How foreign intelligence services likely hacked Hillary Clinton’s email server for secrets, data

By Bill Gertz 
The unfolding national security scandal involving former Secretary of State Hillary Clinton, the leading Democratic candidate for president, is expected to produce evidence of foreign intelligence service involvement in the compromise of U.S. secrets placed on an unsecure email server. 
That’s the conclusion of a senior State Department official who told me at least three foreign intelligence services – the Chinese, Russians and Israelis – almost certainly were able to hack into the private email server used by Clinton from 2009 to 2013. 
The official did not have evidence of the hacking but is well versed in what is called hacking TTP – tactics, techniques and procedures used by major cyber threat powers. 
The FBI has launched an investigation of the compromise of national security secrets after the U.S. intelligence community inspector general earlier this month discovered top-secret information within a sampling of emails sent between Clinton and several aides. 
The data included material classified at “SI/TK” level, designators for “special intelligence” and “Talent Keyhole,” used as code words for intelligence derived from satellites, both communications and imagery. 
The Obama administration has produced highly politicized federal government agencies, as shown in the IRS targeting of conservative groups, making the outcome of the FBI probe uncertain. 
However, after the compromise of massive amounts of highly classified documents first by Wikileaks and then in the theft by former NSA contractor Edward Snowden, ignoring serious classified information security crimes could prove difficult, even for officials within the current highly-politicized Justice Department where any prosecution decision in the Clinton case will be made. 
Among the most aggressive at breaking into foreign email accounts for intelligence purposes is the Chinese services, as its hacking against Google and Gmail accounts has shown. 
For the Chinese, a hacking operation against the Clinton email server would fall to China’s Technical Department of the Third Department of the People’s Liberation Army General Staff Department, known as 3PLA. Cyber attackers from 3PLA would first have to identify the private Clinton server, whose domain name was “” Once the server was identified, the Chinese would then conduct social engineering intelligence gathering operations prior launching technical penetration attacks. The civilian intelligence agency Ministry of State Security also is conducts cyber attacks and support intelligence. 
The disclosure of the private email server likely was known publicly to the Chinese since at least 2013, when a Romanian hacker named Guccifer hacked into the AOL email of Clinton associate Sidney Blumenthal and published emails Blumenthal had sent to Clinton’s domain account. 
Foreign intelligence services are known to monitor well-known hackers and their published material for just such targeting intelligence information. 
Similarly, Russian intelligence is considered extremely proficient, both technically and in the use of traditional intelligence-gathering techniques, in conducting cyber attack operations against email accounts. 
For the Russians, the GRU military intelligence service, the Federal Security Service, known as FSB, and the civilian foreign intelligence service SVR are known to have very strong cyber attack capabilities. 
U.S. intelligence discovered only recently that Russian services was developed robust cyber attack capabilities. Director of National Intelligence James Clapper told Congress in February that “the Russian cyber threat is more severe than we had previously assessed.” He did not elaborate. 
A Russian Defense Ministry institute called the Center for Research of Military Strength of Foreign Countries has been linked to GRU hacking against Georgia. 
Israeli cyber intelligence capabilities also are considered very sophisticated, based on the country’s advanced information technology infrastructure. The Israeli Defense Forces have dedicated cyber warfare and cyber intelligence forces, as does the civilian Mossad intelligence service. Israel’s interest in the Clinton email server would be intelligence on Obama administration Middle East policies, which have been viewed by critics as anti-Israel. 
Other foreign spy services capable of hacking the Clinton email server include the North Koreans, who showed their expertise last November by breaking into and destroying computer networks at Sony Pictures, as part of an operation to try and derail release of a film on North Korean leader Kim Jong Un. 
Iran’s intelligence services also are engaged in sophisticated cyber attacks and would be capable of getting into the Clinton email server. The Iranians have launched distributed denial-of-service cyber attacks on U.S. banks and an American casino. They also attacked the networks of Saudi Aramco, causing widespread computer and data damage. 
Clinton has provided conflicting stories about the server that is now in FBI hands after having been wiped clean of some 60,000 emails. Initially, Clinton said there was no classified information on the server and that her operating the private server was legal and within the rules. She has not responded to the sampling of the emails by the inspector general that found 305 emails with classified information, ranging from confidential to top-secret. 
“I did not send classified material, and I did not receive any material that was marked or designated classified,” Clinton told reporters on Tuesday. 
Clinton set up the private server weeks before assuming office as secretary of state in 2009. The server was handled by a network provider called Platte River Networks, a Denver-based IT company. 
Investigators likely will be probing whether Platt River was hit by foreign intelligence service cyber attacks between 2009 and 2013. The company announced it had wiped the Clinton email server clean in June 2013. Federal agents currently are attempting to recover the deleted data.
Investigators from the private public interest law group Judicial Watch say it appears from emails released so far, including the 305 that were found to contain classified data, that Clinton aides took classified information and excerpted the data into unclassified emails for Clinton. Such digesting of classified information into unclassified systems would violate federal statutes governing the handling of classified information. 
The intelligence and political secrets could be used by foreign intelligence services to support a variety of national policies and programs. 
In the case of the Russian intelligence, the successors to the KGB are known to continue the practice of engaging in coercive influence activities by threatening to disclose sensitive information about a particular foreign official. 

— August 22, 2015