himself.

The evening of the day Hillary received the Tanden email, Tanden sent an apology.

neera hack

Well, it may have been nothing more than that, but it could have been something far worse. What if the fake Philippine site contained malware? You never know.

What these two separate conversations show is that Hillary’s email was an open door to attackers. You would think she would have secured her email and server after the above attack, but she did not. She was attacked again by Russia-based hackers in August of 2011. They sent her an email pretending to be from the New York Department of Motor Vehicles with a traffic ticket as an attachment. If opened, the attachment would have released malware that would have taken control of her email and, quite possibly, her computer/cell phone. We do not know if she opened the attachment and it really doesn’t matter. What it proved was that Hillary’s private email address was now ‘in the wild’. It was readily available.

The fateful year of 2011 was not finished with many of the participants in this drama. Huma Abedin began working for Teneo by the end of the year and gave birth to a son, Jordan, in December. In mid 2012, she began working for the Clinton Foundation. She did not leave her husband despite a second instance of infidelity in 2013. Hillary refers to her as “a second daughter”. Anthony Weiner failed in his bid to continue his political career and has not been able to find a suitable consultant position. He recently played a role in the movie, Sharknado 3.

In November of 2011, Neera Tanden became president of the Center for American Progress. The Center was hacked by Chinese hackers in February of 2013, which should not come as much of a surprise. The Center has received criticism from other left-wing groups for working too closely with businesses. George Soros, the financial father of the organization, recently donated $8 million to the Clinton campaign. He has also been accused of paying people to demonstrate against Donald Trump in New York.

Nora Toiv, whose email compromised Hillary’s server, left her state department position in 2012 to work with (who could have guessed) Teneo, where she served as vice president. She left that post after a year to work as Gender Advisor in the Office of the Global AIDS Coordinator at the Department of State. No, I’m not making this up. The Office of Global Aids Coordinator works directly under the Department of State, which was hacked by Russian cyber criminals in November  of 2014.

Hilllary’s confidant, Sydney Blumenthal, was hacked in early 2013. The hacker, known as Guccifer, released documents which led to the initial suspicion that Hillary was using her private email for classified correspondence, as the documents the hacker released showed that Blumenthal had sent Hillary top secret information. In addition, by hacking Blumenthal, Guccifer exposed yet another avenue of attack on the Clinton server. Guccifer is now serving a seven year prison sentence in Romania. At the time of his arrest, he was an unemployed taxi driver.

Hillary Clinton is currently under investigation by the FBI for improper use of her private email to conduct classified government business. It is thought that such use may not only have compromised her email, but could have compromised multiple branches of the US government. If convicted, she could be sentenced to a prison term of up to 10 years. She is currently on course to become the democratic presidential nominee. Let us hope that she changes her email address and maybe ditches her Blackberry.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

2 Responses to Hillary’s Email was Hacked, but What was the Extent of the Damage?

  1. Pingback: The Illuminati, the Russian Secret Service, and Colin Powell’s Grandmother: The Strange Story of Hillary Clinton’s Email Hacker | Secure Your Workplace Network

  2. Pingback: Cyber-based October Surprises Could Decide the Election | Secure Your Workplace Network

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s