For a year now, the scandal surrounding Hillary Clinton’s misuse of email when she was secretary of state has dogged her presidential campaign. As I’ve explained in this column, contrary to her denials, Ms. Clinton’s use of a personal, unclassified server for government business raises serious questions for our national security—and for her fitness to be our next commander-in-chief.
Things got worse for Ms. Clinton this week regarding EmailGate, just as she got significantly closer to clinching her party’s nomination for the presidency by triumphing on Super Tuesday. That big political win was marred by the news that Brian Pagliano, Ms. Clinton’s former contract IT staffer, has reached a deal with the Department of Justice for immunity from prosecution in exchange for his testimony. Since Mr. Pagliano set up her private email server of bathroom infamy at Ms. Clinton’s Chappaqua, N.Y., home in 2009 and is presumably privy to many details of how she circumvented U.S. laws and norms regarding proper use of email and IT systems, his cooperation with DoJ cannot be considered anything but bad news for the Clinton campaign.
By now, including a dump just last week, the State Department has released 30,068 emails—per court order—that passed through Ms. Clinton’s personal email between 2009 and 2013, when she was the boss at Foggy Bottom. Of those “unclassified” documents, 2,115 (about 14 percent) have been judged to be classified with about 22 at the Top Secret level, 65 at the Secret Level, and the remaining 2,200-plus, the vast majority, at the Confidential level, the lowest classification in the U.S. Government.
There is wordsmithing of a classic Clintonian kind going on here which requires a bit of unpacking.
However, since some of those Top Secret emails contain enormously sensitive information, including details about undercover American spies abroad—as well as information that seems to have been lifted directly from Top Secret-plus intelligence reports—this is a deadly serious matter that any Americans lacking Clinton-level political connections would have long ago faced prosecution for. Miraculously, Cheryl Mills, a top Clinton staffer who is deeply involved in EmailGate, still has active Top Secret security clearances, even though the very first thing normally done to any persons involved in an FBI espionage investigation—which is what the Bureau’s probe into EmailGate is—would be to pull their clearances at once.
Nevertheless, as details have emerged painting a disturbing portrait of how Secretary Clinton handled our nation’s secrets, her defenders have repeatedly asked, So what? As I’ve already explained in detail here, any intelligence professional knows that the odds are very high that multiple foreign intelligence agencies saw Ms. Clinton’s unencrypted “private” emails. Bob Gates, the former CIA director and President Obama’s first secretary of defense, stated that Russia, China and Iran were likely privy to her emails, while her successor, John Kerry, has added that Moscow and Beijing are very likely reading his unclassified emails too.
Here comes The New York Times with a report countering such expert opinions. Based on unnamed government sources said to be close to the EmailGate investigation, it explains that the computer security logs Mr. Pagliano handed over to the FBI “showed no evidence of foreign hacking.” This is important, since Ms. Clinton’s server was known to have been subjected to “spear-phishing” attacks that have been traced to Russia. Based on this account, they did not work. On cue, the Clinton campaign spokesman, Brian Fallon, explained, “We’re not aware of any evidence whatsoever that the server was hacked.”
Even assuming that this new report is accurate and none of the hacking attempts known to have been executed against Ms. Clinton’s email server were successful, this comes nowhere close to getting her and her staff off the hook for inadvertently sharing our secrets with foreign spies through carelessness and ignoring Federal laws on the handling of classified material.
There is wordsmithing of a classic Clintonian kind going on here that requires a bit of unpacking. In the first place, the use of the term “hacking” obscures as much as it explains. It’s not a word normally used by intelligence services, since it conjures images of unwashed teenagers in basements. Spy agencies which practice advanced signals intelligence or SIGINT instead use terms like “active SIGINT” to describe their sophisticated, multilayered efforts to break into protected or encrypted information systems.
After all, that’s why Russia’s outsized embassy in Washington, D.C., conveniently located on a hill overlooking downtown, has an outsized antenna field on its roof.
At the National Security Agency—where I used to work as a senior intelligence analyst, including as the technical director of NSA’s largest operational division—what outsiders call hacking is handled by a shadowy group called Tailored Access Operations that gets at the hard targets requiring actual cyber-break-ins. TAO are probably the best hackers on earth, but Russia and China are no slouches either, as demonstrated by their repeated infiltrations into protected U.S. Government computer networks in recent years.
However, unencrypted IT systems don’t need “hacking”—normal SIGINT interception will suffice. Ms. Clinton’s “private” email, which was wholly unencrypted for a time, was incredibly vulnerable to interception, since it was traveling unprotected on normal commercial networks, which is where SIGINT operators lurk, searching for nuggets of gold.
They hunt for data with search terms called “selectors”—a specific phone number, a chatroom handle, an email address: here Ms. Clinton’s use of the “clintonmail.com” server was the SIGINT equivalent of waving a huge “I’m right here” flag at hostile intelligence services. Since the number of spy agencies worldwide capable of advanced SIGINT operations numbers in the many dozens, with Russia and China in the top five, that Ms. Clinton’s emails wound up in the wrong hands is a very safe bet, as any experienced spy will attest.
After all, that’s why Russia’s outsized embassy in Washington, D.C., conveniently located on a hill overlooking downtown, has an outsized antenna field on its roof: They’re sucking up all the data they can find and anything unencrypted they get. Furthermore, any time Ms. Clinton and her staff went abroad—which was an awful lot given their jobs at the State Department—and they began sending emails on their Blackberrys (in the case of some of her staff this seems to have been every waking moment), the local security service was collecting it all. I know because I used to do this to foreign officials, and they certainly do it to us. The number of foreign intelligence services possessing Secretary Clinton’s email must be very high indeed.
Moreover, that Ms. Clinton’s “private” email server eventually added some rather light encryption is no comfort at all, since any competent SIGINT service would have learned so much in the pre-encryption period they would not have needed to rely on anything as advanced as “hacking” to stay inside that information loop. They would leave little if any trace of their surveillance. In the case of top-notch intelligence rivals like Russia and China, this can be safely assumed.
The Clinton campaign has every interest in presenting her mistakes and misdeeds as Secretary of State in the best possible light. Here terms like “hacking” are employed as cover to explain away rather than explain. Any intelligence professional acquainted with 21st century methods of secret signals interception knows that Hillary Clinton’s emails almost certainly wound up in the wrong hands. The implications of this fact extend beyond politics-as-usual in America. Ms. Clinton may yet dodge the legal consequences of her misconduct, but she will never be able to escape the stunning counterintelligence implications of EmailGate
