Getty Clinton server faced hacking from China, South Korea and Germany

Hillary Clinton's private email server containing tens of thousands of messages from her tenure as secretary of state — including more than 400 now considered classified — was the subject of hacking attempts from China, South Korea and Germany after she stepped down in 2013, according to Congressional investigators.

The Senate Homeland Security and Government Affairs Committee has found evidence of attempted intrusions into Clinton's server in 2013 and 2014, according to a letter Chairman Ron Johnson (R-Wis.) sent Monday to a Florida-based security firm tasked with protecting the hardware.


The contractor, SECNAP Network Security, identified the attacks, but according to internal emails cited and briefly quoted in the Johnson letter, Clinton's sever may have lacked a threat-detection program for three months, Johnson says.

The Associated Press first reported the news.

The attempted security breaches and apparent gaps in protection raise further questions about the level of security Clinton used to prevent malicious intrusions from breaching her network. The FBI is currently probing whether her rare email arrangement at State — exclusively using her own personal server rather than a State.gov account — ever put national security at risk. The State Department has now classified more than 400 Clinton emails that were stored on that hardware, though Clinton's team notes they were not marked classified at the time.

The last batch of Clinton's emails released by the State Department under a court order in a Freedom of Information Act suit showed that Clinton received at least five emails from hackers linked to Russia. If Clinton opened attachments in the emails, her account and server could have been vulnerable to hacking, although it is unclear if she did so.

POLITICO reported last week that there were likely many more so-called phishing messages sent to Clinton during her four years as secretary, but virtually all those messages appear to have been deemed "personal" by Clinton's attorneys and deleted, although the FBI is reportedly making progress recovering some or all of the messages from tech firms that worked on Clinton's server.

The attempted intrusions reported late Wednesday by AP were more direct attempts from abroad to gain unauthorized access to Clinton's server and did not rely on email messages. However, it is unclear whether they represented a concerted effort by one or more foreign intelligence services to access Clinton's data or if the efforts were part of the far more commonplace hacking on the internet.

According to the Johnson letter, Clinton's representatives purchased SECNAP's threat monitoring device in June of 2013 but does not appear to have been activated until October 2013. A Clinton representative seemed to be aware of the issue, according to an email quoted in the letter:

“We really really need to do this,” the internal Aug. 19, 2013 email reads. “We are left in a bad state… We want to add in this extra security. We are paying for it and no[t] using the security.”

Johnson blasted the time gap.

"This gap raises questions about the vulnerability of Secretary Clinton’s private server during the multi-month period that the CloudJacket devise and management service was unable to monitor the network,” the Johnson letter reads.

SECNAP notified Platte River of the attempted attacks from China in February 2014, Korea in March of that year and Germany in June of that year, according to footnotes in the letter.

The story could undermine another part of Clinton's public response to the email controversy. She has repeatedly said there's no indication that her server was hacked.

Asked in a CNN interview last month whether attackers from Russia or China hacked into her private account, Clinton replied: "There's no evidence of that."

In 2011, after Google revealed a wave of hacking attacks against accounts belonging to senior U.S. officials and human rights activists, Clinton's State Department warned employees to avoid using personal email accounts for official business. However, she continued to exclusively use a private account and server for her work.

Clinton has said the practice was permitted by State Department rules and is consistent with similar practices by past secretaries.

It's unclear whether Clinton's emails would have been more protected in the State Department's systems. Those systems are high-profile targets for foreign intelligence services and have been repeatedly breached in recent years by intruders believed to be from Russia.

Clinton's private email set-up, first created for her husband President Bill Clinton after he left office, was less well known and may have been a less obvious target. However, experts say sophisticated intelligence services monitoring the secretary of state's communications when she was abroad would have likely been able to pinpoint her server and use that information to attempt to access her system.