Top IT official: Disabling security for Clinton server laid out 'welcome mat' for hackers

A 2010 decision temporarily disabling State Department security features to accommodate Hillary Clinton’s private server effectively laid out a "welcome mat" for hackers and foreign intelligence services, a leading IT official who oversaw computer security at the Defense Intelligence Agency told Fox News.

"You're putting not just the Clinton server at risk but the entire Department of State emails at risk," said Bob Gourley, former chief technology officer (CTO) for the DIA. "When you turn off your defensive mechanisms and you're connected to the Internet, you're almost laying out the welcome mat for anyone to intrude and attack and steal your secrets."

He was referring to revelations from new court-released documents in a lawsuit by conservative watchdog Judicial Watch. They show the State Department temporarily turned off security features in 2010 so that emails from then-Secretary of State Clinton's personal server would stop going to the department's spam folders.

Gourley, who has more than two decades of cybersecurity experience and is now a partner with strategic consulting and engineering firm Cognitio, noted the Russians did breach the State Department system at some point – though it’s unclear when, and whether disabling the security functions in 2010 played a role.

He said, though, that when the Russian presence was detected in 2014, there were indications “they had been there for quite a while … [and] also hacked into unclassified systems in the White House.” He said the Russians would have tried “everything possible to get in.”

Gourley said: "A professionally run system is going to keep their defenses up all the time to at least make it hard on them.”

The court-released emails show State Department IT staffers struggled to resolve the issue in December 2010, and it was considered an urgent matter. "This should trump all other activities," Ken LaVolpe, a senior technical officer, wrote on Dec. 17, 2010.

The disabled software was designed to block so-called phishing emails that could insert viruses into the system. Another senior State Department official, Thomas W. Lawrence, wrote that Clinton aide Huma Abedin was personally checking in for status reports on the progress.

The State Department inspector general's report released in May found Clinton's personal server used exclusively for official State Department business violated government rules. It also reported that in early January 2011 -- a month after the security feature shut-down -- an IT worker shut down the server because he believed "someone was trying to hack us." The individual, who was not identified by name in emails released by the IG, reported a second incident only hours later, writing, "We were attacked again so I shut (the server) down for a few min."

An email also from this time period documented Clinton's concern about getting a government email account. In November 2010, Clinton wrote to Abedin: "Let's get separate address or device but I don't want any risk of the personal being accessible.” Though Clinton said all her work-related emails were turned over, this document was provided not by Clinton but by Abedin.

While Clinton swore under oath last fall all records had been provided, campaign spokesman Brian Fallon said in a statement that Clinton did not have all the emails.

"We understand Secretary Clinton had some emails with Huma that Huma did not have, and Huma had some emails with Secretary Clinton that Secretary Clinton did not have," he said. He asserted the November 2010 email shows that “contrary to the allegations of some, Secretary Clinton was not seeking to avoid any use of government email. As indicated in this email, she was open to using a account but she simply wanted her personal emails to remain private, as anyone would want."

The FBI is investigating Clinton's emails practices. Agents are looking into whether classified information was taken outside secure government channels, and whether the server was compromised by a third party. Fox News first reported in January the FBI investigation had expanded to public corruption and whether the possible “intersection” of Clinton Foundation work and State Department business may have violated public corruption laws, according to three intelligence sources.

This week, the head of WikiLeaks Julian Assange told a British television network that he was in possession of Clinton emails that have not yet been released, indicating the system was compromised.

In an interview with British Television Network ITV, Assange said he has Clinton emails that are not public, and there is "enough evidence" for criminal charges, including regarding the Clinton Foundation, though he claimed she was too protected by the Obama administration for an indictment to go forward.

"There's very strong material, both in the emails and in relation to the Clinton Foundation," Assange said.

The Clinton campaign has dismissed claims the server was compromised by a third party, including those of Romanian hacker "Guccifer." Fox News was first to report his claims that he accessed the server with ease in March 2012. The Justice Department extradited the hacker to Northern Virginia where he recently agreed in a plea deal to cooperate in future investigations and testify before a grand jury.

An NSA whistleblower said the Assange claim should be taken seriously, given WikiLeaks’ track record of releasing authentic documents.

"It just says that she put all this material on a server that was insecure, that anyone in the world could access it and break in," said Bill Binney, a former National Security Agency specialist who spoke out against the agency's broad surveillance programs. Binney was investigated by the FBI, though there was no evidence he mishandled classified information.

Binney said there is a double-standard at play in the Clinton case, given more than 2,100 emails on her server containing classified information have been identified. He called her files “vulnerable [to] attack [from] all people in the world -- hackers, governments, everybody."