US News
exclusive

Inside the scramble to cover up Clinton’s private email server

Computers from China and Russia tried to attack Hillary Clinton’s private email server, according to never-released emails from the Denver company that set up and maintained the system.

And other internal emails show the IT executives fretted about being ordered to purge emails and scrambled to distance themselves from what they believed was the former first lady “covering up some shaddy [shady] s- -t.”

In a gallows-humor message, one called it “Hillary’s coverup operation.”

The FBI in July chastised Clinton and her aides over the use of the private server, saying, “They were extremely careless in their handling of very sensitive, highly classified information.” But the agency declined to recommend charges.

The FBI report noted there were many hacking attempts into the system, both while Clinton was secretary of state and afterward when Platte River Networks took over the administration of the home server. The agency said none had been successful, and it never named the hackers or their points of origin.

But multiple internal Platte River emails reviewed by The Post show that computers in China tried on three occasions in 2014 to log into Clinton’s server and a computer in Russia tried once in 2013.

The internal communications also revealed how the execs belatedly tightened security on Clinton’s now-controversial home server and frantically sought to “cover our asses” when news broke that the former secretary of state’s communications were deleted.

“Any chance you found an old email with their directives to cut the backups back in Oct‐-Feb? . . . If we had that email, we are golden,” Platte River IT consultant Bill Thornton wrote to colleagues on Aug. 19, 2015.

FBI Director James Comey testifies.Getty Images

“Wondering how we can sneak an email in now after the fact asking them when they told us to cut the backups and have them confirm it for our records. Starting to think this whole thing really is covering up some shaddy s- -t.”

Thornton and fellow Platte River specialist Paul Combetta refused to answer questions last week before a congressional committee probing the server scandal. Each cited his Fifth Amendment rights.

Platte River itself was issued a congressional subpoena last month after it refused to voluntarily answer questions about the system.

A lawyer representing both Platte River and its employees declined to comment. A spokesman for Clinton did not return messages seeking comment.

Some 30,000 Clinton emails have been publicly released by the State Department as Congress investigated the 2012 deaths of US personnel in Benghazi, Libya, and another 15,000 are expected to be made public in the coming months. Clinton said she had deleted 32,000 emails she considered personal.

Clinton put the email server in the hands of Platte River even though no one at the company had a government security clearance. Tania Neild, a Westchester-based consultant, reached out to Platte River on Jan. 3, 2013, in an email to David DeCamillis, its director of business development. She wrote that she had a project to redo an email server that needed “HIGHEST security possible.”

Platte River didn’t learn the identity of the “top-secret client” until weeks later. It won the job, which cost Clinton and her husband, former President Bill Clinton, $35,000 initially and then more for ongoing technical support, the emails show.

‘Wondering how we can sneak an email in now after the fact asking them when they told us to cut the backups and have them confirm it for our records. Starting to think this whole thing really is covering up some shaddy s- -t.’

 - Platte River IT consultant Bill Thornton

The hiring was done through a company called Clinton Executive Services Corp., or CESC, which handles logistics for Hillary and Bill Clinton.

Thornton traveled to the Clintons’ Chappaqua home in Westchester County on June 23, 2013, to remove the old email server and take it to a data center in New Jersey.

Thornton had inadvertently called the Clintons’ home phone number before he arrived, prompting an aide to grill him on how he obtained it.

“That number is not given out,” the aide wrote.

Thornton took other liberties.

“Got to take a dump in the executive bathroom. So I got that going for me, which is nice. :),” Thornton wrote to his colleagues afterward.

DeCamillis responded, “Did u get pics? Not the dump of course but of their house?”

In the following days, the email accounts from Hillary Clinton’s old system when she was secretary of state and shortly thereafter were migrated to the new one.

In the summer of 2014, Clinton’s reps, including her former chief of staff, Cheryl Mills, started gathering her old emails in order to turn them over to the House committee investigating the attack on the US diplomatic compound in Benghazi.

Cheryl MillsAP

Combetta noted on July 23, 2014, that he needed to overnight DVDs of archived data to CESC with shipping charges of $46.38. The company’s accounting manager asked if she could mark up the price 20 percent, noting, “That’s the standard, but it’s a guideline, not a rule.”

Combetta replied, “Go for it!”

Combetta didn’t tell his Platte River colleagues that he had been transferring the old Clinton files to CESC until March 2015. That’s when the New York Times reported the former secretary of state used a personal email server and not a government address.

“I’m sure the Republicans are giving each other high fives; especially Jeb Bush,” DeCamillis emailed to other Platte River execs on March 3, 2015.

He wondered what emails the company might be asked to turn over.

“I’ve done quite a bit already in the last few months related to this. Her team had me do a bunch of exports and email filters and cleanup to provide a PST [personal storage file] of all of HRC’s emails to/from any .gov addresses,” Combetta wrote.

He added, “I billed probably close to 10 hours in oncall tickets with CSEC related to it :).”

Mills had asked Platte River in December 2014 to change its ­email retention policy for Clinton to just 60 days, according to the FBI report. Later the firm would be ordered to start purging emails after only 30 days.

Bill Thornton of Platte River NetworksAP

The report notes that an unnamed Platte River employee — later identified in news reports as Combetta — forgot to make the change until having an “oh, s- -t” moment at the end of March 2015. He then deleted the archive of Clinton emails and scrubbed them from the server, the FBI said.

Combetta told the feds he made the deletions despite knowing about a request to keep all such emails from the House Committee on Benghazi. Combetta reportedly was given immunity and was not charged.

Platte River’s destruction of the emails came after months of attempts by the House Select Committee on Benghazi to obtain them — including instructions to Clinton’s attorney David Kendall on Dec. 2, 2014, to retain them, and a formal subpoena issued on March 4, 2015.

After news broke about Clinton’s private server, Platte River clamped down on its security settings.

“I spent some time in their firewall just now locking everything down (pretty tight),” Thornton noted on March 2, 2015.

The FBI report says the company switched from one security protocol to another that was considered more sophisticated. It also considered but rejected doing penetration testing — hiring someone to try to hack the server in order to expose its vulnerabilities.

“It’s a good idea, and it’s also commonly done,” cybersecurity expert Johannes Ullrich, dean of research for the SANS Technology Institute, told The Post.

Paul Combetta of Platte River NetworksAP

In the Platte River emails viewed by The Post, server security and email deletions became an issue again in August 2015 after published reports revealed that the FBI was examining Clinton’s email system and named Platte River as the company behind it.

Company execs scrambled to find proof that Clinton’s reps had months earlier asked to cut the retention of emails from 60 days to 30 days.

“OK, we may want to work with our attorneys to draft up something that absolves us of that question,” Thornton wrote on Aug. 12, 2015. “I can only assume that will be the first and last question for us, ‘Why did we have backups of the system since the time of inception, then decide to cut them back to just 60 or 30 days?’ If we can get that from them in writing, I would feel a whole lot better about this.”

Combetta responded that he believed the request was made by phone.

Meanwhile, the company’s reputation was taking a hit, with DeCamillis noting, “I’m getting f- -ked.”

Members of the public sent nasty emails, one saying, “You will never get another commercial contract and you are under suspicion for supporting treason.”

The FBI seized the Clintons’ old server on Aug. 12, 2015.

But some emails inadvertently lived on, stored by the Connecticut company Datto — an arrangement the Clintons did not want.

“They never wanted offsite backups,” Treve Suazo, the Platte River CEO, wrote on Aug. 20, 2015.