Skip to content

Judicial Watch • JW v Tillerson HRC emails Priestap declaration 00785

JW v Tillerson HRC emails Priestap declaration 00785

JW v Tillerson HRC emails Priestap declaration 00785

Page 1: JW v Tillerson HRC emails Priestap declaration 00785

Category:

Number of Pages:58

Date Created:April 24, 2017

Date Uploaded to the Library:May 01, 2017

Tags:Tillerson, Priestap, APPLE, mails, 00785, Declaration, Server, classified, Pagliano, HRC, Clintons, cooper, personal, investigation, Abedin, SECRET, Emails, Mills, Williams, Hillary Clinton, Benghazi, Secretary, clinton, filed, Obama, State Department, FBI, document, DOJ, FOIA, ICE, CIA


File Scanned for Malware

Donate now to keep these documents public!


See Generated Text   ∨

Autogenerated text from PDF

Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
EXHIBIT
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT COLUMBIA
JUDICIAL WATCH, INC.,
Plaintiff,
REX TILLERSON, his official capacity
Secretary State, ivil Action No. 5-cv-0785
Defendant.
__________________)
CAUSE ACTION INSTITUTE,
Plaintiff,
REX TILLERSON, his official capacity
Secretary State, and DAYID FERRIERO, his official capacity Archivist the
United States,
Civil Action No. 5-cv-1068
Defendants.
DECLARATION PRIESTAP
FEDERAL BUREAU INVESTIGATION
(U) E.W. Priestap, hereby declare and say:
(U) have been Special Agent with the Federal Bureau Investigation (FBI)
for eighteen (18) years. was assigned the Counterintelligence Division FBI Headquarters the Assistant Director December 2015. Before then, served the Deputy Assistant
Director the Intelligence Operations Branch the Directorate Intelligence FBI
Headquarters. Prior that, was named Special Agent Charge the Counterintelligence
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED
Division the New York Field Office 2013, where supported counterterrori and
counterintelligence operations since 2006 Supervisory Special Agent.
(U) July 10, 15, the FBI initiated full investigation based upon referral
from the Intelligence Community Inspector General (ICIG), submitted accordance with
Section l(c) the Intelligence Authorization Act 1995 and dated July 06, 2015, regarding
the potential unauthorized transmission and storage classified information the personal email server former Secretary State Hillary Clinton (Clinton). capacity the
Assistant Director assigned counterintelligence and counterespionage matters, supervised the
Clinton investigation. make this declaration provide the Court with background information
regarding investigative efforts taken obtain repositories e-mail which would assist the FBJ reviewing the potential unauthorized transmission and storage classified information. The
information stated herei based personal knowledge, review and consideration
documents and information available official capacity, and information furnished Special Agents and other employees the FBI.
INVESTIGATIVE ACTIONS TAKEN ACQUIRE REPOSITORIES E-MAIL
(U) primary focus the FBI investigative efforts was the recovery non-
governmental e-mail repositories used Clinton during her tenure Secretary State.
furth erance its investigation, the FBI acquired sought access computer equipment and
mobile devices used during the forme Secretarys tenure order forensically review items
and obtain evidence evaluate the potential unauthorized transmission and storage classified
information. Although this Declaration provides general overview the FBls investigative
efforts, much more detailed information specific investigative actions and specific computer
equipment and mobile devices can found the Clinton E-Mail Investigation: Mishandling
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED
Classified Unknown Subject Country (SIM) Letterhead Memorandum (LHM), which
unclassified and publically available version attached this declaration for review. Clintons Personal E-Mail Server Systems
(U) Prior January 2009, when she was sworn the U.S. Secretary
State, Clinton used personally-acquired BlackBerry device with service initially from Cingular
Wireless and later ATT Wireless, access her personal e-mail accounts. Clinton initially used
the e-mail address hrl mycingular.blackberry.net and then changed
hr15@att.blackberry.net. These e-mail addresses continued utilized for brief time during
Clinton tenure (January 2009 until March 18, 2009). The FBI investigation only
concerned the potential unauthorized transmission and storage classified information the
personal e-mail server during former Secretary Clintons tenure the Department State
(DOS). Initially, investigative emphasis was placed obtaining early tenure e-mails order understand the circumstances for deciding use the private e-mail server. described
greater detail below, the FBI primarily sought obtain the actual devices used Clinton
facilitate e-mail, such BlackBerrys, well any archived repositories Secretary Clinton
e-mails, through consensual agreement. The FBI also obtained Grand Jury subpoenas related
the Blackberry e-mail accounts, which produced responsive materials, the requested data
was outside the retention time utilized those providers. The FBI did not recover any
information indicating that Clinton sent e-mail from her hrl 5@mycingular.blackberry.net
hrl 5@att.blackberry.net e-mails after March 18, 2009. The
attached LHM the unclassified version publically available the FBls website, which has classified
information and personal identifying information redacted accordance with statutory obligations. See
https://va It. fbi.gov/hi llary-r.-Clinton.
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED
(U) mid-to-late January 2009, Clinton transitioned the
hdr22@clintonemail.com account, which utilized newly-created private domain for e-mail
initially hosted private server (the Apple Server) located Clintons Chappaqua, New
York residence. around January 2009, decision was made Clintons staff move the
clintonemail.com domain another server because the Apple Server was antiquated and users
were experiencing problems with e-mail delivery their Black.Berry devices.
(U) around March 2009, second private server (the Pagliano Server) was
installed the Chappaqua residence. During the installation the Pagliano Server, Clintons
former staff believe all e-mail from the Apple Server was migrated, and therefore e-mail
content should have remained the Apple Server. Following the e-mai migration from the
Apple Server the Pagliano Server, the Apple Server was repurposed serve personal
computer for household staff the Chappaqua residence. Sometime 2014, and after the
Secretarys tenure DOS, some data from the repurposed Apple Server was transferred new
Apple iMac computer, and the hard drive the old Apple Server was discarded. The FBI was
therefore unable obtain the original Apple Server for forensic review.
(U) The FBI did not seek obtain the iMac computer for forensic review
because the device did not facilitate Secretary Clintons use e-mail during her tenure. the
request the FBI, DOJ requested that Williams Connolly LLP, Clintons private counsel,
coordinate review all data the iMac determine whether e-mail repositories from the
Apple Server were still present from the 2014 data transfer through keyword search consisting terms identified the FBI. October 14, 2015, Williams Connolly confirmed DOJ
that review the iMac was conducted pursuant the request and e-mails were found
belonging Clinton from the period her tenure Secretary State. During the course
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED
the investigation, the found information indicate that the review the iMac
Williams Connolly was not comprehensive and accurate.
(U) The successor Pagliano Server consisted several pieces equipment
discussed detail the LHM. The Pagliano Server was set conduct complete backup
Seagate external hard drive once per week, with differential backup cumulative backup all
changes occurring since the last full backup) being completed every day, and this continued from
the initial Pagliano Server installation March 2009 until Jw1e when the external hard
drive was replaced. The external hard drive was replaced with Cisco Network Attached
Storage (NAS) device, store backups the server. The FBI was unable forensically
determine how frequently the NAS captured backups the Pagliano Server. discussed
further below, the FBI was able obtain the Pagliano Server, the Seagate external hard drive,
and the NAS. The FBI forensic analysis the three repositories resulted the recovery emails and documents from within the Secretarys tenure.
(U) early 2013, because user limitations and reliability concerns regarding
the Pagliano Server, Clintons staff discussed future e-mail server options through vendor. about July 18, 2013, Platte River Networks (PRN) finalized terms for service agreement
host e-mail services for linton (the PRN Server). Prior finalization, around une 23, 13, PRN transported the Pagliano Server datacenter Secaucus, New Jersey run
Equinix, Inc. (Equinix). The PRN Server remained the Equinix faci lity until the PRN Server
and associated equipment were voluntary produced the FBI October 2015. The
migration the clintonemail.com domain from the Pagliano Sever the successor PRN Server
began occur around June 30, 2013, and the Pagliano and PRN Servers functioned
together least part until Microsoft Exchange was fully uninstalled the Pagliano Server
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED
December 03, 2013. During the migration period the PRN Server, portion Clintons emails were transferred utilizing known commercial e-mail account. The FBI, the course
its investigation, was able obtain and review these files.
10.
(U) part the new PRN Server, PRN configured backup device from Datto,
Inc. (Datto), Datto SIRIS 2000, take multiple images the server system daily, with
retention period days. The Pagliano Server remained the same server cage the PRN
Server until was obtained the FBI August 2015 via consent provided Clinton through
Williams Connolly. Through the investigation, the FBI was also able obtain the PRN server
and the Datto SIRIS 2000, and access the cloud backup the Datto device. The FBI
forensic analysis these repositories resulted the recovery e-mails and documents within
the Secretarys tenure. note, forensic analysis the Datto backups revealed some e-mails
associated with the time period between January 2009 and March 18, 2009, none which
were provided Secretary Clinton because inability locate the files. Mobile Devices Associated with Clintons E-Mail Server Systems
11.
(U) The FBIs investigation identified thirteen (13) total mobile devices which
potentially were used send e-mails using Clintons clintonemail.com e-mail addresses.
February 2016, DOJ requested all mobile devices from Williams Connelly. Williams
Connelly replied February 22, 2016 that they were unable locate any these devices.
result, the FBI was unable acquire directly forensically examine any these mobile
devices during the course the investigation. The FBI was able consensually obtain some
backup copies devices utilized former Secretary Clinton the course the investigation
from former members Clintons staff. The FBls forensic analysis the repositories resulted the recovery e-mails and documents within the Secretary tenure.
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED
12.
(U) October 16, 2015, Williams Connelly provided two (2) BlackBerry
devices the FBI and indicated the devices may contain had previously contained e-mails
from Clintons personal e-mail account during her tenure Secretary State. FBI rensic
analysis found evidence indicate either the devices provided Williams Connelly
were connected one Clintons personal servers contained-mails from her personal
accounts during her tenure.
13.
(U) The FBI identified five (5) iPad devices associated with Clinton which
potentially were used send e-mails from Clintons clintonemail.com e-mail addresses. The
FBI obtained three (3) the iPads. One iPad contained three tenure e-mails from the
hdr22@clintonemail.com drafts folder. The FBI did not recover any e-mails from Clintons
personal e-mail accounts from either the other two iPads its possession. The FBI did not
obtain the remaining two iPads because they were longer Clintons possession and
investigative activities ind icated there was likelihood that tenure e-mails would present.
CONCLUSION
14.
(U) The FBI undertook all reasonable and comprehensive efforts recover
mails relevant investigating the potential unauthorized transmission and storage classified
information the personal e-mail server former Secretary Clinton. This effort consisted
acquiring all potentially work-related e-mails within the former Secretarys tenure and then
undertaking classification reviews each identified e-mai conjunction with U.S.
Government partners. July 16, the recovered several thousand unique work-related
and personal e-mails from Clintons tenure associated with the hdr22@clintonemail.com e-mai
address that were not provided Williams Connolly part Clintons production the
Department State (DOS). The FBI has since turned over all these e-mails and other
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED
documents DOS for agency record determination. connection with unrelated pending
investigation, the FBI learned the existence e-mails that appeared pertinent the Clinton
investigation and took appropriate steps allow investigators review those e-mai ls.
Investigative activities undertaken October 2016 with respect those e-mails resulted
additional e-mails being discovered which may potentially work-related. The FBI also
provide these e-mails the DOS for agency record determination. opinion that there are further investigative actions that can undertaken the FBI recover additional Clinton
work-related e-mails which would meaningful the investigation, described above.
The FBI did not and could not make assessments whether these e-mails were Department State records under
the Federal Records Act.
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
UNCLASSIFIED
Pursuant U.S.C. 1746, declare under penalty perjury that the foregoing true
and correct, and that Exhibit attached hereto true and correct copy.
Executed this 24th day April, 17. Priestap
Assistant Director
Counterintelligence Division
Federal Bureau Investigation
UNCLASSIFIED
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
DECLARATION E.W. PRIESTAP, FBI
EXHIBIT
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
b7E
::iECRli:+..9itC()I Pli iFQR.ND
U.S. Department Justice
Federal Bureau Investigation
July, 2016
Washinb>ton, D.C.
CLINTON E-MAIL INVESTIGATION
MISHANDLING CLASSIFIED- UNKNOWN SUBJECT COUNTRY (SIM)
This report recounts the information collected this esti~ation. not intended address potential inconsistencies in, the alidity ol, the information related herein.
b7E
(U//FOUO) July 10, 2015, the Federal Bureau Investigation (FBI) initiated full
investigation based upon referral received from the Intelligence Community Inspector
General (ICIG), submitted accordance with Section the Intelligence Authorization
Act 995 and dated July 2015, regarding the potential unauthorized transmission and
storage classified information the personal e-mail server former Secretary State
Hillary Clinton (Clinton). The FBI investigation focused determining whether classified
information was transmitted stored unclassified systems violation federal criminal
(lJ//FOo~) For complete !isling lhe inten iews conducted. clcclronic media colleclcd. legal pmcess issued. and classified
mails identified during this in,estigation. please refer Appendices A-D. background. Cli111011 was Secretary S1a1e from
Jmmmy 2009 tJrrough Fcbnmry I3.
FBI INFO.
CLASSIFIED BY: NSICG
f82l!32K21
REA.SOH: (C. ,C)
DECLASSI:Y QM: 12-31-2041
DATE: 08-18-2016
sicRE+/loktt,, iFa@D
b7E
HRC-1
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
statutes and whether classified information was compromised unauthorized individuals,
include foreign governments intelligence services, via cyber intrusion other means.
(U/ffOUQ) furtherance its investigation, the FBI acquired computer equipment and mobile
devices, include equipment associated with two separate e-mail server systems used
Clinton, and forensically reviewed the items recover relevant evidence. response FBI
requests for classification determinations support this investigation, Intelligence
Community (USIC) agencies determined that e-mail chains, b.c which FBI investigation
determined were transmitted and stored Clintons UNCLASSIFIED personal server systems,
contained classified information ranging from the CONFIDENTIAL TOP SECRET/SPECIAL
ACCESS PROGRAM levels the time they were sent between 2009-2013. USIC agencies
determined that these e-mail chains remain classified. addition, the classification
determination process administered the Department State (State) connection with
Freedom Information Act (FOIA) litigation identified approximately 2,000 additional e-mails
currently classified CONFIDENTIAL and e-mail currently classified SECRET, which FBI
investigation determined were transmitted and stored least two Clintons personal server
systems.d
b7E
(U//FOUO) The FBI investigation and forensic analysis did not find evidence confirming that
Clintons e-mail accounts mobile devices were compromised cyber means. However,
investigative limitations, including the FBI inability obtain all mobile devices and various
computer components associated with Clintons personal e-mail systems, prevented the FBI from
conclusively determining whether the classified information transmitted and stored Clintons
personal server systems was compromised via cyber intrusion other means. The FBI did find
that hostile foreign actors successfully gained access the personal e-mail accounts
individuals with whom Clinton was regular contact and, doing so, obtained e-mails sent received Clinton her personal account. {U//FOUO Clinton Personal E-Mail Server Systems
(lf OUO) /11i1ial /~-mail Server: .J1111e 2008 March 2009
(U//FOUO) around 2007, Justin Cooper, the time aide former President William
Jefferson Clinton (President Clinton), purchased Apple server (Apple Server) for the
sole purpose hosting e-mail services for President Clintons staff. 1.2 Due concern over
ensuring e-mail reliability and desire segregate e-mail for President Clintons various postpresidency endeavors, President Clintons aides decided maintain physical control the
Apple Server the Clinton residence Chappaqua, New York (Chappaqua residence). 3-U
According Cooper, around June 2008, representative from Apple installed the Apple The number classified e-mail chains identified may change classification determination 1csponses continue returned the FBI.
(Cl/~) For the pmposes the FBI i1wes1iga1ioll e-mail chain defined set e-mail responses ing the
same initial e-mail. The subject line may edited these chains rellec1 the pmpose the forward reply.
(Cl~) State did not pm,ide delennination with respect the classification these e-mails the time they were sent.
According State Cnder Secretary :vlanagemen1. Patrick Kennedy. unclassified information pro,ided Stale confidence
can later considered classified when fun her assessed the disclosure such information might damage national security diplomatic 1cla1ionships... Such information referred up~lass up~lassified.
HRC-2
b7E
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
~~RC]
b7E
Serverc the basement the Chappaqua residence.(,.? The FBI was unable obtain records
from Cooper Apple verify the installation. the time, Cooper was the only individual with
administrative access the Apple Server; however, the Clinton family and their Chappaqua
residence staff had physical access the Apple Server. i:i The Apple Server initially hosted the
domains residentclinton.com and ajcoffice.com, which were used President Clintons
staff. 10.1
(U//FOUO) Prior January 2009, when she was sworn the Secretary State,
Clinton used personally-acquired BlackBerry device with service initially from Cingular
Wireless and later ATT Wireless, access her e-mail accounts. Clinton initially used the
e-mail addresses hrl 5@mycingular.blackberry.net and then changed
hr! 5@att.blackberry.net. i.i.is According Cooper, January 2009, Clinton decided stop
using her hr! 5@att.blackberry.net e-mail address and instead began using new private domain,
clintonemail.com, host e-mail service the Apple Server. Clinton stated the FBI that she
directed aides, around January 2009, create the clintonemail.com account, and
matter convenience her clintonemail.com account was moved e-mail system maintained President Clintons aides. While Cooper could not specifically recall registering the domain,
Cooper was listed the point contact for c!intonemail.com when the domain was registered
with domain registration services company, Network Solutions, January 13, 2009. IR.l
Clinton used her au.blackberry.net e-mail account her primary e-mail address until
approximately mid-to-late January 2009 when she transitioned her newly created
hdr22@clintonemail.com account. The FBI did not recover any information indicating that
Clinton sent e-mail from her hrl 5@att.blackberry.net e-mail after March 18, 2009.
(UhFOUO) According Cooper, around January 2009 the decision was made move
another server because the Apple Server was antiquated and users were experiencing problems
with e-mail delivery their BlackBerry devices. n.n the recommendation Huma Abedin,
Clintons long-time aide and later Deputy Chief Staff State, around fall 2008, Cooper
contacted Bryan Pagliano, who worked Clintons 2008 presidential campaign
information technology specialist, build the new server system and assist Cooper with the
administration the new server system. Pagliano was the process liquidating the
computer equipment from Clintons presidential campaign when Cooper contacted Pagliano
about using some the campai~n computer equipment replace the existing Apple Server
Clintons Chappaqua residence. Pagliano was unaware the server would used Clinton the time was buildi~ the server system; rather, believed the server would used
President Clintons staff.., Clinton told the FBI that some point she became aware there was
server the basement her Chappaqua residence. However, she was unaware the
transition from the Apple Server managed Cooper another server built Pagliano and
therefore, was not involved the transition decision. r()lle) Second ,-mail Server: March 2009 June 2013
(Cl/~) The Apple Se1,er consisted Apple Power Macintosh G.i 1owcr and printer. lmes1iga1ion determined,.
____________
._.
...,....
Prcsidcm Climon did 1101 maintain e-mail account the Apple Se1,cr. The e-mail
domain wicofficc.eom was primmily legacy domain thal contained mostly fonnrrded e-mail.
b7C
S~kE J16RCQNNOE68_0
HRC-3
b7E
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
b7E
5!Cltf;J 1102Cf)N7NOF~D
(U//FOUO) Between the falI 2008 and January 2009, Pagliano requisitioned the original
hardware for the second e-mail server from Clintons presidential campaign headquarters
Arlington, VA. addition hardware acquired from Clintons presidential campaign,
Pagliano and Cooperg purchased additional necessary equipment through commercial
vendors. 3-us ..l(d March 2009, after Pagliano had acquired all the server equipment and
installed the necessary software, and Cooper met Clintons Chappaqua residence
physically install the server and related equipment server rack the Clintons
basement. h.Ji:i.
(U//FOUO) Once the new server systemi was physically installed and powered on, Pagliano
began migrating the e-mail data from the Apple Server the Pagliano-administered server
system (Pagliano Server)_..io Pagliano believed popped out all the e-mail from the Apple
Server and that e-mail content should have remained the Apple Server once the migration
took place. Pagl iano l~d lb~ E~~hlt on! transferred intonemai com e-mai
accounts for Abedin
rrom the Apple Server and said was unaware and
did not transfer e-maI accountor lmton_j.H However, Cooper stated the FBI that
believed Clinton had c!intonemail.com e-mail account the Apple Server, and that Abedin
did not have c!intonemail.com account the Apple Server. ..JJ the FBI was unable obtain
the original Apple Server for forensic review for reasons explained below, the FBI cannot
determine which clintonemail.com e-mail accounts were hosted on, and transferred from, the
Apple Server the Pagliano Server.
(U//~OUO) After the e-mail account migration was completed, Cooper changed the Mail
Exchange (MX) records ensure that delivery all subsequent e-mail from e-mail
addresses the presidentc!inton.com and c!intonemail.com domains would directed toward
the new Pagliano Server instead the Apple Server. --1-1 The Pagliano Server was only used foremail management, and the FBI review the oldest available backup image this server,
dated June 24, 2013, did not indicate that any e-mail users files were stored the Pagliano
Server.-15
(U/ttOUO) March 2009, following the e-mail migration from the Apple Server the
Pagliano Seryer the Annie Seryer was rtpurposed serve personal computer for household Clintons Chappaqua residence, subsequently used the
staff.
Apple Server equipment workstation. 2014, the data the Apple computer was
transferred Apple iMac computer, and the hard drive the old Apple computer, which
l(C~) Cooper had
~nd was often responsible for reimbursing
sl;lff for purclmses/expe1!scs-.- Pagliimo ,isited Clintons Clmppaqua residence least tluee occasions work the se1,er: .-llrrch 2009.
install the sen er: June 2011. upgrade the equipment and January 2012. fix hardware issue. The Pagliimo Se1Yer initially consisted the following equipment: Dell PowerEdge 2900 seIYer numing
:vlicrosofl Exchange for e-mail hosting and management. Dell PowerEdge 1950 se1,er nmning BlackBen-y Emerprise Sen ES) for Ihe managemenl BlackBeny deYices. Seagate external hmd dri, slore backups Ihe Dell PowerEdge 2900
sen er. Dell switch. Cisco firewall. and power supply (l.://~) e-mail oblained during the FBI i1westigation from Cooper Clinlon. indicaled that April 2009. Cooper was
preparing update Clintons Blad.Berry put our new system. (t.:) :vix record detennines which se1er will handle e-mail deli,ery for domain and necessary for routing e-mail its
proper destination.
b7C
b7C
SECRL_0.Q!u:etHm:r5Rrl.
HRC-4
b7E
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
SECRl }16RCON{NQF~~..._ ___,
previously served the Apple Server was discarded.~ October I4, Williams
Connolly LLP (Williams Connolly), counsel for Clinton, confirmed the Department
Justice (DOJ) that review the iMac was conducted, pursuant request DOJ, and emails were found belonging Clinton from the period her tenure Secretary State.~.,
b7E
(U//FSH9) Pagliano and Cooper both had administrative accounts the Pagliano Server.
Coopers direction, Pagliano handled all software upgrades and general maintenance. Cooper
described his role the customer service face, and could add users reset passwords
the e-mail server. Cooper and Pagliano both handled the acquisition and purchase serverrelated items. For example, March 2009, Cooper registered Secure Sockets Layer (SSL)
encryption certificate Pagliano direction for added security when users accessed their e-mail
from various computers and devices. Clinton stated she had knowledge the hardware,
software, security protocols used construct and operate the servers. When she experienced
technical issues with her e-mail account she contacted Cooper for assistance resolving those
issues.
(U//tOUQ) Pagliano stated that complete backup the Pagliano Server was made
Seagate external hard drive once week and differential backupm was completed every day,
and this continued from the initial Pagliano Server installation March 2009 until June 2011
when the external hard drive was replaced. space the hard drive ran out, backups were
deleted first in, first out basis. June 201 Pagliano replaced the Seagate external hard
drive with Cisco Network Attached Storage (NAS) device, store backups the server.
The FBI was unable forensically determine how frequently the NAS captured backups the
Pagliano Server.
(U//FOUO) According Pagliano, early 2013, due user limitations and reliability concerns
regarding the Pagliano Server, staff for Clinton and President Clinton discussed future e-mail
server options, and search was initiated find vendor manage Clinton e-mail server (,I
Additionally, Pagliano expressed desire seek new employment contributed the decision
move new server. search for the new vendor was facilitated with the assistance
Jnfograte, information technology consulting company.
!was introduced Clintons Chief Staff, Cheryl Mills, about January 2013
btated she worked with Mills and Pagliano
through mutual business associate.
produce request for proposal which was used solicit responses from multiple firms,
including Denver-based information technology firm Platte River Networks (PRN). Clinton
recalled that the transition the PRN Server was initiated President Clintons aides seeking
higher level service than could rovided the 1liano Server.(,~ Pagliano identified
President Clintons making the final decision
select PRN. the sprmg 2013, PRN negotiate terms the contract host e-mail
services and eventually signed Service Level Agreement July 2013.
b7C
b7C
(t..:) SSL security protocol used establish encrypted connection between sen and another machine. allowing
sensiti, information such login credentials credit card infommtion tmnsmitted encrypted format instead
plain text. SSL certificates. issued 1hird-pany Ccnificate Authority. arc small files that must installed sc1crs
establish sccmc sessions with web bmwsers.
(t..:) diffcremial backup cumulati,c backup all changes that ha,e occurred since the last full backup. The new Clinton e-mail sen hosted e-mail for Clinton. President Climon.j
!and their respccthc
staffs.
b7C
HRC-5
b7E
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
b7E
(lf OUO) third -mail Server: .June 2013
Ocwher 2015
(U/ffOUO) Following the selection PRN manage the Clintons personal e-mail server and
accounts, PRN management assigned two PRN employees handle the primary installation
and administration the third server system (PRN Server).
who worked
remotely from his home in!
!handled day-to-day administration for the PRN Server,
an~
!who worked PRN headquarters Colorado, handled all hardware
installation and any required physical (i.e. hands-on) maintenance for the PRN Server.
During the transition the PRN Server,!
!advised worked with Pagliano
understand the existing architecture ofttie Pagliano Server. part this transition process, around June 20BJ
!was granted administrator access the Pagliano Server,
well any accompanying services, such the domain registration services through Network
Solutions.ls.
b7C
(U//FOUO) June 23, 2013J
hraveled Clintons Chappaqua residence, where
powered down the Pagliano Server and transported datacenter Secaucus, New Jersey,
run Equinix, Inc. (Equinix). The PRN Server remained the Equinix facility until
was voluntarily produced the FBI October 2015.ll2.ll.l The only equipmen~
!left the Chappaqua residence was the existinr firewall and switch, since PRN intended purchase
econnected and powered the equipment for the
its own firewalls and switches. l:!1
Pagliano Server the datacenter, users could connect their e-mail accounts, and
continued work the datacenter for few days setting the remaining equipmentP for the
111
PRN Server.
!completed all the onsite work, while!
!worked remotely
left Secaucus, New Jersey, travel back PRN
get the server online. Afte~
headqrrt;rs, all rysical pieces hardware had been installed except for intrusion detection
device
old the FBI that Equinix installed this device shortly after left because the
intrusion etect10n device was shipped later. 111:!
b7C
(U//fOUO) around June 30, 2013,!
~egan remotely migrate all e-mail
accounts from the Pagliano Server the PRN Server. 119 During this migration period, the two
server systems functioned together ensure uninterrupted e-mail delivery users. After
several days migration, all e-mail accounts hosted the presidentclinton.com, wjcoffice.com,
and clintonemail.com domains were transferred the PRN Server.q that point, PRN kept
the Pagliano Server online ensure e-mail was still being delivered; however, the Pagliano
Server was longer hosting e-mail services for the Clintons.
b7C third PR1 employed
Ionly handled few Lasks related the administmtion the se1Yer system
until left the company the summer 2015.
b7C The PR1 Se1Yer consisted the follo\ing equipment: Dell Po\erEdge R620 seJYer hosting four ,inual
machines. including four separate irtual machines for :vlicrosoft Exchange e-mail hosting. BES for the management
BlaekBerry de,iees. domain contmller authenticate password requests. and administmti seJYer manage the other
three irtual machines. Dalio SIRIS 2000 store onsite and remote backups the seler system. CloudJacket deice for
intn1sion preention. two Dell switches. and two Fortinet Fortigate XOC firewalls. Th~
!domain \!IS also added the PR1 Sen later date.
HRC-6
b7E
b7E
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
(U//FOUO) part the PRN Server environmend
lold the FBI that configured
backup device from Connecticut-based company Datto, Inc. (Datto), Datto SIRIS 2000,
take multiple snapshots the server system daily, with retention period days. The
backup device made mu! tip copies the Pagl iano Server between June 24, 2013 and
December 23, 2013. 9-t the Clintons request, PRN only intended that the backup device store
local copies the backups. However, August 2015, Datto informed PRN that, due
technical oversight, the PRN Server was also backing the server Datto secure cloud
storage. ,I:( After this notification, PRN instructed Datto discontinue the secure cloud
backups.
(U//FOUO)!
!stated the Clintons originally requested that e-mail the PRN Server
encrypted such that one but the users could read the content. tnI However, PRN ultimately did
not configure the e-mail settings this way allow system administrators troubleshoot
102
problems occurring within user accounts.
(U//FOUO) PRN utilized Intrusion Detection System (IDS)/Intrusion Prevention System
(IPS) called CloudJacket from SECNAP Network Security. The IDS/IPS device implemented PRN had pre-configured settings that blocked blacklisted certain e-mail traffic identified
potentially harmful and provided real-time monitoring, alerting, and incident response
services. tn-t. io; SECNAP personnel would receive notifications when certain activity the
network triggered alert. 106 These notifications were reviewed SECNAP personnel and,
times, additional follow-up was conducted with PRN order ascertain whether specific
107
activity the network was normal anomalous. Occasionally, SECNAP would send e-mail
notifications
prompting him block certain addresses.
~escribed
these notifications normal and did not recall any serious security incident intrusion
109
attempt. PRN also implemented two firewalls for additional protection the network.
110
!stated that put two firewalls place for redundancy case one went down.
b7C
b7C
b7C
(UNFOUO) According the FBI forensic analysis the server system, December 2013,
Microsoft Exchange was uninstalled the Pagliano Server. 111 The Pagliano Server remained
the same server cage the Equinix datacenter Secaucus, New Jersey, and forensic review
the server, which was obtained August 2015 via consent provided Clinton through
Williams Connollr, indicated that continued powered and off multiple times before
the FBI obtained it. the time the FBI acquisition the Pagliano Server, Williams
Connolly did not advise the Government (USG) the existence the additional equipment
associated with the Pagliano Server, that Clintons clintonemail.com e-mails had been
migrated the successor PRN Server remaining Equinix. The FBI subsequent investigation
identified this additional equipment and revealed the e-mail migration. result, October
2015, the FBI obtained, via consent provided Clinton through Williams Connolly, both the
remaining Pagliano Server equipment and the PRN Server, which had remained operational and
was hosting Clintons personal e-mail account until was disconnected and produced the
FBI. U.11-t.TI 5.116
(l.:) The Datto SIRIS 2000 dc,icc hat prOidcs back-up capability and data 1cdunda11cy.
HRC-7
b7E
Case 1:15-cv-00785-JEB Document 33-2 Filed 04/24/17 Page
b7E
.....
(U//fOUG) Investigation determined Clinton and Abedin beoan usino new e-mail accounts
....
the domain hrcoffice.com December 2014. Abedin stated the clintonemail.com system was going away and,
followmg the m1tiatton the new domain Abedin did not have access her clintonemail.com
120
account.
.:1
b7C This consistent with
representat1ons made W1lhams Connoll which stated February 22, 2016 Jetter:
Secretary Clinton did not transfer her clintonemail.com e-mails for the time period January 21,
2009 through February 2013 her hrcoffice.com account ... 123 The investigation found
evidence Clintons hrcoffice.com account contained contains potentially classified
information e-mails from her tenure Secretary State. The FBI has, therefore, not
requested obtained equipment associated with Clintons hrcoffice.com account.
(ll OUO) Mobile Devices Associated with Clintons !~-mail Server Systems
(U//FOUO) Clinton stated she used personal e-mail address and personal BlackBerry for both
personal and official business and this decision was made out convenience. Abedin recalled
that the start Clintons tenure, State advised personal e-mail accounts could not linked
State mobile devices and, result Clinton decided use oersonal device order avoid
125
carrvirn! multiole devices.
lL./ Cooper stated that was aware Clinton using second mobile phone
number. ,Lll Cooper indicated Clinton usually carried flip phone along with her BlackBerry
because was more comfortable for communication and Clinton was able use her BlackBerry
!was her primary BlackBerry
while talking the flip phone. 129 Clinton believed 212!
phone number, and she did not recall using flip phone during her tenure State, only during
her service the Senate. Abedin and Mills advised they were unaware Clinton ever using cellular phone other than the BlackBerry. 1.m
(U/tfOUO) FBI investigation identified total mobile devices, associated with her two known
phone numbers, 212}
!and 212j
!w.~ich potentially were used send e-mails
using Clintons clintonemail .com e-mail addresses. 1.,., Investigation determined Clinton used
succession e-mail capable BlackBerry mobile devices associated with 2121
!eight
which she used during her tenure Secretary State. identified Clinton used
two e-mail capable mobile devices associated with 212L__Jafter her tenure.
b7C
b7C
b7C During his inle1,iew with the fBI. Cooper was mistakenly shown 2021 the secot phone nmrer.
Cooper recognized the phone number Clintons second number: howc,er the correct phone number ATT loll records associated with 2ll
Indicated the number was consistently used for phone calls
2009 and then used sporadically through the duration Clintons tenure and the years following. Records also showed that
BlackBerry de,ices were associated with this phone number.
(t.:/tlOt:O) The FBI identilicd four additional mobile de, ices associated with
!which were used during Clintons
tenure. lowc,er. these dc,iccs lacked e-mail capability. and result the FBI did not conduct any fnnhcr imcstigation
regarding these de,ices.
b7C
sEt_:::SS>