Hillary’s Secret Server Was Hit with 10 Hack Attempts in Two Days
IT worker Pagliano speculated Clinton emails would 'be susceptible to such an attack'
Hillary Clinton’s secret email server came under 10 hacking attacks in two days in November 2010, according to State Department communications obtained by a conservative watchdog group.
Washington-based Judicial Watch sued under the Freedom of Information Act to obtain the State Department emails. Bryan Pagliano, an information technology worker who set up the server in Clinton’s home when she was secretary of state, detailed the hacking attempts in emails on Nov. 29. 2010, to Justin Cooper, then a top aide to former President Bill Clinton.
“We use their servers to resolve external websites for both the sbs and blackberry server so we’d be susceptible to such an attack.”
Pagliano warned Cooper that because of an outside service vendor relied upon by the Clinton system, “we’d be susceptible to such an attack.”
Cooper later informed the U.S. Secret Service of the attempted hacks, turning over each of the 10 reports and summaries that Pagliano sent him.
The exchange released by Judicial Watch on Tuesday between Pagliano and Cooper is part of the 15,000 emails discovered by the FBI after Clinton ordered them deleted from her system. The FBI closed out its investigation in July with a recommendation of no criminal charges, but FBI Director James Comey announced last week that he was reopening the case after the discovery of “potentially pertinent” emails on a computer used by disgraced former Rep. Anthony Weiner, the estranged husband of longtime Clinton aide Huma Abedin.
“These new emails show that the Clinton email server was subject to an aggressive and targeted hacking attempt,” Judicial Watch President Tom Fitton said in a prepared statement. “And we now know that yet another government agency, the United States Secret Service, not only knew about the Clinton email system but that it was the target of hacking. The Clinton email scandal has now widened to yet another Obama administration agency.”
Kyle Shideler, director of threat information at the Center for Security Policy, told LifeZette that State Department officials, the Secret Service, and President Obama all appeared to know that Clinton was using a private server — and gave her a pass.
“How is it that the American people were the last to know?” he asked.
The attempted breaches of the system began on Nov. 27, 2010, and continued through Nov. 29 of that year. Each alert had the same message, apparently from the cyber security firm Symantec: “There was a failed logon attempt logged on the server. To check who it was log onto the server and double-click on the toolbox icon labeled Failed_Logon_Attempt.”
Pagliano on Nov. 29 emailed Cooper to inform him that the failed logon attempts appeared to be from Abedin and from Doug Band, then an executive at the Clinton Foundation. “Would be useful to know if it was them who tried to log in,” he wrote.
In an email on Nov. 30, Pagliano indicated it was “weird” that the attack came from a company called OpenDNS, which hosts a cloud computing security product suite and offers protections against phishing. Pagliano described it as a “fairly reputable organization.” He added, “The traffic seems to have cleared up at about 11:50 p.m. I wonder if they had someone launching an attack from their servers. That may explain the DNS issue we had earlier.”
Pagliano speculated that it might be an “injection attack,” which is the most common and successful type of attack on the internet due to its numerous types, large attack surface, and the complexity required to protect against such breaches.
“We use their servers to resolve external websites for both the sbs and blackberry server so we’d be susceptible to such an attack,” Pagliano wrote.
Shideler said the emails from Pagliano highlight the risks that Clinton used in communicating outside of a secure government system — even, in some cases, involving classified information.
“It goes toward some of the questions we’ve had,” he said. “They were clearly vulnerable. And the IT guy’s conversations shows that he knew that.”