Many observers think it is likely that the home-based email server Clinton used for official business got hacked. FBI Director James Comey said recently that although the FBI found no evidence of intrusion on the server, Clinton traveled in numerous places where governments would have the ability to break into her system without leaving a trace.
That means they could have snagged everything Clinton sent or received, including the 33,000 emails that Clinton’s legal team deleted on the grounds that they were personal. (The FBI was able to recreate thousands of them, including many that were work-related.)
But the possibility Russia ― the lead suspect in the hacking of the Democratic National Committee ― has all those emails in the original, non-redacted form raises a serious threat to Clinton’s campaign. Call it a Red October surprise.
Such a prospect presents the Clinton campaign with a remarkably thorny problem, according to security and damage control experts.
“A major bank faced a similar situation when WikiLeaks claimed to have one of its hard drives,” said Timothy Coombs, a crisis management and communications expert at Texas A&M, apparently referring to Bank of America. “They spent over a million dollars to handle the what-ifs from the data.”
Team Clinton has the cash to handle that, and they already have talented rapid-response press staff. But if Clinton and her lawyers told the complete truth and did delete Clinton’s emails without keeping any backups, they’re already facing a hurdle.
“The key is knowing what is in the deleted materials, how it could affect Clinton, and have messages ready to respond to them,” Coombs said.
If they know that, they can pre-empt a destructive release by enemies, or “steal the thunder” of such a release, and put their own spin on damaging data first.
But Clinton faces a number of problems there. She probably has only vague memories of what was in the material, the newest of which is 4 years old. And with so many emails, most of them personal, it’s hard to know what embarrassing revelations could emerge, even if they don’t touch on official business.
Another complication is that even if she or her staff knows of something damaging, they don’t know for sure that it will get released. But they still have to be prepared.
“It’s possible that just like in the case of the Snowden revelations, this particular threat actor intends to release significant tranches of information at key and strategic points in the next few months to continue to stay on the radar and to continue to really sow disarray in the U.S. domestic election,” said Patrik Maldre of Estonia-based cybersecurity consulting firm Retel Partners.
Maldre, speaking Thursday in a conference call with the neoconservative think tank Foreign Policy Initiative, emphasized that there is no proof Russians hacked Clinton’s server, although he said it would fit a growing trend.
Roland Rust, a professor at the University of Maryland who works in crisis communications, told HuffPost that Team Clinton can’t ignore the possibility of another leak.
“They’ve got to figure it’s going to come from Russia in October,” he said. “They need to have a response prepared.”
Also, there’s a chance that whatever Clinton might prepare for, she would not be able to release information on her own if it touches on any of the hundreds of items that have been classified retroactively.
That leaves Clinton in the position of preparing multiple potential defenses, while not really knowing what to expect, and having no control of what comes out or what Trump does with it.
The DNC emails were released through WikiLeaks, available for anyone who wants to peruse them, and Trump highlighted them to try to drive a wedge between Clinton and supporters of Sen. Bernie Sanders (I-Vt.).
There is a pre-emptive damage control technique available to the Clinton campaign. “If you don’t have a defense, then the one thing you have is offense,” said Rust.
“The Clinton team needs to start now laying a foundation for why such public disclosure of emails is harmful to the U.S., play the patriot card,” Coombs said. “That way part of the response, if there is a release, would be to attack the release and to taint the release. This would have the potential to create a boomerang effect if the Trump people were to use it.”
It shouldn’t be too difficult for them to do that. Numerous Republicans hammered Trump for his suggestion that Russia could turn over the email trove and meddle in the election. Even Trump himself tried to walk his remarks back a bit Thursday by saying he was being sarcastic, although earlier in the week he’d told a crowd in Virginia, “I guarantee we’ll find the 33,000 emails.”
Maldre and other security experts associated with FPI characterized the DNC hack ― as well as a potential release of Clinton’s emails ― as attacks on American democracy.
“This is an effort to, at a minimum, disrupt the U.S. political system, the presidential campaign; possibly the goal is to embarrass one candidate or support another,” said David Kramer, a former assistant secretary of state in the George W. Bush administration. “This is an attack on the American political system. It’s not an attack on the DNC.”
They appealed for candidates and reporters to use any information from such sources with care.
“I really think it’s important that both parties try to see this as a bigger picture, not of using these documents or the beliefs for political advantage against each other, but really coming together to understand the larger national security risk that this kind of actor poses,” Maldre said.
Clinton probably can’t count on that kind of restraint from Trump, who has praised Russian President Vladimir Putin repeatedly.