Russia-linked hackers tried at least five times to pry into Hillary Rodham Clinton's private e-mail account while she was secretary of state, e-mails released Wednesday show. It is unclear if she clicked on any attachments and exposed her account.
Clinton received the infected e-mails, disguised as speeding tickets from New York, over four hours early in the morning of Aug. 3, 2011. The e-mails instructed recipients to print the attached tickets. Opening an attachment would have allowed hackers to take over control of a victim's computer.
Security researchers who analyzed the malicious software in September 2011 said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. That doesn't necessarily mean Russian intelligence or citizens were responsible.
Nick Merrill, a spokesman for Clinton's Democratic presidential campaign, said: "We have no evidence to suggest she replied to this e-mail or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these e-mails show is that, like millions of other Americans, she received spam."
Practically every Internet user is inundated with spam or virus-riddled messages daily. But these messages show hackers had Clinton's e-mail address, which was not public, and sent her a fake traffic ticket from New York state, where she lives. Most commercial antivirus software at the time would have detected the software and blocked it.
The phishing attempts highlight the risk of Clinton's unsecured e-mail being pried open by foreign intelligence agencies, even if others also received the virus concealed as a speeding ticket from Chatham, New York. The e-mail misspelled the name of the city, came from a supposed New York City government account and contained a "Ticket.zip" file that would have been a red flag.
Clinton has faced increasing questions over whether her unusual e-mail setup offered proper secrecy protection and records retention. The e-mails themselves — many redacted heavily before public release — have provided no shocking disclosures thus far and Clinton has insisted the server was secure.
During Clinton's tenure, the State Department and other U.S. government agencies faced their own series of hacking attacks. U.S. counterterrorism officials have linked them to China and Russia. But the government has a large staff of information technology experts, whereas Clinton has yet to provide any information on who maintained her server and how well it was secured.
The e-mails released Wednesday also show a Clinton confidant urging her boss and others in June 2011 not to "telegraph" how often senior officials at the State Department relied on their private e-mail accounts to do government business because it could inspire hackers to steal information. The discussion never mentioned Clinton's own usage of a private e-mail account and server.
The exchange begins with policy chief Anne-Marie Slaughter lamenting that the State Department's technology is "so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home e-mail accounts to be able to get their work done quickly and effectively." She said more funds were needed and said an opinion piece might make the point to legislators.
Clinton said the idea "makes good sense," but her chief of staff, Cheryl Mills, disagreed: "As someone who attempted to be hacked [yes I was one], I am not sure we want to telegraph how much folks do or don't do off state mail because it may encourage others who are out there."
The hacking attempts were included in the 6,300 pages the State Department released, covering a period when U.S. forces killed Osama bin Laden and the Arab Spring rocked American diplomacy.
New York State police warned as early as July 2011 about e-mails containing warnings of traffic tickets that actually contained computer viruses.
Clinton received five such e-mails between 1:44 a.m. and 5:26 a.m. on Aug. 3, 2011. They appeared to come from "New York State — Department of Motor Vehicles," warning that a car registered to Clinton was caught speeding "over 55 zone" on July 5. Clinton had no public events in Washington that day, following the July 4 holiday. The e-mail instructed the recipient to "print out the enclosed ticker and send it to town court, Chatam Hall, P.O. Box 117."
The former first lady and New York senator had maintained that nothing was classified in her correspondence, but the intelligence community has identified messages containing "top secret" information. Clinton had insisted that all of her work e-mails were being reviewed by the State Department, but Pentagon officials recently discovered a new chain of messages between Clinton and then-General David Petraeus dating to her first days in office that she did not send to the State Department.
As part of Wednesday's release, officials upgraded the classification level of portions of 215 e-mails, State Department spokesman John Kirby said. Almost all were "confidential," the lowest level of classification. Three e-mails were declared "secret," a mid-tier level for information that could still cause serious damage to national security, if made public.
"The information we upgraded today was not marked classified at the time the e-mails were sent," Kirby stressed.