Even as then-Secretary of State Hillary Clinton was warning department employees about the threat from cyber-attacks, she opted to skip a special 2011 cyber briefing that the department security team put together just for her, according to congressional investigators and an unclassified letter from the State Department.
The briefing was a sign of how serious the cybersecurity threat to U.S. government systems had become. The briefing was drawn up during the same year an internal 2011 State Department cable from Clinton, first reported by Fox News, told State Department employees not to use personal email because of the hacking threat.
Yet, Clinton was conducting all official government business on her unsecured personal account. And in mid-February, Julia Frifield, the assistant secretary for legislative affairs, confirmed to Congress the existence of the 2011 cyber briefing and the fact that Clinton skipped it. The details were revealed in a March 3 congressional letter to Secretary of State John Kerry.
The letter says: "On February 18, 2016, Ms. Julia Frifield, the Assistant Secretary for Legislative Affairs, sent us that classified PowerPoint presentation used in the cybersecurity briefing, along with an unclassified cover letter. The unclassified cover letter noted that 'although the PowerPoint indicated the briefing was for former Secretary Clinton, we understand from the testimony of the briefers, that she was not in attendance.'"
The letter is part of the ongoing oversight of the State Department by Republican Sens. Ron Johnson and Chuck Grassley, who signed the letter to Kerry. Grassley is asking that the PowerPoint presentation be declassified. The senator’s investigation of State Department practices began four years ago and is not limited to current questions about Clinton's use of personal email for government business.
In the last year since the email account became public, more than 2,000 messages containing classified information have been identified by the intelligence community and State Department, including another 22 emails considered too damaging to national security to release under any circumstances.
A State Department spokesman had no information on the skipped 2011 session when asked Thursday, but emphasized there are consequences when cybersecurity and classified information training are not completed.
"We all have to undergo that, and it's considered mandatory," spokesman Mark Toner said. "I don't know the specifics of this case. Not so much punishment, but you know, access to computers, that kind of thing, might be affected."
In an ongoing federal lawsuit under the Freedom of Information Act, conservative watchdog group Judicial Watch sued for all records documenting that Clinton -- and top aides Huma Abedin and then-State Department chief of staff Cheryl Mills -- took the required training on the identification and handling of classified information. Judicial Watch was recently told by the State Department that no records exist to confirm the training was completed.
"The State Department can't find any documents that they took this course, so now it's up to Clinton to explain why she didn't take this training and why she thought she was above the law," Judicial Watch President Tom Fitton told Fox News.
The Daily Caller also reported that, in three of her four years at the helm of the department, Clinton received no security briefings on handling classified information. According to the report, her only briefing was on Jan. 22, 2009, right after she was confirmed to the post.
The only related documents of record are the non-disclosure agreements for classified and top secret intelligence which Clinton signed in January 2009, right after becoming secretary of state. The signed agreements said Clinton understood "classified information is marked or unmarked … including oral communications." Clinton also confirmed that she understood there were potential criminal violations under the Espionage Act for breaking the agreements.
Cyber experts say the compromise of Clinton's server is not just a hypothetical. While Clinton IT specialist Bryan Pagliano’s security logs showed no evidence of a compromise, in March 2013 it was revealed the email account of Clinton adviser Sidney Blumenthal was accessed by the Romanian hacker "Guccifer" -- first exposing an account that appeared to belong to Clinton at "Clintonemail.com.”
The Department of Justice recently confirmed that Guccifer is being extradited to the federal court in the Eastern District of Virginia.
"I find it highly coincidental that [Guccifer] is in the United States at the same time this [FBI] investigation is coming to a head," cybersecurity expert Morgan Wright said. “It takes a lot to get somebody internationally extradited. They jump through a lot of hoops. ... I go back to what's in common and that's the exposure. It started all with Sidney Blumenthal and the hack of his email that exposed Secretary Clinton's email. That's the nexus, that's where Bryan Pagliano, that's where all these other players are coming. … There's more than coincidence here."
Asked recently about the case, a spokesman for the Virginia court had no update on Guccifer's arrival in the U.S. or his first court appearance.
Fitton told Fox News they have spent $625,000 on staff attorneys between March 2015 and March 2016 seeking documents under the Freedom of Information Act because they had to sue for them. It is not public how much the State Department, and by extension the American taxpayer, has spent on the FOIA lawsuits.
Clinton campaign aides Brian Fallon and Nick Merrill were asked for comment on the 2011 cyber briefing and any records that might show Clinton and her team took the required classified information training. There was no immediate comment.