https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy#Server_security_and_hacking_attempts
Security experts such as Chris Soghoian believe that emails to and from Clinton may have been at risk of hacking and foreign surveillance.[41] Marc Maiffret, a cybersecurity expert, said that the server had "amateur hour" vulnerabilities.[42] For the first two months after Clinton was appointed Secretary of State and began accessing mail on the server through her Blackberry, transmissions to and from the server were apparently not encrypted. On March 29, 2009 a “digital certificate" was obtained which would have permitted HTTPS encryption.[1]
Former Director of the Defense Intelligence Agency Michael T. Flynn,[43] former United States Secretary of Defense Robert Gates,[44][45] and former deputy director of the Central Intelligence Agency Michael Morell[46][47] have said that it is likely that foreign governments were able to access the information on Clinton's server. Michael Hayden, former Director of the National Security Agency, Principal Deputy Director of National Intelligence, and Director of the Central Intelligence Agency said "I would lose all respect for a whole bunch of foreign intelligence agencies if they weren't sitting back, paging through the emails."[48]
Clinton's server was configured to allow users to connect openly from the Internet and control it remotely using Microsoft's Remote Desktop Services.[42][49] It is known that hackers in Russia were aware of Clinton's non-public email address as early as 2011.[50] Server records also show that, using a computer in Serbia, a hacker had scanned Clinton's Chappaqua server at least twice, in August and in December 2012. It was unclear whether the hacker knew the server belonged to Clinton, although it did identify itself as providing email services for clintonemail.com.[42] During 2014, Clinton's server was the target of repeated intrusions originating in Germany, China, and South Korea. Threat monitoring software on the server blocked at least five such attempts. The software was installed in October 2013, and for three months prior to that, no such software had been installed.[51][52]
http://www.politico.com/story/2015/...erver-hacked-china-south-korea-germany-214546
The last batch of Clinton's emails released by the State Department under a court order in a Freedom of Information Act suit showed that Clinton received at least five emails from hackers linked to Russia. If Clinton opened attachments in the emails, her account and server could have been vulnerable to hacking, although it is unclear if she did so.
POLITICO reported last week that there were likely many more so-called phishing messages sent to Clinton during her four years as secretary,
but virtually all those messages appear to have been deemed "personal" by Clinton's attorneys and deleted, although the FBI is reportedly making progress recovering some or all of the messages from tech firms that worked on Clinton's server......
....Clinton's representatives purchased SECNAP's threat monitoring device in June of 2013 but does not appear to have been activated until October 2013. A Clinton representative seemed to be aware of the issue, according to an email quoted in the letter:
“We really really need to do this,” the internal Aug. 19, 2013 email reads. “We are left in a bad state… We want to add in this extra security. We are paying for it and no[t] using the security.”
