A number of malicious attackers apparently tried to break into Hillary Clinton’s private email server while she was serving as Secretary of State, according to new documents released from the FBI’s investigation into its use.
In a section detailing the FBI’s look into potential intrusions of the server, Bryan Pagliano, the IT worker who helped set it up, told agents the server had no security breaches, but it had many failed login attempts, which he characterised as “brute force attacks.”
In these types of attacks, a hacker tries to guess passwords one by one, or uses an automated tool to do it until getting it right. Pagliano said these types of attacks “increased over the life” of the server, and he set up alerts for when they occurred.
It’s worth noting, that most companies of all sizes experience the same sort of attempts by hackers to break into their computers and networks.
The FBI could not determine whether hackers gained full access to the server, but on at least one occasion, a hacker did take over an email account belonging to a staffer for President Bill Clinton, the documents said.
“Forensic analysis noted that on January 5, 2013, three IP addresses matching known Tor exit nodes were observed accessing” the account, meaning that an attacker using the Tor service — which encrypts and hides a person’s online presence — logged in and browsed emails, folders, and attachments. The FBI was unable to determine who the attacker was.
There were also number of security lapses revealed in the FBI documents.
While the server was set up in Jan. 2009, it wasn’t until late March that Pagliano set it up with an SSL security certificate that would encrypt login credentials as a user logged in, which never covered email content stored on the server. For this three-month period — if a hacker were so inclined and could intercept the traffic — email traffic from clintonemail.com was “potentially vulnerable to compromise,” the FBI said.
Pagliano also recalled a conversation with someone (redacted in the documents) who advised he set up Transport Layer Security, or TLS, a tunnel which would protect data travelling to the server from servers hosted at the State Department. This move apparently never happened.
However, it’s also worth noting that the two technologies, SSL and TSL, are related technologies, and when it comes to setting up email servers, often a server in those days would use one or the other.
The FBI also found that Microsoft’s Remote Desktop Protocol (RDP) was enabled on the server, which the FBI said it was aware had “known vulnerabilities” associated with it. Though RDP is used by many organisations to allow certain employees to access a system over the internet, they are often only as strong as their usernames and password.
In his statement following the investigation, FBI Director James Comey said that the FBI did not find “direct evidence” the server was successfully hacked, but he added, “given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence.”
Translation: We did not find the fingerprints of hackers on this system, but hackers often cover up their tracks and delete traces of their breaches, so it’s very possible they broke in and we would never know it.
Of whether the server was hacked, Clinton’s website says: “No, there is no evidence there was ever a breach.”
Still, Comey spoke of “hostile actors” who did gain access to private email accounts of people Clinton emailed. Though he didn’t name names, at least one of those actors was Guccifer, whose real name is Marcel Lehel Lazar, the infamous hacker — recently sentenced to four years in prison — who broke into more than 100 accounts of prominent Americans.
“She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries,” Comey said. “Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.