Clinton’s email server ran without security software, new records reveal

© Mike Segar
Hillary Clinton’s private server was temporarily unprotected by security features in December 2010, when the then-secretary of state had technical problems with her email. In 2011, Clinton’s server was hacked multiple times, newly-disclosed papers show.

On Wednesday, the legal advocacy group Judicial Watch published a batch of back-and-forth emails between high-level State Department technical support and Clinton staffers as they tried to fix a serious problem with the secretary’s private home email server.

According to December 2010 emails, one of Clinton's closest aides, Huma Abedin, reported that some people within the State Department, using the domain, were not receiving emails sent from the Clintons’ private server.

“There are many messages and responses not received,” one of the officials, Cindy Almodovar, wrote to S/ES-IRM staff, delivering Huma’s complaint.

Just a month before the email issue arose, in November 2010, Abedin and Clinton discussed that department employees were not receiving emails sent by then-secretary, the newly-released emails indicate.

“We should talk about putting you on state email or releasing your email address to the department so you are not going to spam,” Abedin wrote to Clinton on November 13, 2010.

In response, the secretary wrote: “Let’s get separate address or device but I don’t want any risk of the personal being accessible.”

It also appears that, despite her back-and-forth with Abedin over the email setup being clearly work-related, Clinton failed to turn over a copy of it to the State Department along with tens of thousands of emails from her home server.

"While this exchange was not part of the approximately 55,000 pages provided to the State Department by former Secretary Clinton, the exchange was included within the set of documents Ms. Abedin provided the department in response to our March 2015 request," the department told AP.

Clinton withheld and deleted thousands of additional emails, claiming that were personal and had to do with her family issues, such as her daughter’s wedding and her mother’s funeral. However, neither Clinton nor her lawyers ever shared a criteria behind the email categorizing.

Another email shows that John Bentel, then the technical support director, warned Clinton that if she opted to use the official email box, “any email would go through the Department’s infrastructure and subject to FOIA searches.”

After Abedin reported the technical problem, the State Department technical staff suggested that “turning off the anti-spam filter” would resolve the problem.

However, after the Trend Micro Inc. security software installed on Clinton’s server was turned off, a senior State Department official, Thomas W. Lawrence, wrote: "We view this as a Band-Aid and fear it's not 100 percent fully effective. We are eager for TrendMicro to fully resolve, quickly.”

A screenshot of TrendMicro’s ‘ScanMail for Exchange’ in one of the emails showed the anti-spam disabled.

As shutting down the security software didn’t appear to be helpful, one email recommended turning off two of the three anti-phishing filters that protect personal data from identity thieves and cybercriminals “in order to eliminate the categorizer.”

However, in his response, Lawrence did not support the idea, saying that both “content-filtering and anti-virus checking… has blocked malicious content in the recent past.”

Another set of emails from January 2011, just mere weeks after attempts to fix Clinton’s email server, reveal that someone tried to compromise it.

“Someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to,” the non-departmental advisor to President Bill Clinton, who provided technical support, told the State Department’s deputy chief of staff for operations on January 9, 2011.

“We were attacked again so I shut [the server] down for a few min,” he wrote later that day.

The next day, Abedin instructed Clinton’s chief of staff and deputy chief of staff for planning not to email the secretary “anything sensitive” and stated that she could “explain more in person.”

Clinton, now the presumptive Democratic nominee for president, has repeatedly denied that her private email server was ever breached.

In late May, the State Department’s Office of the Inspector General released a scathing report largely concerning Clinton’s email use, saying that unsecured communications at such a high level created “significant security risks."

This most recent release of Clinton-linked records by Judicial Watch referred to that report. The group requested the emails and was granted the right to obtain the records under a June 14, 2016 court order by Judge Emmet G. Sullivan.

Clinton’s use of a private email server has been a major headache for her presidential campaign.