In a July 5, 2016 public speech, FBI Director James Comey addresses the possibility that Clinton’s emails were accessed by outsiders. He says, “We did not find direct evidence that Secretary Clinton’s personal email domain, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.” (Federal Bureau of Investigation, 7/5/2016)
The next day, the New York Times reports that although Comey said there was no “direct evidence” Clinton’s email account had been successfully hacked, “both private experts and federal investigators immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”
The Times says that Comey’s comments were a “blistering” critique of Clinton’s “email practices that left Mrs. Clinton’s systems wide open to Russian and Chinese hackers, and an array of others.” However, “the central mystery — who got into the system, if anyone — may never be resolved.”
Adam Segal, a cybersecurity expert at the Council on Foreign Relations (CFR), says, “Reading between the lines and following Comey’s logic, it does sound as if the FBI believes a compromise of Clinton’s email is more likely than not. Sophisticated attackers would have known of the existence of the account, would have targeted it, and would not have been seen.”
Before Comey’s comments, Clinton and her spokespeople had said on numerous occasions that her server had never been hacked. In an October 2015 interview, President Obama came to a similar conclusion about her server: “I don’t think it posed a national security problem.”
The Times also comments that Comey’s “most surprising suggestion” may have been his comment that Clinton used her private email while in the territory of “sophisticated adversaries.” This is understood to mean China and Russia and possibly a few more countries.
Former government cybersecurity expert James Lewis says, “If she used it in Russia or China, they almost certainly picked it up.” (The New York Times, 7/6/2016)
Cybersecurity consultant Morgan Wright says the most likely suspects are Russia, China and Israel, “in that order.”
Ben Johnson, a former National Security Agency official and security strategist, says “Certainly foreign military and intelligence services” would have targeted Clinton’s emails. “They’re going to have a lot of means and motives to do this.” He also says it wasn’t just likely countries such as China and Russia, but “any country that’s looking to potentially have adversarial relations with us or just [desires] more relations with us.” He specifically cites Middle East countries specifically as having a likely motive. (Politico, 7/5/2016)