Hackers linked to Russia tried to infiltrate Hillary Clinton's emails
WASHINGTON -- Hackers linked to Russia tried at least five times to pry into Hillary Rodham Clinton's private email account while she was secretary of state, emails released Wednesday show.
The emails were disguised as speeding tickets from New York, and they were sent on Aug. 3, 2011 between 1:44am and 5:26am. The heading on all five emails read, "UNIFORM TRAFFIC TICKET," and they came from various NYC.gov email addresses. All of the emails also read, "TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117," with Chatham misspelled in each email.
Printing the attached ticket, and opening the attachment would have enabled the hackers to take over Clinton's computer. It is unclear whether she clicked on any attachment and exposed her account, but the syntax, misspelling and formatting errors in the emails would have given Clinton a strong indication that these were phishing emails.
Security researchers who analyzed the malicious software in September 2011 said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. That doesn't necessarily mean Russian intelligence or citizens were responsible.
Nick Merrill, a spokesman for Clinton's Democratic presidential campaign, said: "We have no evidence to suggest she replied to this email or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam."
Practically every Internet user is inundated with spam or virus-riddled messages daily. But these messages show hackers had Clinton's email address, which was not public, and sent her a fake traffic ticket from New York state, where she lives. Most commercial antivirus software at the time would have detected the software and blocked it.
The phishing attempts highlight the risk of Clinton's unsecure email being pried open by foreign intelligence agencies, even if others also received the virus concealed as a speeding ticket from Chatham, New York. The email misspelled the name of the city, came from a supposed New York City government account and contained a "Ticket.zip" file that would have been a red flag.
Clinton has faced increasing questions over whether her unusual email setup amounted to a proper form of secrecy protection and records retention. The emails themselves -- many redacted heavily before public release -- have provided no shocking disclosures thus far and Clinton has insisted the server was secure.
During Clinton's tenure, the State Department and other U.S. government agencies faced their own series of hacking attacks. U.S. counterterrorism officials have linked them to China and Russia. But the government has a large staff of information technology experts, whereas Clinton has yet to provide any information on who maintained her server and how well it was secured.
The emails released Wednesday also show a Clinton confidant urging her boss and others in June 2011 not to "telegraph" how often senior officials at the State Department relied on their private email accounts to do government business because it could inspire hackers to steal information. The discussion never mentioned Clinton's own usage of a private email account and server.
The exchange begins with policy chief Anne-Marie Slaughter lamenting that the State Department's technology is "so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively." She said more funds were needed and that an opinion piece might make the point to legislators.
Clinton said the idea "makes good sense," but her chief of staff, Cheryl Mills, disagreed: "As someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don't do off state mail b/c it may encourage others who are out there."
The hacking attempts were included in the 6,300 pages the State Department released, covering a period when U.S. forces killed Osama bin Laden and the Arab Spring rocked American diplomacy.
The former first lady and New York senator had maintained that nothing was classified in her correspondence, but the intelligence community has identified messages containing "top secret" information. Clinton had insisted that all of her work emails were being reviewed by the State Department, but Pentagon officials recently discovered a new chain of messages between Clinton and then-Gen. David Petraeus dating to her first days in office that she did not send to the State Department.
As part of Wednesday's release, officials upgraded the classification level of portions of 215 emails, State Department spokesman John Kirby said. Almost all were "confidential," the lowest level of classification. Three emails were declared "secret," a mid-tier level for information that could still cause serious damage to national security, if made public.
"The information we upgraded today was not marked classified at the time the emails were sent," Kirby stressed.
At the end of each month since June, the State Department has released batches of emails turned over by Clinton from her time as secretary of state. The publication of the emails, which were stored on her private server, is part of an effort to comply with a Freedom of Information Act suit.
- State Department releases 7,000 pages of Hillary Clinton's emails
- Report: FBI pulls deleted emails from Hillary Clinton's server
- 8 of the quirkier Hillary Clinton emails
Now, with Wednesday's release, some 37 percent of Clinton's work-related emails have been made public. The State Department has been releasing the emails at the end of every month, and it plans to finish publishing the emails in January, in accordance with a federal judge's order.
CBS News' Adam Aigner-Treworgy contributed to this report