Malicious actors routinely attempted to hack the personal email accounts of senior State Department officials during Hillary Clinton’s tenure as the nation’s chief diplomat, an internal memo reveals.
The February 2011 memo, obtained by the Competitive Enterprise Institute through an open records request and shared with the Washington Free Beacon, warned of "a dramatic increase … in attempts by [redacted] to compromise the private home e-mail accounts of senior [State] Department officials."
All of Clinton’s official email communications as secretary of state took place through a personal email address housed on a "homebrew" server in her Chappaqua, N.Y., home.
According to the memo, written specifically for Clinton by Eric Boswell, then the State Department’s top diplomatic security official, the unnamed hackers were attempting to breach officials’ email accounts via a technique known as "phishing."
"Specifically, the actors are sending cleverly forged e-mails to victims’ private web-based accounts (e.g. Gmail, Hotmail, Yahoo)," he wrote. "These ‘spear phishing’ messages appear to be sent by U.S. government officials but are designed to trick recipients into activating embedded malicious code by clicking on an attachment or link."
It is not clear whether Clinton herself was a target of the attacks mentioned in Boswell’s memo. But emails recently released by the State Department suggest that Clinton was targeted by a phishing scheme originating with Neera Tanden, the president of the Center for American Progress.
Clinton did not immediately appear to realize that the email was a phishing scheme.
"Neera–did you send me this? If not, I think your email address book has been hacked. If so, why?" she wrote. "Anyway, hope you're well."
Because the phishing attempts identified in Boswell’s memo targeted personal email accounts, he assured Clinton that classified information was not at risk.
"Although the targets are unclassified personal e-mail accounts, the likely objective is to compromise user accounts and thereby gain access to policy documents and personal information that could enable technical surveillance and possibly blackmail," Boswell wrote.
However, revelations that Clinton received classified information on her personal email account means that a breach could have exposed secret data that Boswell assumed was protected from successful phishing attempts.
Clinton has maintained that information sent and received by her personal email address was not marked classified at the time. However, according to nondisclosure agreements signed by Clinton, she was responsible for ascertaining the classification status of information in her possession.