FBI Director James Comey had stated that while the investigation into former Secretary of State Hillary Clinton's private email servers did not turn up direct evidence she had been hacked, it was possible. Cyber security experts have weighed in that it was likely.
On July 5, Comey held a press conference to announce that the FBI would not be recommending charges against Clinton for her use of a private email server, stating investigators found no evidence she had criminal intent to compromise national security.
The FBI director did note the investigation had unearthed some evidence that Clinton’s email had been possibly hacked. Cybersecurity experts believe that the comments signal that while the FBI could not prove it as a fact, it was extremely likely.
“Reading between the lines and following Comey’s logic, it does sound as if the FBI believes a compromise of Clinton’s email is more likely than not,” cyber issues author Adam Segal told The New York Times.
“Sophisticated attackers would have known of the existence of the account, would have targeted it and would not have been seen,” Segal added.
Comey had stated that the FBI found no evidence that Clinton’s server had been directly hacked, but “Hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact.”
According to cybersecurity experts, it would have been easy to have backtracked from those email accounts to Clinton’s own server.
Comey had also noted that Clinton had used her private email during diplomatic trips to adversarial countries.
Former government cyber security expert James A. Lewis observed that if Clinton “used it in Russia or China, they almost certainly picked it up.”
One way of hacking Clinton’s email account would have been “spear phishing,” or spam emails that install malware once opened, although the FBI did not find evidence that this had happened to Clinton’s server.
When Clinton’s cellphone was in foreign countries, it was vulnerable to their networks, where malware could be installed directly.
Comey had also verbally chastised the State Department, characterizing its security culture as “generally lacking in the kind of care for classified information found elsewhere in the government.”
National security law fellow Susan Hennessey of Brookings Institution stressed that the State Department had a reputation for not taking security seriously, The Washington Post reports.
Hennessy said that the State Department’s lackadaisical attitude “predates Secretary’s Clinton’s tenure and endures beyond it, and deserves far more attention it has received amidst the sordid political posturing of this whole investigation.”
On July 7, Comey testified before the House Committee on Oversight and Government in Washington, D.C., to provide further details about the investigation, WJLA reports.
When asked if Clinton’s email server had had any security to prevent hacking attempts, Comey replied, “Not much.”
“Certainly she should have known not to send classified information,” Comey later said, according to Politico. “As I said, that's the definition of negligent. I think she was extremely careless. I have think she was negligent. That I could establish. What we can't establish is that she acted with the necessary criminal intent.”