Clinton Email Server Hit in Cyber Attacks From Russians, Other Hackers

FBI could not confirm evidence that cyber attackers gained access

Hillary Clinton
October 18, 2016

Hackers from Russia attempted to break in to Hillary Clinton’s private email server although the cyber intrusions did not appear to be successful, according to FBI documents made public Monday.

FBI investigators issued a qualified assessment of whether foreign hackers broke into the email server, stating in the heavily redacted report that it could not confirm evidence of foreign hacking.

The FBI concluded that the unsecure email system was "potentially vulnerable to compromise" and was frequently attacked by unknown foreign hackers, according to part one of a four-part report.

Hacking attempts against Clinton’s private email server increased sharply after the New York Times revealed its existence on March 2, 2015. The cyber attacks were targeted against the server, an associated domain controller, and Clinton’s Apple iCloud account, the FBI stated.

The Times report did not identify Clinton’s email address, but the FBI said hackers likely learned her email address from open sources after aide Sidney Blumenthal’s AOL email was hacked in 2013. Among the hacked emails made public were emails between Blumenthal and Clinton writing under the email alias "hdr22."

The FBI stated that Blumenthal was hacked by the Romanian hacker Marcel Lehel Lazar, known as "Guccifer," and suggested he was linked to Moscow.

U.S. intelligence agencies announced on October 7 that the Russian government, operating through cutouts identified as Wikileaks,, and Guccifer 2.0, directed the hacks of American political organizations in a bid to influence the U.S. presidential election.

"Lazar disseminated emails and attachments sent between Blumenthal and Clinton to 31 media outlets, including a Russian broadcasting company," the FBI said.

Additionally, hackers from Russia and Ukraine tried to log in to Clinton’s email accounts shortly after Guccifer’s hack of Blumenthal.

"An examination of log files from March 2013 indicated that IP addresses from Russia and Ukraine attempted to scan the server on March 15, 2013, the day after the Blumenthal compromise, and on March 19 and March 21, 2013," the report said. "However, none of these attempts were successful and it could not be determined whether this activities was attributable to Lazar."

Lazar’s claim to Fox News that he used information from Blumenthal’s emails to break into the Clinton server was false, the FBI said after questioning the hacker.

Other cyber attacks on the server included numerous attempted break-ins described by the FBI as "brute force" attacks—repeated log-in attempts, usually by automated hacking software.

Brian Pagliano, who was the system administrator for the email server, told the FBI that the brute force cyber attacks increased over time, although he asserted there were no security breaches to the system.

The server used for the emails also employed a Microsoft remote access protocol that the FBI described as having "known vulnerabilities" to hackers.

In January 2011, Justin Cooper, an aide to former President Bill Clinton who helped set up the private email, notified Clinton aide Huma Abedin that the system was being hacked and that he had shut it down in response. The FBI was unable to identify what it termed the "successful malicious login activity" from the hack.

Forensic analysis by FBI investigators determined that "scanning attempts" by outside cyber intruders took place against the private server and "one appears to have resulted in a successful compromise of an email account on the server," the report said.

The hack took place on January 5, 2013, when an anonymous user operating Tor software hijacked the email account of a woman described by the FBI only as a "President Clinton staffer." The hacker then browsed email folders and attachments.

The FBI also stated that potentially malicious hackers tried to exploit software vulnerabilities in the server on multiple occasions, although they were not successful.

The report stated there were major gaps in the investigation of cyber intrusions because the FBI did not have access to all 13 mobile devices Clinton used during her tenure as secretary of state.

"As a result, the FBI could not make a determination as to whether any of the devices were subject to compromise," the report said, noting the FBI also did not examine two of Clinton’s five iPads for signs of compromise.

Clinton was the target of multiple email "phishing" attempts while using the private server, including a fake email from a State Department official’s email account that contained a potentially malicious link.

Clinton sent a reply to the email asking, "Is this really you? I was worried about opening it?"

Another email quoted Abedin as telling a colleague Clinton was worried "someone [was] hacking into her email" after she received an email from an associate with a link to a website with pornographic material.

"The FBI’s inability to recover all server equipment and the lack of complete server log data for the relevant time period limited the FBI’s forensic analysis of the server system," the report said.

"As a result, FBI cyber analysis relied, in large part, on witness statements, email correspondence and related forensic content found on other devices to understand the setup, maintenance, administration and security of the server systems."

More than 15 pages of the 47-page FBI report were cut out according to declassified guidelines that allow information to be withheld on national defense and foreign policy grounds, and to prevent the disclosure of techniques and procedures used for law enforcement prosecutions that would be useful to cyber criminals.

Published under: FBI , Hillary Clinton