It may seem a little odd on the eve of this very important midterm election to focus on the arcane topic of communications compromises and the effect on intelligence and national security. But LU contributor Jerome Woehrle highlighted an important new report posted at Yahoo.com on 2 November, which, in outlining some of the security and tradecraft failures that led to the killing of dozens of CIA sources abroad in the Obama years, serves as a timely walk down memory lane. The article at Yahoo News is a reminder of how much the U.S. intelligence and government IT communities knew at the time – and how much Hillary herself knew – and how much reason they all had to take her terrible communications security more seriously (regardless of whether her emails’ dangerous exposure had any link to the deaths of CIA assets), and do something about it.
But they didn’t. They didn’t – and not only that: the news media have largely let all of them off the hook for it. One of the most extensive reports on the saga of Hillary Clinton’s homebrew email server, compiled for Politico in September 2016 and full of legitimately appalling information, reads as a long apologetic for Hillary.
If you read the lengthy article today, armed with the other information we now have about communications security problems and how they affected the CIA and State Department, you see the echoes of those problems in Hillary’s bad practices.
As a member of the public, you may not have known about the problems when the Politico piece was published, or may not have remembered the snippets that filtered to the public prior to September of 2016.
But if you were a responsible official in the State Department, or CIA, or the Office of the DNI, or the FBI, you did know about the problems. You knew about them at the time.
In fact, Hillary herself knew and publicly complained about exactly the type of phishing-and-malware attack that resulted in her private-server email correspondence being auto-forwarded to a foreign entity – reportedly China – throughout virtually all of her tenure as secretary of state.
When Hillary raised the issue, the specific concern she spoke of was that China was behind an email penetration campaign that targeted the unclassified Gmail accounts of top government officials.
At the time she confronted China, her own stream of emails was being copied by a China-linked entity (a front company operating in Northern Virginia): more than 30,000 emails, including the ones we know about that contained information at the Top Secret, Sensitive Compartmented Information, and Special Access Program levels.
The public found out about the forwarded-email malware attack in the summer of 2018 (links below).
Hillary Clinton complained to China about the very same kind of attack in early 2011.
After taking China to task over the attack in 2011, she continued until January 2013 to use her private email account for State Department business. This was the account the intelligence community inspector general (ICIG) determined, during his review in 2015, to have been compromised from the account’s first appearance in 2009 by the email-forwarding malware.
The mainstream media have mounted misleading attacks against the messengers whenever the alarming nature of this is pointed out. A notable instance was in January 2016, when the ICIG probe showed that some of Hillary’s emails actually contained identifying information about CIA operatives or sources. The ICIG in 2015-2016, Charles McCullough, speaking with Tucker Carlson in November of 2017, said that he was promptly vilified by Senate Democrats when he reported his findings, and that the media took up the refrain, accusing him (an Obama appointee, as it happens) of having a political motive for bringing it up.
In August 2018, when the Daily Caller News Foundation reported on the email-forwarding scheme that bundled off thousands of Hillary’s emails to China, the media got the FBI to say on the record that it had no information that Hillary’s “server had been hacked.” This was semantics: the ICIG finding was not that Hillary’s server had been “hacked.” News reports tend to call everything “hacking,” and most outlets, including DCNF, wrote it up using that word.
But the ICIG finding was that the foreign entity – this was done by a Chinese front company – had gained access to Hillary’s private email account (as opposed to the “server”), apparently via a phishing attack, and had been auto-forwarding her emails between 2009 and at least 2013. The FBI was well aware of that. But instead of correcting the misimpression by stating the ICIG finding accurately, the Bureau served the media’s purpose by focusing on the words “hack” and “server” and rejecting them, as if no compromise had occurred.
Known vulnerabilities – not conclusions about individual culpability
It’s important to emphasize here that no inference is being drawn about whether Hillary’s compromised emails revealed names or other information that could lead directly to the CIA sources who were hunted down and killed by the Chinese government in the 2010-2012 timeframe. Other observers have suggested that that’s possible – and it is. Hillary’s emails did contain explicit information about intelligence sources. (See the New York Post link below.) But it isn’t conclusively demonstrated by what we know at this point.
In my judgment, Hillary’s communications would not have been a significant source for Chinese intelligence about who was a CIA asset. If her emails had any such role, it was probably to bolster conclusions drawn from more specific information, gained from the compromised CIA communications discussed in the Yahoo report, or from other CIA informants once they had been identified and interrogated.
But the total picture that continues to emerge is of a thoroughly penetrated communications infrastructure whose vulnerabilities, far from being a great surprise in retrospect, were understood well enough at the time that there was no excuse for not taking more precautions.
Here are just three things responsible officials knew at the time – call it the first four years of the Obama administration – that should have been gigantic clues about communications vulnerability.
Infrastructure commonalities that should have set off alarms
According to the Politico article from September 2016, the CIA had previously assumed full-time infrastructure responsibility, during Colin Powell’s tenure at Foggy Bottom, for the State Department’s embassy communications systems.
Colin Powell had originally been shocked when he arrived at Foggy Bottom in 2001—he immediately realized that one of the largest problems he faced was the State Department’s outdated computer systems. At the time, the CIA and the State Department swapped responsibility for embassy communications every 12 months, an inefficient system that had caused the department to lose ground technologically. After Powell reviewed the situation, he worked out a deal with CIA Director George Tenet and “fired” his own State Department IT team, handing sole responsibility over to the CIA.
Although there is little readily available information on this arrangement, it means the following, at the very least: CIA and State communications were virtually certain to have some vulnerabilities in common.
The CIA might not make a practice of replicating some of its most sensitive information on both sides of the classification/encryption divide. But if officials in the State Department were doing so – as Hillary and her aides clearly were – then in at least some cases, the CIA might as well have been doing it too.
If State Department and CIA operations were using IT infrastructure in common, it wouldn’t take very many iterations for foreign cyber-analysts to start mapping traffic flow and likely usage of the network elements. That would tell the foreign analysts meaningful things about both State and embassy activities and CIA operations.
If the cyber breakthroughs against CIA comms referenced in the Yahoo News report are what they seem – suggesting that something like VPN encryption used by the CIA was broken by Iran and China – one distinct possibility is that cracking the code was facilitated by analysts having access to content flagged with the same unique metadata, in both encrypted and unencrypted form. State Department officials sending originally-formatted classified content via Gmail accounts would be ideal for convenient samples like that.
Sloppy communications security at the State Department
According to the Politico article (citing the FBI’s documentation on its Hillary email probe), there was in fact an awful lot of classified information being routed around for convenience via unclassified accounts, including Gmail accounts. Politico makes much of the point that Colin Powell spoke of doing it (if somewhat elliptically). And that’s a fair point. It wasn’t just Hillary.
But the breezy sense of the Politico piece that it was a known concern within the State Department, and had been for some time, does the opposite of exonerate Hillary, her officials, her IT personnel, and her team of aides. The pervasiveness of the practice means everyone knew it was happening, and no one took it seriously – in spite of wailing klaxons in the form of known, detected IT breaches, and intelligence sources turning up dead in increasing numbers overseas.
Hillary’s aides reportedly forwarded classified reports by the hundreds to Gmail accounts, just so they could more easily print them out for Hillary to read. Moreover, they were especially prone to use their Gmail accounts when they were traveling:
Clinton aide Monica Hanley told the FBI that “her state.gov email account was not as easily accessible as her Gmail account and on some occasions she used Gmail when she could not access her State.gov account.” There were particularly problems connecting to State.gov accounts on board the Air Force planes that Clinton used to travel, so staff often would use Gmail or other personal accounts while traveling.
Since Clinton and her aides were typically traveling overseas, that meant – as Lee Smith established in an excellent June 2018 article – that they were using Gmail just when their communications vulnerability to foreign adversaries was the greatest.
A known cyber attack targeting top U.S. government officials
Yet Hillary and her aides – and the CIA, FBI, and Director of National Intelligence – knew in early 2011 that China had succeeded in compromising Gmail accounts using phishing attacks; had targeted senior U.S. government officials with these attacks; and had inserted malware that caused emails sent through the accounts to be automatically forwarded to Chinese recipients.
This, as described at the Guardian, is what Hillary complained about to China in 2011:
There has recently been a lot of media attention focused on a relatively unsophisticated and even mundane act of information exploitation against high-level Gmail users and, not surprisingly, a Chinese IP address.
There’s absolutely nothing new or sophisticated about the attacks, which have been going on for a year or more and which essentially add a forwarding instruction so that others can read copies of everything coming to your Gmail account or even be allowed access to your account – all without you knowing about it.
Although reporting at the time stressed that there was no information from government sources that State Department officials had been targeted, Hillary Clinton obviously knew about the attacks, and this Guardian piece from 1 June 2011 cited one example of the spear-phishing attempts on email account-holders as follows:
One example “spear phishing” email had the title “Fw: Draft US-China Joint Statement” and contained the text: “This is the latest version of State’s joint statement. My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike.”
It strains credulity to the breaking point to suggest that Hillary, the State Department, and all other stakeholders in government communications security (like the CIA) were wandering in a clueless fog about the likelihood that (a) the Chinese were attacking commercially-hosted government communications six ways to Sunday at the time – which would have had implications for the CIA’s commercially-hosted, jerry-rigged network with sensitive sources in Asia – and (b) Hillary’s own private email account was being attacked the same way Gmail was.
Here, as a refresher, is what we learned about Hillary’s private email account from the ICIG:
A Chinese-owned company penetrated former Secretary of State Hillary Clinton’s private server, according to sources briefed on the matter.
The company inserted code that forwarded copies of Clinton’s emails to the Chinese company in real time.
The ICIG, Charles McCullough, notified the FBI (including Peter Strzok) of this finding in 2015, and testified to the finding in Congress in July 2018.
The Daily Caller News Foundation’s Richard Pollack obtained his additional information from government sources in August 2018.
But it all happened between 2009 and 2013 – and Hillary, along with other top officials like DNI James Clapper and DCI John Brennan, had every form of alertment they needed to know that it was highly probable.
In 2016, the New York Post quoted an unnamed Pentagon official:
“I’ll spend the rest of my career trying to figure out what classified information was in those [deleted e-mails],” said a Pentagon counterintelligence official. “Everybody is mad as hell.
“The worst part is that Moscow and Beijing have that information, but the intelligence community maybe never will.”
In 2017, interviewing former ICIG McCullough, Tucker Carlson offered this summary:
Just to sum up, to make sure that I have this absolutely clear, you, in effect, heard complaints from the intelligence agencies that their information was residing on an unsecure server – they were upset about it; you bring these concerns to the Congress, and you’re dismissed as a right-wing plant.
The same officials – Clinton, Clapper, Brennan – went into overdrive, on the other hand, to frame and propagate an evidence-free theme about “collusion” involving Trump and Russia. And in its initial report on the killing of CIA sources back in 2010 and 2011, the New York Times – writing in 2017 – went out of its way to ignore any connection with comms vulnerabilities known about since at least 2016, including Hillary’s email profile, but also to position an irrelevant, entirely gratuitous reference to the “investigation of possible ties between President Trump’s campaign and Russia” in the top half of the article.
As Jerome Woehrle implied in his report on Sunday, that’s how they wasted America’s time with the extraordinary assets they once had charge of, instead of reacting vigorously to obvious weaknesses on their watch in the protection of classified information. It’s past time for a thorough probe of all this. Congress is a good place to start. We don’t know if there’s a smoking gun. But there are dead bodies all over the place.