DOCUMENT: Investigation

Evidence Clinton Was Speared In Phishing Attack

FBI report details "multiple" breach attempts

View Document

HRC & FBI

SEPTEMBER 2--The FBI’s Hillary Clinton investigation turned up evidence that her e-mail accounts were targeted in multiple “spear phishing” attacks, one of which may have tricked the then-Secretary of State into clicking a malicious link included in the correspondence.

An FBI investigative report released today includes a section on the “cyber targeting” of Clinton’s “personal E-mail and Associated Accounts” during her tenure at the State Department.

Though riddled with redactions, the FBI report reveals that Clinton became concerned about the legitimacy of an e-mail purportedly sent to her “from the personal e-mail of a State official.” The e-mail sent to Clinton, the FBI noted, “contained a potentially malicious link.”

In reply to the suspect e-mail, Clinton wrote, “Is this really from you? I was worried about opening it!” The FBI report does not indicate to which e-mail account Clinton sent her response.

At one point, Clinton aide Huma Abedin wrote to an associate indicating that Clinton was concerned about someone “hacking into her email” since Clinton had received an e-mail from a “known...associate” containing “a link to a website with pornographic material.”

While the FBI report does not state how Clinton knew the link in the suspect e-mail led to porn, it appears obvious that she clicked on the link.

Addressing that porn link, the FBI reported that there was “no additional information” as to whether “the specific link referenced by Abedin was used as a vector to infect Clinton’s device.”

That declaration is followed by two redacted lines. The FBI report then picks up with this statement: “Open source information indicated, if opened, the targeted user’s device may have been infected, and information would have been sent to at least three computers overseas, including one in Russia.”

Due to redactions in the report, it is unclear whether the link referred to in the open source material is the same one contained in the e-mail that was sent to Clinton and led her to “a website with pornographic material.”

The FBI report also notes that Clinton received a March 2011 memo alerting her to an increase of “cyber actors targeting State employees’ personal e-mail accounts.” The e-mail urged State officials to limit their use of personal e-mail accounts for official business since “some compromised home systems have been reconfigured by these actors to automatically forward copies of all composed e-mails to an undisclosed recipient.”

A footnote in the report refers to “drop” accounts “controlled by foreign cyber actors and which serves as the recipient of auto-forwarded e-mails from victim accounts.” (2 pages)