Politico | 5 July 2016
America’s digital adversaries — including China, Russia and even Israel — may have had access to Hillary Clinton’s private email arrangement, security experts say, despite the FBI’s conclusion that there is no “direct evidence” of such breaches occurring.
FBI Director James Comey on Tuesday said his agency’s lengthy investigation into Clinton’s “homebrew” setup uncovered no successful hacks since its 2009 origin. But, Comey cautioned, the heavily trafficked system was “readily apparent” to many people, making it “possible that hostile actors gained access to Secretary Clinton’s personal email account.”
Story Continued Below
These “hostile actors” likely run the gamut, from allies to enemies.
“Given the framing of it — we didn’t see the evidence, but given the nature of the attackers, we wouldn’t expect to see any evidence — I read the FBI statement as saying it was very likely that Russian and/or Chinese intelligence gained access to her personal email,” said Adam Segal, a Chinese cyber policy expert and senior fellow at the Council on Foreign Relations.
The most likely suspects are Russia, China and Israel “in that order,” said Morgan Wright, a cybersecurity consultant who has worked with tech companies like Cisco and Alcatel-Lucent.
“Certainly foreign military and intelligence services,” said Ben Johnson, a former National Security Agency employee and now chief security strategist at security firm Carbon Black. “They’re going to have a lot of means and motives to do this.”
Really “any country that’s looking to potentially have adversarial relations with us or just [desires] more relations with us,” Johnson added, citing Middle East countries specifically.
Comey’s hint at the possibility of enemy intrusion is likely to fuel Republicans, who have long hammered Clinton’s email arrangement as careless from a national security perspective.
The setup “left sensitive and classified national security information vulnerable to theft and exploitation by America’s enemies,” Sen. Marco Rubio said Tuesday, shortly after Comey revealed the FBI would not recommend that the Justice Department bring charges against the presumptive Democratic presidential nominee.
“Her actions were grossly negligent, damaged national security and put lives at risk,” added Rubio, who hit Clinton on the topic consistently during his failed presidential run.
Donald Trump, Clinton’s presumptive Republican opponent, tweeted, “FBI director said Crooked Hillary compromised our national security. No charges. Wow! #RiggedSystem,” immediately after the announcement.
But had Clinton used the State Department’s unclassified system the same way she used her personal account, there’s no guarantee the information would have been any safer.
The State Department has been hacked on several occasions over the year, including in 2006 and most recently in late 2014, when it took officials over three months to fully kick suspected Russian hackers out of agency’s unclassified email system.
Comey alluded to this checkered digital history on Tuesday when he called State’s security culture “lacking.” It’s also a point that Clinton supporters have used to defend the candidate, arguing that her emails may have even been safer on a personal server.
“Anyone who attempts to argue that the contents of Hillary Clinton’s email would have been more secure on a government server must contend with these facts,” said Correct the Record, pro-Clinton super-PAC, last September.
Yet security specialists strongly push back against such assessment.
Wright noted that while the State Department’s information technology budget trails many other departments, Clinton’s arrangement was likely still more vulnerable because it was administered by many people without a cybersecurity background.
“When you take a bad situation and put something else bad on top of it you’ve made it far worse,” he told POLITICO.
And the countries interested in going after Clinton’s emails all possess advanced cyber capabilities, experts said. The federal government has determined that Chinese hackers have been snooping on personal email accounts of top U.S. officials for years and just last year Secretary of State John Kerry said it is “likely” that Russian and Chinese hackers are reading his emails.
As for Israel, hackers would have targeted Clinton’s emails to glean her positions on Middle East issues, according to Wright.
“They’re friendly … but even friendlies can get aggressive on spying on each other,” he said.
Clinton also accessed her private email “extensively” while traveling, Comey said, “including sending and receiving work-related emails in the territory of sophisticated adversaries.”
This practice considerably heightened the risk of compromise, particularly if Clinton used unencrypted pathways to access her email while abroad, said Jason Straight, chief privacy officer of UnitedLex, which advises corporations on cybersecurity practices.
Comey also said FBI investigators determined that hackers had infiltrated the private commercial email accounts of people that regularly emailed Clinton’s personal account, opening up another potential entry point for digital snoops.
The FBI chief didn’t name these outside contacts, leading some, including Wright, to wonder if there would be further investigation into the emails of top aides, like Cheryl Mills or Huma Abedin.
But while there are considerable factors pointing to a likely intrusion, there may never be a smoking gun, according to specialists.
“The bottom line is that we will likely never know for certain whether her server was compromised or not,” said Straight.