Email exchanges released on Wednesday by Judicial Watch, a conservative advocacy group, show that in December 2010, filters were blocking messages from then US Secretary of State Hillary Clinton and her staff, sending them to the spam folder or making them bounce.
So the State Department turned them off.
The department’s IT staff did so nervously, given that there were plenty of reasons not to. And following the step, the State Department’s unclassified email system has been breached – repeatedly.
As shown in one of the email exchanges, a State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily keep Clinton’s email from bouncing or from being labeled spam – a measure that it took in spite of the fact that the filters had “blocked malicious content in the recent past.”
Turning the filters off potentially exposed the department to phishing attacks and other malicious email.
According to the email exchanges released by Judicial Watch, this is how the filter shutdown went down:
17 March 2009: State Department staff wrote up a memo about the server they found in the basement of Clinton’s New York house.
November 2010: Secretary Clinton and her Deputy Chief of Staff for Operations discussed the fact that her emails to Department employees were being sent to spam. Clinton Chief of Staff Huma Abedin suggested to Clinton that she move her email over to an official address:
We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam.
Clinton shot down the idea, replying with this suggestion:
Let’s get [a] separate address or device but I don’t want any risk of the personal [e-mail] being accessible.
Clinton never did wind up using a government-issued account. She relied solely on a non-government BlackBerry to send and receive emails.
According to Judicial Watch, the director of the State Department’s information resources management office of the executive secretariat – that would have been John Bentel at the time – noted in another email conversation that an email account and address had already been set up for the Secretary and also stated that “you should be aware that any email would go through the Department’s infrastructure and subject to FOIA searches.”
October 2011: An exchange discussed how the mail filter system was causing some emails from Clinton’s private server – Clintonemail.com – to be blocked. Some messages were “bounced,” while the server accepted some but quarantined others and failed to deliver them.
According to email threads, the IT team turned off both spam and antivirus filters on two “bridgehead” mail relay servers while waiting for a fix from the vendor. One question was whether that fix would arrive before the State Department upgraded to the latest version of the mail filtering software. One member of the IT team, Trey Jammes, doubted whether it would, given that the problems hadn’t been fixed over the course of two years: from 2010 through 2012.
The email threads don’t show whether the email problems were ever resolved.
They do, however, include an email from a former aide to President Bill Clinton, Justin Cooper.
In that thread, Cooper explains to Abedin that the server had been shut down briefly because “we were attacked again.”
I had to shut down the server…Someone was trying to hack us and while they did not get in I didn’t want to let them have the chance. I will restart it in the morning.
Image of Hillary Clinton courtesy of Evan El-Amin / Shutterstock.com.
Kyle Saia
its is now proven that she has lied about “never had a hacking attempt” on her email servers. Why is she able to run for president?
Nathan Aldrich
Her personal privacy is far more important than our national security what’s she hiding now
ejhonda
Really? There was no way to whitelist Clinton’s email server as a valid source? Wow….
Regardless, this just goes to show how stupid it is to allow officials to set up their own computing resources.
Anonymous
This was exactly the first thing I thought upon reading that passage.
Mike
As I read it, they didn’t want the person in charge of maintaining the whitelist to know that Clinton was breaching security policy, so they didn’t give him her email address.
Scott
She can’t be trusted
jonathanpdx
Until Clinton is proven guilty, she is innocent…unless we’ve been transported to the Soviet Union circa 1960. I hate politics, but I hate failure to uphold basic civil rights even more so.
It would appear that those in charge of IT for the State Department need to either be re-educated in their line of work or removed and some people who know what they’re doing be hired in their stead…hopefully individuals with some steel in their backbones.
Tom Westheimer
I suspect the biggest problem is the IG people did not feel they could object without repercussions and that is what happens when politics mixes with good management
Mahhn
it’s not like she’s been fired for unethical behavior in the past, oh wait she has, never mind…:P
Anonymous
The department’s IT staff did so nervously, given that there were plenty of reasons not to. And following the step, the State Department’s unclassified email system has been breached – repeatedly. I am so glad someone brought this up. It seems like no one is connecting the two. Hey maybe this is why the State Dept unclassified email has had more people in it the town whore.
Bryan
Heh, just the title of this article is like a punchline.
Maybe those deleted emails were merely spam that bypassed the disabled filters.
:-)
Zeek
Wat difference, at this point, does it make?
Brian T. Nakamoto
It says a lot about the IT team if they had to wait on a vendor to solve the false positive problem without opening up a broader security vulnerability never mind that someone should have pushed back on such a terrible solution.
Steve
Congrats, Lisa. You’ve probably just earned Naked Security a spot in the list of “radical blogs” that are part of the “vast right-wing conspiracy”.
Mahhn
and added to the No Fly list,,,
Anonymous
Everyone involved in this fiasco needs to be held accountable. Hillary and her staff, along with any and all State Dept. employees should be charged tried and sent to prison. I don’t care if it is a hundred or a thousand federal workers. I don’t pay them for this kind of bullshit. They have risked my security and they act as if they are the ones making the rules so they can choose which ones to obey. What a bunch of trash hose folks are.
Chuck
Clinton’s staff emails were flagged as spam? That’s interesting since they were using the gov email account. At least that is what I read. They certainly weren’t using hers. I also find it hard to think of previous secretaries of state as being either more transparent or more secure. They used AOL and Gmail. How many servers does gmail and AOL use? Many thousands? When Colin Powell deleted work related emails from his AOL account, where did they go? Did they dump content from one server to another ever? Which server could the FBI go to to do a forensic analysis to retrieve all of his work related emails that were deleted? They recently recycled 9,600 servers. Would they have been on one of those? Were they overwritten with other data? With all of the traffic going through AOL servers, how much malware might have been there? Does AOL scan their emails for content? What Hilary did was incorrect. But I hardly think it was any worse that what had been done there before. In fact it appears to be much better. Her sever was readily available for scrutiny. And she was the first Secretary of State to actually print out all of her work related email and turned them in. As for hacking attempts, we know for sure that the gov emails were hacked.
Alvin
I call this response the “Two year old response” “But mommy, he did it first.”
Mike Blanchard
part fo the bigger issue here is that she completely lied about having that server in the first place… THEN she wound up doing a digital “Oliver North” and started deleting files didn’t she? What happened to Ollie? and why isnt’ that happening to HER??????
Mark Stockley
Oliver North basically got of scot free and is now sort of Fox News contributor. I expect similarly stringent punishments for Clinton.