Accessibility links

Breaking News
USA

Clinton Private Account Targeted in Russia-linked Email Scam


FILE - Then U.S. secretary of state Hillary Clinton checks her mobile phone after delivering an address to the Security Council at United Nations headquarters in New York, March 12, 2012.
FILE - Then U.S. secretary of state Hillary Clinton checks her mobile phone after delivering an address to the Security Council at United Nations headquarters in New York, March 12, 2012.

Russia-linked hackers tried at least five times to trick Hillary Rodham Clinton into infecting her computer systems while she was secretary of state, newly released emails show. It was unclear whether she was fooled into clicking on any attachments to expose her account.

Clinton received the virus-riddled emails, disguised as speeding tickets from New York, over four hours early on the morning of August 3, 2011. The emails instructed recipients to print the attached tickets - and opening them would have allowed hackers to take over control of a victim's computer.

Security researchers who analyzed the malicious software in September 2011 said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. That doesn't necessarily mean Russian intelligence or citizens were responsible.

Spam victim like others

Nick Merrill, a spokesman for Clinton's Democratic presidential campaign, said:
“We have no evidence to suggest she replied to this email or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam.”

Practically every Internet user is inundated with spam or virus-riddled messages daily. But these messages show hackers had Clinton's email address, which was not public, and sent her a fake traffic ticket from New York state, where she lives. Most commercial antivirus software at the time would have detected the software and blocked it.

The phishing attempts highlight the risk of Clinton's unsecure email being pried open by foreign intelligence agencies, even if others also received the virus concealed as a speeding ticket from Chatham, New York. The email misspelled the name of the city, came from a supposed New York City government account and contained a “Ticket.zip” file that would have been a red flag.

No shocking disclosures

Clinton has faced increasing questions over whether her unusual email setup amounted to a proper form of secrecy protection and records retention. The emails themselves - many redacted heavily before public release - have provided no shocking disclosures thus far and Clinton has insisted the server was secure.

During Clinton's tenure, the State Department and other U.S. government agencies faced their own series of hacking attacks. U.S. counterterrorism officials have linked them to China and Russia. But the government has a large staff of information technology experts, whereas Clinton has yet to provide any information on who maintained her server and how well it was secured.

The State Department estimated that its own government users were targeted with 19,000 such incidents the same year that Clinton received the five emails on her personal account. The following year, the number of such incidents in the State Department surged to 27,000.

Hike in malware

“This steady increase in malicious software (malware) is significant because spear-phishing emails containing malware can place ‘code’ on department machines, which may compromise the integrity of U.S. networks and possibly enable the exfiltration of sensitive data,” the agency warned in a report during the period.

The emails released Wednesday also show a Clinton confidant urging her boss and others in June 2011 not to “telegraph” how often senior officials at the State Department relied on their private email accounts to do government business because it could inspire hackers to steal information. The discussion never mentioned Clinton's own usage of a private email account and server.

XS
SM
MD
LG