FOIA All The Things Profile picture
Mostly #FOIA and document tweets. Main account: @pwnallthethings

Sep 23, 2016, 48 tweets

OK - will tweetstorm the latest Clinton email release by @FBI. About 250 pages in 3 sections - docs here: vault.fbi.gov/hillary-r.-cli…

XXX was read into a Special Access Program. Sent email at TS//SAP over email (while in CA) because it was time sensitive. Marked it (SBU).

2. Second probably TS//SAP email used the subject line "Alert" -- but story was "about to break in the news".

3. (This shows the danger of mixing classifications designed to protect sensitive info instead to merely avoid official avowal of that info)

4. Something redacted here about a quote in a 2013 speech to the American Foreign Service Association. Is this the Sec Kerry speech? Hmm.

5. Reminder: if your corporate IT does not work when staff need it to, they move to less secure, non-corporately managed "shadow IT"

6. So two things:
a) Someone (guess who) tried to hack US' Iran negotiating team's personal emails
b) Curiously, this para is just U//FOUO.

7. This is the most detailed summary yet of the Clinton email server setup so far.

8. This is what it transitioned to after she left State. (It's now in rented space, not under Secret Service protection anymore)

9. All incoming / outgoing emails to Clinton would go via MX Logic for scanning

10. Remember the Reddit thing about the Clinton admin wanting to change email addresses in PST files w/ PowerShell? This is why

11. In the "July export" emails were transferred with three levels of encryption! (later he uploads the emails to Gmail to convert to a PST)

12. #ProTip: when tasked with "email cleanup", don't email about "the Hilary [sic] coverup [sic]". Looks less funny in FBI investigation doc

13. Is this the office of Bill Clinton using Google Apps? If so, bravo - SecretService should get him a YubiKey :)

14. In 2015, they contacted "Security Persuit" - a security company in Denver. Doesn't look like anything came of it though.

15. So OK. Here's timeline around the Congressional subpoena in 2015. Need to go through this slowly. Gets a bit fiddly.

16. March 3, 2015. Day before Congress issues their subpoena. IT guy is working on the "July export" of Clinton's emails. So far so good.

17. Next day: March 4. Congress issues their subpoena against Clinton.

18. March 5. IT guy gets some boring work emails. Life goes on as normal.

19. March 7. At this stage, "HRC archive - complete.pst" and "hrcarchive@clintonemail.com - HRC archive.ost" still exist on server.

20. March 9: IT guy gets email from Clinton's lawyers. Something along the lines of "hey, we've been subpoenaed, don't delete things" email.

21. March 10: Work ticket from Mills. How odd. Mills doesn't use this email server. Maybe is about her personal email? Yes, that must be it.

22. March 25 - an email about "CESG call", and one about "Clintons" referencing phone calls with Mills and Kendall.

23. What was that conversation with Kendall about?

24. IT guy doesn't remember erasing the backups on the Datto backup device. Excuse: loads of people have login access to access backups (!!)

25. On March 31, installs "BleachBit" of his own accord to delete email PST backups on the email server.

26. Someone who worked at Clinton's company (CESC) "did not want PST files hanging around and wanted them off the Server after the export"

27. So anyway, IT guy was *definitely* acting in bad faith; destroying evidence subpoenaed by Congress. Just less clear if/who told him to

28. Even six months before the subpoena, Mills was heavily involved in how emails were archived, down to overseeing old archives erasure.

29. So a bit more context of that March 25 phone call and email with subject line "Clintons"...

30. This is his response to having an "oh shit" moment in all of its technical gory detail.

31. So I can imagine that FBI investigators might not be entirely happy with being fed carefully curated evidence.

32. Important infosec lesson

33. Important infosec lesson part 2

34. Important infosec lesson part 3

35. Monica Hanley here proactively deleting work emails on gmail after Clinton's emails got subpoenaed by Congress.

36. Some State employees' personal accounts were hacked "presumably by the Chinese government" after a Clinton trip to China.

37. On trip to Russia, Hanley wrongly took classified brief to Clinton in her hotel suite. They left it there (security found on exit sweep)

38. Many problems with #FOIA review at Office of Legal Affairs and also at XXX. Surprised, but glad to see it admitted so openly.

39 (Correction): Office of Legislative Affairs.

40. Blumenthal's emails to Clinton contained FBI and CIA equities.

41. I think this is the Clinton email marked SECRET//NOFORN, relating to an FBI source during Benghazi aftermath

42. I.e. this one

43. Some info on the massive recruitment spree in the #FOIA office to handle the Clinton Benghazi subpoena to Congress

44. 1,600 emails passed to IC for a classification determination - from phone calls with foreign leaders to discussing Wikileaks stolen docs

45. Reminder that while "upclassification" is a thing, lots of docs sent as classified were "downclassified" later too.

46. So I've heard of "password managers", but this is ridiculous. Hanley literally managed Clinton's email passwords for her.

47. Maybe a third of the way through on first-pass and exhausted. Will do more maybe tomorrow. Going through FOIA docs is hard work :(

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling