• United States



State Department turned off spam filters for Hillary Clinton

Jun 26, 20164 mins
Data and Information SecurityEmail ClientsSecurity

The U.S. Department of State turned off spam filters so email from Clinton's private server wouldn't be blocked by the security features

Former Secretary of State Hillary Clinton’s emails, those sent from her private home server—using—were being caught in the spam filter, so the State Department turned the filters off.

Bob Gourley, former CTO for the Defense Intelligence Agency (DIA), told Fox News, “You’re putting not just the Clinton server at risk but the entire Department of State emails at risk. When you turn off your defensive mechanisms and you’re connected to the internet, you’re almost laying out the welcome mat for anyone to intrude and attack and steal your secrets.”

Judicial Watch used a Freedom of Information Act (FOIA) to obtain Clinton’s emails (pdf) that had been referenced and criticized in an Inspector General’s 2016 report (pdf), but that had not been released to the public.

In one of the email exchanges (pdf), Clinton’s deputy chief of staff, Huma Abedin, wrote, “We should talk about putting you on State email or releasing your email address to the department so you are not going to spam.”

But Clinton responded, “Let’s get [a] separate address or device but I don’t want any risk of the personal [email] being accessible.”

Another email exchange shows (pdf) that Trend Micro’s ScanMail Exchange 8 (SMEX 8) flagged some of Clinton’s emails as spam, quarantining but not delivering some, while bouncing others. The State Department’s IT team turned off spam and antivirus filters on two email relay servers, but it didn’t seem too happy about doing so, since the filters had “blocked malicious content in the recent past.”

The State’s IT team had been in contact with Trend Micro about the Clinton-marked-as-spam problem, but it doubted the issue would be fixed, since SMEX 8 was two revisions behind the then-current SMEX 10. The team didn’t exude too much confidence that migrating to SMEX 10 would stop Clinton’s emails from being marked as spam and rejected.

The issue could have easily been resolved had Clinton simply used a government-issued email account instead of using and her non-government issued BlackBerry “for personal comfort” reasons. One exchange (pdf) showed that a government email account had been set up for Clinton, but it warned her to be aware that any email using that address could be subject to FOIA searches. Clinton never used the government-issued account.

The emails were “not part of the approximately 55,000 pages” previously provided by Clinton, State Department spokesman John Kirby told Associated Press, but Abedin did provide the emails. AP said the newly released emails make it “unclear what other work-related emails may have been deleted by the presumptive Democratic presidential nominee.” Supposedly she and Abedin retained different copies of emails.

As Judicial Watch pointed out:

On January 9, 2011, the non-Departmental advisor to President Clinton who provided technical support to the Clinton email system notified (pdf) the Secretary’s Deputy Chief of Staff for Operations that he had to shut down the server because he believed “someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to.”

Later that day, the advisor again wrote to the Deputy Chief of Staff for Operations, “We were attacked again so I shut [the server] down for a few min.” On January 10, the Deputy Chief of Staff for Operations emailed the Chief of Staff and the Deputy Chief of Staff for Planning and instructed them not to email the Secretary “anything sensitive” and stated that she could “explain more in person.”

The FBI has been investigating if classified material sent or received via Clinton’s private server “imperiled government secrets.” AP added, “As part of the probe, Clinton turned over the hard drive from her email server to the FBI. It had been wiped clean, and Clinton has said she did not keep copies of the emails she chose to withhold.”

National Security Agency (NSA) whistleblower Bill Binney, who—way back in 2012—warned Americans that the NSA had dossiers on nearly every U.S. citizen, told Fox News, that Clinton had over 2,100 emails containing classified information on her personal insecure server. Her files were “vulnerable [to] attack [from] all people in the world—hackers, governments, everybody.”

The State Department’s unclassified email system has been “repeatedly breached,” and “Guccifer” allegedly pwned Clinton’s server “with ease.” WikiLeaks has a searchable Clinton email archive, and Julian Assange said WikiLeaks intends to release more emails to prove her system was compromised. Assange claimed the unreleased emails would provide enough evidence to bring an indictment against Clinton but that it’s unlikely such an indictment will happen.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.