By BRADLEY KLAPPER, JACK GILLUM and STEPHEN BRAUN
Russia-linked hackers tried at least five times in August 2011 to trick Hillary Rodham Clinton into infecting her computer systems while she was secretary of state, according to newly released emails from the State Department.
Here are important things to know:
___
WHAT DID THE HACKERS DO?
They sent to Clinton’s email account at least five notices that appeared to originate from a New York City government address. The emails pretended to inform her that the state Department of Motor Vehicles had caught her speeding more than 55 mph a month earlier, and instructing her to open an attached file, “Ticket.Zip,” to print the ticket and mail it with payment. But opening the file attachment would have activated malicious software, known as malware, that would have quietly implanted on her systems a program to spy on her activities and allow hackers to install other programs without her awareness.
___
WAS CLINTON ACTUALLY HACKED?
It is not known. It’s unclear whether Clinton was fooled into opening the attachments, which could have infected her systems and compromised the security of her email account. Clinton’s campaign spokesman, Nick Merrill, said there was no evidence to suggest that Clinton replied to the emails or opened the attachments. The speed-ticket emails appeared authentic enough to fool plenty of Internet users, and Clinton has described herself as technically unsophisticated. But Clinton said just days ago, when asked whether hackers from Russia or China could have broken into her server: “There’s no evidence of that.” Also, there is some evidence that the malware targeted Windows users, and Clinton was known to prefer using an iPad during this period. The security of Clinton’s private email system, including the server in the basement of her home in Chappaqua, N.Y., has been an important question since Clinton acknowledged in March that she had used it for all official government business as secretary of state. The fact that these infected emails were delivered to Clinton, even if she didn’t infect herself, suggests that security protections and email filters on her homebrew server were weak or missing.
___
WERE THE HACKERS FROM RUSSIA?
It’s easy for hackers to disguise their origins. Security researchers determined that some of the malicious software sent to Clinton in 2011 communicated with rogue servers in Russia, but that doesn’t necessarily mean Russian hackers were behind the plot. The rogue servers appear to be no longer operating. The hackers responsible were never identified or captured.
___
WAS CLINTON HERSELF TARGETED BY THE HACKERS?
So many Internet users were receiving the same speeding-ticket ruse that New York State police and others began openly warning about the ploy as early as June 2011, two months before Clinton received the messages. But it’s still a significant mystery how the hackers knew to send emails to Clinton’s private server address she used for State Department business, since in 2011 it was still a secret email address to most of the world. Roughly two years later, the email account belonging to an informal adviser to Clinton, Sidney Blumenthal, was hacked by a Romanian, Marcel-Lehel “Guccifer” Lazar, who is serving a seven-year prison sentence. Emails released from that hack in 2013 included the first public references to Clinton’s private email address.
___
WASN’T THIS JUST SPAM? WHY HAVEN’T WE SEEN MORE SPAM IN CLINTON’S EMAILS RELEASED SO FAR BY THE STATE DEPARTMENT?
The five unwanted emails delivered to Clinton weren’t spam; these were malicious software with dangerous payloads. It’s possible there were additional unwanted messages in Clinton’s email account that she deleted before turning over the work-related emails to the State Department. So, how did these emails survive? The hackers designed these five messages to appear to be sent from a New York City government account, nyc.gov, so it’s likely that Clinton mistakenly preserved them under the notion that these were government messages.
___
BILL AND HILLARY CLINTON HAVEN’T DRIVEN THEIR OWN CARS IN MANY YEARS. WHY WOULD CLINTON BE TEMPTED TO CLICK OPEN WHAT APPEARED TO BE A SPEEDING TICKET?
This was a clever ruse by hackers, designed to pique any recipient’s curiosity — or outrage — about the possibility of paying a fine for speeding. In this case, the speeding tickets purported to be in New York, where the family owns a home and where Clinton served as U.S. senator.