ISIS Caliphate Cyber Army Next Soft Targets

 

Companies could be the next ISIS target

MarketWatch: Companies could become larger targets of pro-Islamic State hackers, according to a security company that analyzes the group’s online activity.

The hacking capabilities of ISIS, which has spread propaganda through online channels such as Facebook and Twitter, remain nascent and relatively unsophisticated, according to researchers at the New York-based intelligence company Flashpoint. But the group has gained supporters with hacking skills who are helping propel the group’s online campaigns, the researchers say.

“These are individuals that are hackers first, ISIS supporters second,” says Laith Alkhouri, cofounder and director of research and analysis for the Middle East and North Africa at Flashpoint. “This is definitely a problem in the U.S. for individual businesses, especially individually businesses that are catering to customers digitally.”

Alkhouri says the pro-ISIS hackers typically deface websites to post messages in support of the group to gain notoriety and spread their propaganda. Flashpoint tracked one pro-ISIS hacking group by the end of 2014 and since then, at least five different groups have emerged, typically by defacing their websites. It’s difficult to know the full scope and number of ISIS-backing hackers because they’re behind computers, he says.

Pro-ISIS hackers have in the last year targeted government agencies, universities, businesses and media outlets of all sizes, according to a report released in August by the Middle East Media Research Institute, a Washington, D.C.-based nonprofit. While ISIS hacking capabilities have been considered relatively unsophisticated and focused on companies that may not have a large security apparatus, some still worry the group could bring on more skilled hackers.

For example, on Aug. 8, ISIS supporters posted messages saying “i love you Islamic State & Jihad” on the website of a Cincinnati restaurant, according to the Middle East Media Research Institute. French media outlets held an emergency meeting after hack attacks on TV5Monde’s website in April 2015, according to The Guardian.

Small or medium-sized companies with amateur websites should monitor each page to ensure a subsection of the website hasn’t been defaced with pro-ISIS messages, Alkhouri says. Often, he says, companies may not immediately realize a subsection of their website has been taken over by ISIS supporters, and the message could hurt the brand among customers. Alkhouri says the group’s attacks could escalate as the hackers seek more notoriety and publicity for their acts.

One pro-ISIS hacking group claimed it planned to take down Google, according to Newsweek, but instead posted its messages on the website of an Indian company called Add Google Online.

The Pentagon has launched an online offensive against ISIS, according to reports, in an attempt to frustrate the group’s computer and phone networks.

A prominent ISIS hacker was killed in a drone strike last year, The Wall Street Journal reported, after U.S. and British officials determined he played a key role in sharpening the group’s computer skills.

*****

Meanwhile, the FBI is on the trail stemming from the attacks in Belgium where investigations of internet and electronic communications could reveal more on the cyberwar, soft targets.

FBI examining laptops linked to Belgian militants: source

Reuters: The Federal Bureau of Investigation is examining laptop computers linked to suspects in last week’s deadly Brussels bombings as investigators work to unravel the militant network behind the attacks.

The laptops arrived in the U.S. on Friday and now are being examined by FBI experts, a U.S. government source familiar with the matter said on Tuesday.

The Wall Street Journal reported on Monday that Belgian authorities had provided copies of laptop hard drives to the FBI. It is not yet clear whether FBI technicians have recovered any significant data from the equipment the Belgians turned over, the source told Reuters.

U.S. officials have pledged support for Belgian efforts to crack down on militants behind the March 22 suicide bomb attacks at a Brussels Metro station and the city’s Zaventem Airport and other recent attacks.

The death toll from the attack on the airport, and the subsequent bombing of a rush-hour metro train, rose to 35 on Monday, excluding the three men who blew themselves up.

On Saturday, President Barack Obama said the a team of FBI agents was helping investigators on the ground in Belgium.

U.S. officials have said that Belgium’s security and intelligence agencies are overstretched and also hampered by internal political, financial and cultural problems, including a linguistic divide between French and Flemish speaking investigators.

 

Another Judge Piles onto the Hillary Discovery

Judicial Watch: Second Federal Court Grants Discovery in Clinton Email Case

(Washington, DC) – Judicial Watch announced today that U.S. District Court Judge Royce Lamberth granted “limited discovery” to Judicial Watch into former Secretary of State Hillary Clinton’s email matter.  Lamberth ruled that “where there is evidence of government wrong-doing and bad faith, as here, limited discovery is appropriate, even though it is exceedingly rare in FOIA cases.”

The court’s ruling comes in a July 2014 Freedom of Information (FOIA) lawsuit seeking records related to the drafting and use of the Benghazi talking points (Judicial Watch v. U.S. Department of State (No. 1:14-cv-01242)).  The lawsuit seeks records specifically from Hillary Clinton and her top State Department staff:

Copies of any updates and/or talking points given to Ambassador Rice by the White House or any federal agency concerning, regarding, or related to the September 11, 2012 attack on the U.S. consulate in Benghazi, Libya.

Any and all records or communications concerning, regarding, or relating to talking points or updates on the Benghazi attack given to Ambassador Rice by the White House or any federal agency

Judge Lamberth granted Judicial Watch’s Motion for Discovery, which was filed in opposition to the State Department’s Motion for Summary Judgement.  The court ruled:

An understanding of the facts and circumstances surrounding Secretary Clinton’s extraordinary and exclusive use of her “clintonemail.com” account to conduct official government business, as well as other officials’ use of this account and their own personal e-mail accounts to conduct official government business is required before the Court can determine whether the search conducted here reasonably produced all responsive documents. Plaintiff is certainly entitled to dispute the State Department’s position that it has no obligation to produce these documents because it did not “possess” or “control” them at the time the FOIA request was made. The State Department’s willingness to now search documents voluntarily turned over to the Department by Secretary Clinton and other officials hardly transforms such a search into an “adequate” or “reasonable” one.  Plaintiff is not relying on “speculation” or “surmise” as the State Department claims.  Plaintiff is relying on constantly shifting admissions by the Government and the former government officials.  Whether the State Department’s actions will ultimately be determined by the Court to not be “acting in good faith” remains to be seen at this time, but plaintiff is clearly entitled to discovery and a record before this Court rules on that issue.

The Court must observe that the Government argues in its opposition memorandum that “the fact that State did not note that it had not searched Secretary Clinton’s e-mails when it responded to Plaintiffs FOIA request … was neither a misrepresentation nor material omission, because these documents were not in its possession and control when the original search was completed.”  The Government argues that this does not show a lack of good faith, but that is what remains to be seen, and the factual record must be developed appropriately in order for this Court to make that determination.

Today’s ruling refers to U.S. District Court Emmett Sullivan’s decision to grant Judicial Watch discovery on the Clinton email matter in separate litigation:

Briefing is ongoing before Judge Sullivan.  When Judge Sullivan issues a discovery order, the plaintiff shall — within ten days thereafter–file its specific proposed order detailing what additional proposed discovery, tailored to this case, it seeks to have this Court order. Defendant shall respond ten days after plaintiff’s submission.

Judge Sullivan is expected to rule on Judicial Watch’s discovery plan after April 15.  Judicial Watch’s discovery plan seeks the testimony of eight current and former State Department officials, including top State Department official Patrick Kennedy, former State IT employee Bryan Pagliano, and Clinton’s two top aides at the State Department:  Cheryl Mills and Huma Abedin.

“This remarkable decision will allow Judicial Watch to explore the shifting stories and misrepresentations made by the Obama State Department and its current and former employees,” stated Judicial Watch President Tom Fitton.  “This Benghazi litigation first uncovered the Clinton email scandal, so it is good to have discovery in this lawsuit which may help the American people find out why our efforts to get Benghazi answers was thwarted by Clinton’s email games.”

###

Customs Border Patrol in Pacific, Whoa

US agents nearly caught $194 million worth of cocaine in a narco submarine

US Customs and Border Protection Air and Marine Operations agents had a close call with a high-value target in the Pacific Ocean.

The crew of a P-3 Long Range Tracker, working as part of a joint military-law-enforcement task force, picked up a self-propelled semi-submersible traveling in the eastern Pacific Ocean on March 2.

Agents later intercepted the semi-submersible, on which they found more than 12,800 pounds of cocaine, an amount with an estimated value of $193,939,000, according to a CBP release issued on March 24. US agents arrested four people operating the craft.

The seizure was short-lived however, as the “semi-submersible became unstable and sank,” the CBP said in a release. Semi-submersible crafts used for drug smuggling are also referred to as “narco submarines.”

Despite losing the cargo, the CBP characterized the operation as a success. “Our crews will continue to take every opportunity to disrupt this type of transnational criminal activity,” said John Wassong, the director of the National Air Security Operations Center in Corpus Christi, Texas.

Semi-submersibles used for smuggling are usually built to travel just below the surface, with just an exhaust pipe, a wheelhouse, and an airstack emerging from the water, according to Vice News. The vessels are often camouflaged, and many of them are constructed in Colombia, a major hub for cocaine production.

View gallery

.

narco submarine

(US Customs and Border Patrol)
A semi-submersible transporting drugs was captured at sea last year by US agents, but it sank before it could be fully unloaded.

“Typically crews are made up of an experienced sailor, the so-called “captain” who can also be the person who handles communication with the ‘base,'” Javier Guerrero, a researcher focused on drug-trade technology, told Vice in 2015. “Most likely the crew is made up of experienced sailors,” as well, said Guerrero, and their experience and relationship with the cargo’s owner or the narco sub’s owner determines the command hierarchy on the vessel.

The emphasis traffickers have put on seaborne smuggling is one of the latest logistical and technical developments in the drug trade. Throughout much of 1970s and 1980s, most trafficking routes, via air and sea, transited the Caribbean. As interdiction efforts increased, smugglers switched to land and air routes through Mexico, eventually branching into more intense maritime smuggling.

“They started to build the submarines and they’re still using them, but it’s aircraft, commercial freighters, speedboats. You name it and they have it,” Mike Vigil, the former chief of international operations for the DEA, told Business Insider. “They never settle on one method of transportation or on one route. They’re always exploring.”

.

Colombia cocaine submarine

(REUTERS/John Vizcaino)
Counternarcotics police guard an under-construction submersible that was seized from the “Los Urabenos” drugs cartel, in Puerto Escondido, Monteria province October 18, 2011. Colombian authorities said that the submersible ship seized on Monday could be used to carry six tons of cocaine illegally.

In 2012, 80% of the illegal drugs smuggled to the US came on maritime routes, and 30% of the illegal drugs delivered to US shores via the sea were carried on narco submarines, according to a 2014 study cited by Vice News.

In late summer last year, US agents intercepted a semi-submersible laden with roughly eight tons of cocaine. US authorities offloaded about six tons of the illicit cargo before the vessel sank. The capture and subsequent sinking of the narco sub were recorded by the Coast Guard.

Had US agents been able to bring this latest shipment to shore, it would have been one of the more substantial hauls captured in recent months. In early February, Air and Marines Operations agents intercepted a 2,300-pound shipment with an estimated value of $172 million. In early March, CBP agents caught a 154-pound shipment in Fort Lauderdale, Florida, which had an estimated value of $2 million.

Air and Marine Operations agents took part in 198 seizure, disruption, or interdiction efforts in their 42-million-square-mile operation zone — which spans the Pacific Ocean, Caribbean Sea, and the Gulf of Mexico — in fiscal year 2015, capturing over 200,000 pounds of cocaine.

Only 5 Years?

Prison for smuggler who guided people into U.S.

Efrain Delgado Rosales had been caught with undocumented immigrants 23 times in less than 18 years

— An apparent career smuggler nabbed while guiding four undocumented immigrants through the Otay Mountains last year was sentenced Friday to five years in prison.

U.S. Border Patrol agents had caught Efrain Delgado Rosales with undocumented immigrants 23 times in less than 17 years, according to the U.S. Attorney’s Office.

His latest encounter came in November, when agents spotted the 35-year-old guiding the foursome through rugged East County terrain.

The four men told authorities that Delgado had picked them up at a stash house in Mexico, led them to the border then left them for several hours. As they waited, thieves turned up and robbed them of all of their cash — thousands of dollars.

Delgado returned and — indifferent to the robbery — guided them over the border and through the mountains. While hiking, he left behind three men who could not keep his pace.

At the begging of the fourth man, he eventually returned to collect the distressed trio, each of whom had paid $5,000 to be smuggled into the country.

The details they gave investigators about their experience with Delgado were strikingly similar to an instance in 2014, when a man smuggled into the country died while hiking in a rugged stretch of the Otay Mountains. One of his companions later identified Delgado as their guide.

Federal prosecutors said agents have apprehended Delgado 24 times since 1999, and in all but one instance, he was found with at least two and up to 46 undocumented immigrants.

*****

Brandon Judd, president of the American Federation of Government Employees National Border Patrol Council

March 21, 2016:

Obama Administration Official Confirms “Catch and Release” Policy

Border Patrol union chief tells the Judiciary Committee explosive information about the Administration’s policy of releasing unlawful immigrants into U.S.

Washington, D.C.– Following the Immigration and Border Security Subcommittee’s hearing on the ongoing surge at the southwest border, the House Judiciary Committee received information from the head of the Border Patrol union showing that a high-ranking Obama Administration official confirmed to Border Patrol agents the Administration’s policy of releasing recent border crossers with no intention of ever removing them.

In his responses to questions submitted for the record to the Committee, Brandon Judd, President of the American Federation of Government Employees National Border Patrol Council, stated that on August 26, 2015 he and two other Border Patrol agents met with Department of Homeland Security (DHS) Deputy Secretary Alejandro Mayorkas to discuss concerns about the Administration’s policy of releasing unlawful immigrants into the United States. During the meeting, Deputy Secretary Mayorkas confirmed to the agents that the Administration has no intention of removing unlawful immigrants coming to the border as part of the ongoing surge. Specifically, he stated:

“Why would we [issue a Notice to Appear to] those we have no intention of deporting? We should not place someone in deportation proceedings, when the courts already have a 3-6 year backlog.” 

This de facto policy contradicts the Obama Administration’s so-called enforcement priorities issued on November 20, 2014 by DHS Secretary Jeh Johnson. Under the guidelines, unlawful immigrants who came to the United States after January 1, 2014 and recent border crossers are deemed a priority for removal and are to be placed in deportation proceedings. However, Deputy Secretary Mayorkas’ comments to Border Patrol agents contradict the Administration’s own policies put forth by Secretary Johnson.

House Judiciary Committee Chairman Bob Goodlatte (R-Va.) issued the following statement on this information provided to the Committee:

“Not only has President Obama sought to undermine our immigration laws at every opportunity possible, now his political appointees have implemented a ‘catch and release’ policy that contradicts the Administration’s already weak enforcement priorities. Rather than take the steps necessary to end the border surge, the Obama Administration is encouraging more to come by forcing Border Patrol agents to release unlawful immigrants into the United States with no intention of ever removing them. 

“The ongoing lack of enforcement and dismantling of our immigration laws undermines both our nation’s immigration system and the American people’s faith in their government.”

What about King Midas?

El Chapo’s money man arrested in Oaxaca

OAXACA, Mexico, March 28 (UPI) A man reported to be one of drug lord Joaquin “El Chapo” Guzmán top money launderers has been arrested, Mexican Federal Police said Sunday.

Juan Manuel Alvarez Inzunza, 34, one of the top money launderers for Mexican drug lord Joaquin “El Chapo” Guzmán, was captured while vacationing in Oaxaca, Mexico by Mexican Federal Police and the Mexican Army. He is alleged to have laundered about $4 billion over the last ten years. Photo by Mexican Federal Police

Juan Manuel Alvarez Inzunza, 34, alleged to have laundered about $4 billion in the last ten years, was arrested while vacationing in the southern state of Oaxaca, police tweeted.

Police said IInzunza, nicknamed “El Rey Midas” or “King Midas”, laundered about $300 million to $400 million dollars a year from the Guzman’s Sinaloa cartel through a network of companies and currency exchange centers in Mexico, the United States, Columbia and Panama, MSN reported.

IInzunza was arrested on a provisional extradition warrant from the U.S., where he is wanted for money laundering.

Guzmán was one of the heads of the Sinaloa Cartel, considered Mexico’s most profitable drug gang. His escape from a maximum-security prison in Mexico drew world-wide attention in 2015. He was recaptured after a shootout on Jan. 8.

Hillary Violated Mahogany Row Rules

From the beginning with names and evidence, the arrogance and machinery. A big question still remains, exactly where did Hillary access top secret SAP communications, or did she ever bother? It appears she left the ‘detail’s to others.

How Clinton’s email scandal took root

WaPo: Hillary Clinton’s email problems began in her first days as secretary of state. She insisted on using her personal BlackBerry for all her email communications, but she wasn’t allowed to take the device into her seventh-floor suite of offices, a secure space known as Mahogany Row.

For Clinton, this was frustrating. As a political heavyweight and chief of the nation’s diplomatic corps, she needed to manage a torrent of email to stay connected to colleagues, friends and supporters. She hated having to put her BlackBerry into a lockbox before going into her own office.

Her aides and senior officials pushed to find a way to enable her to use the device in the secure area. But their efforts unsettled the diplomatic security bureau, which was worried that foreign intelligence services could hack her BlackBerry and transform it into a listening device.

On Feb. 17, 2009, less than a month into Clinton’s tenure, the issue came to a head. Department security, intelligence and technology specialists, along with five officials from the National Security Agency, gathered in a Mahogany Row conference room. They explained the risks to Cheryl Mills, Clinton’s chief of staff, while also seeking “mitigation options” that would accommodate Clinton’s wishes.

“The issue here is one of personal comfort,” one of the participants in that meeting, Donald Reid, the department’s senior coordinator for security infrastructure, wrote afterward in an email that described Clinton’s inner circle of advisers as “dedicated [BlackBerry] addicts.”

Clinton used her BlackBerry as the group continued looking for a solution. But unknown to diplomatic security and technology officials at the department, there was another looming communications vulnerability: Clinton’s Black­Berry was digitally tethered to a private email server in the basement of her family home, some 260 miles to the north in Chappaqua, N.Y., documents and interviews show.

Those officials took no steps to protect the server against intruders and spies, because they apparently were not told about it.

The vulnerability of Clinton’s basement server is one of the key unanswered questions at the heart of a scandal that has dogged her campaign for the Democratic presidential nomination.

Since Clinton’s private email account was brought to light a year ago in a New York Times report — followed by an Associated Press report revealing the existence of the server — the matter has been a source of nonstop national news. Private groups have filed lawsuits under the Freedom of Information Act. Investigations were begun by congressional committees and inspector general’s offices in the State Department and the U.S. Intelligence Community, which referred the case to the FBI in July for “counterintelligence purposes” after determining that the server carried classified material.

The FBI is now trying to determine whether a crime was committed in the handling of that classified material. It is also examining whether the server was hacked.

One hundred forty-seven FBI agents have been deployed to run down leads, according to a lawmaker briefed by FBI Director James B. Comey. The FBI has accelerated the investigation because officials want to avoid the possibility of announcing any action too close to the election.

The Washington Post reviewed hundreds of documents and interviewed more than a dozen knowledgeable government officials to understand the decisions and the implications of Clinton’s actions. The resulting scandal revolves around questions about classified information, the preservation of government records and the security of her email communication.

From the earliest days, Clinton aides and senior officials focused intently on accommodating the secretary’s desire to use her private email account, documents and interviews show.

Throughout, they paid insufficient attention to laws and regulations governing the handling of classified material and the preservation of government records, interviews and documents show. They also neglected repeated warnings about the security of the BlackBerry while Clinton and her closest aides took obvious security risks in using the basement server.

Senior officials who helped Clinton with her BlackBerry claim they did not know details of the basement server, the State Department said, even though they received emails from her private account. One email written by a senior official mentioned the server.

The scandal has pitted those who say Clinton was innocently trying to find the easiest way to communicate against those who say she placed herself above the law in a quest for control of her records. She and her campaign have been accused of confusing matters with contradictory and evolving statements that minimized the consequences of her actions.

Clinton, 68, declined to be interviewed. She has said repeatedly that her use of the private server was benign and that there is no evidence of any intrusion.

In a news conference last March, she said: “I opted for convenience to use my personal email account, which was allowed by the State Department, because I thought it would be easier to carry just one device for my work and for my personal emails instead of two.”

During a Democratic debate on March 9, she acknowledged using poor judgment but maintained she was permitted to use her own server: “It wasn’t the best choice. I made a mistake. It was not prohibited. It was not in any way dis­allowed.”

The unfolding story of Clinton’s basement server has outraged advocates of government transparency and mystified political supporters and adversaries alike. Judge Emmet G. Sullivan of the U.S. District Court in Washington, D.C., who is presiding over one of the FOIA lawsuits, has expressed puzzlement over the affair. He noted that Clinton put the State Department in the position of having to ask her to return thousands of government records — her work email.

“Am I missing something?” Sullivan asked during a Feb. 23 hearing. “How in the world could this happen?”

Hillary Clinton began preparing to use the private basement server after President Obama picked her to be his secretary of state in November 2008. The system was already in place. It had been set up for former president Bill Clinton, who used it for personal and Clinton Foundation business.

On Jan. 13, 2009, a longtime aide to Bill Clinton registered a private email domain for Hillary Clinton, clintonemail.com, that would allow her to send and receive email through the server.

Eight days later, she was sworn in as secretary of state. Among the multitude of challenges she faced was how to integrate email into her State Department routines. Because Clinton did not use desktop computers, she relied on her personal BlackBerry, which she had started using three years earlier.

For years, employees across the government had used official and private email accounts.

The new president was making broad promises about government transparency that had a bearing on Clinton’s communication choices. In memos to his agency chiefs, Obama said his administration would promote accountability through the disclosure of a wide array of information, one part of a “profound national commitment to ensuring an open government.” That included work emails.

One year earlier, during her own presidential campaign, Clinton had said that if elected, “we will adopt a presumption of openness and Freedom of Information Act requests and urge agencies to release information quickly.”

But in those first few days, Clinton’s senior advisers were already taking steps that would help her circumvent those high-flown words, according to a chain of internal State Department emails released to Judicial Watch, a conservative nonprofit organization suing the government over Clinton’s emails.

Leading that effort was Mills, Clinton’s chief of staff. She was joined by Clinton adviser Huma Abedin, Undersecretary Patrick Kennedy and Lewis Lukens, a senior career official who served as Clinton’s logistics chief. Their focus was on accommodating Clinton.

Mills wondered whether the department could get her an encrypted device like the one from the NSA that Obama used.

“If so, how can we get her one?” Mills wrote the group on Saturday evening, Jan. 24.

Lukens responded that same evening, saying he could help set up “a stand alone PC in the Secretary’s office, connected to the internet (but not through our system) to enable her to check her emails from her desk.”

Kennedy wrote that a “stand-alone separate network PC” was a “great idea.”

Abedin and Mills declined to comment for this article, according to Clinton spokesman Brian Fallon. Lukens also declined to comment, according to the State Department.

As undersecretary for management, Kennedy occupies a central role in Clinton’s email saga. The department acknowledged that Kennedy, as part of his normal duties, helped Clinton with her BlackBerry. But in a statement, the department said: “Under Secretary Kennedy maintains that he was unaware of the email server. Completely separate from that issue, Under Secretary Kennedy was aware that at the beginning of her tenure, Secretary Clinton’s staff was interested in setting up a computer at the Department so she could email her family during the work day.

“As we have previously made clear — no such computer was ever set up. Furthermore, Under Secretary Kennedy had very little insight into Secretary Clinton’s email practices including how ­frequently or infrequently then-Secretary Clinton used email.”

As it happened, Clinton would never have a government BlackBerry, personal computer or email account. A request for a secure device from the NSA was rebuffed at the outset: “The current state of the art is not too user friendly, has no infrastructure at State, and is very expensive,” Reid, the security official, wrote in an email on Feb. 13, adding that “each time we asked the question ‘What was the solution for POTUS?’ we were politely told to shut up and color.”

Clinton would continue to use her BlackBerry for virtually all of her government communication, but not on Mahogany Row.

Her first known BlackBerry communication through the basement server came on Jan. 28, 2009, when Clinton exchanged notes with Army Gen. David H. Petraeus, then chief of the U.S. Central Command, according to a State Department spokeswoman. It has not been released.

Few knew the details behind the new clintonemail.com address. But news about her choice to use her own BlackBerry spread quickly among the department’s diplomatic security and “intelligence countermeasures” specialists.

Their fears focused on the seventh floor, which a decade earlier had been the target of Russian spies who managed to plant a listening device inside a decorative chair-rail molding not far from Mahogany Row. In more recent years, in a series of widely publicized cyberattacks, hackers breached computers at the department along with those at other federal agencies and several major corporations.

The State Department security officials were distressed about the possibility that Clinton’s BlackBerry could be compromised and used for eavesdropping, documents and interviews show.

After the meeting on Feb. 17 with Mills, security officials in the department crafted a memo about the risks. And among themselves, they expressed concern that other department employees would follow the “bad example” and seek to use insecure BlackBerrys themselves, emails show.

As they worked on the memo, they were aware of a speech delivered by Joel F. Brenner, then chief of counterintelligence at the Office of the Director of National Intelligence, on Feb. 24 at a hotel in Vienna, Va., a State Department document shows. Brenner urged his audience to consider what could have happened to them during a visit to the recent Beijing Olympics.

“Your phone or BlackBerry could have been tagged, tracked, monitored and exploited between your disembarking the airplane and reaching the taxi stand at the airport,” Brenner said. “And when you emailed back home, some or all of the malware may have migrated to your home server. This is not hypothetical.”

At the time, Clinton had just returned from an official trip that took her to China and elsewhere in Asia. She was embarking on another foray to the Middle East and Europe. She took her BlackBerry with her.

In early March, Assistant Secretary for Diplomatic Security Eric Boswell delivered a memo with the subject line “Use of Blackberries in Mahogany Row.”

“Our review reaffirms our belief that the vulnerabilities and risks associated with the use of Blackberries in the Mahogany Row [redacted] considerably outweigh the convenience their use can add,” the memo said.

He emphasized: “Any unclassified Blackberry is highly vulnerable in any setting to remotely and covertly monitoring conversations, retrieving e-mails, and exploiting calendars.”

Nine days later, Clinton told Boswell that she had read his memo and “gets it,” according to an email sent by a senior diplomatic security official. “Her attention was drawn to the sentence that indicates (Diplomatic Security) have intelligence concerning this vulnerability during her recent trip to Asia,” the email said.

But Clinton kept using her private BlackBerry — and the basement server.

The server was nothing remarkable, the kind of system often used by small businesses, according to people familiar with its configuration at the end of her tenure. It consisted of two off-the-shelf server computers. Both were equipped with antivirus software. They were linked by cable to a local Internet service provider. A firewall was used as protection against hackers.

Few could have known it, but the email system operated in those first two months without the standard encryption generally used on the Internet to protect communication, according to an independent analysis that Venafi Inc., a cybersecurity firm that specializes in the encryption process, took upon itself to publish on its website after the scandal broke.

Not until March 29, 2009 — two months after Clinton began using it — did the server receive a “digital certificate” that protected communication over the Internet through encryption, according to Venafi’s analysis.

It is unknown whether the system had some other way to encrypt the email traffic at the time. Without encryption — a process that scrambles communication for anyone without the correct key — email, attachments and passwords are transmitted in plain text.

“That means that anyone could have accessed it. Anyone,” Kevin Bocek, vice president of threat intelligence at Venafi, told The Post.

The system had other features that made it vulnerable to talented hackers, including a software program that enabled users to log on directly from the World Wide Web.

Four computer-security specialists interviewed by The Post said that such a system could be made reasonably secure but that it would need constant monitoring by people trained to look for irregularities in the server’s logs.

“For data of this sensitivity . . . we would need at a minimum a small team to do monitoring and hardening,” said Jason Fossen, a computer-security specialist at the SANS Institute, which provides cybersecurity training around the world.

The man Clinton has said maintained and monitored her server was Bryan Pagliano, who had worked as the technology chief for her political action committee and her presidential campaign. It is not clear whether he had any help. Pagliano had also provided computer services to the Clinton family. In 2008, he received more than $5,000 for that work, according to financial disclosure statements he filed with the government.

In May 2009, with Kennedy’s help, Pagliano landed a job as a political employee in the State Department’s IT division, documents and interviews show. It was an unusual arrangement.

At the same time, Pagliano apparently agreed to maintain the basement server. Officials in the IT division have told investigators they could not recall previously hiring a political appointee. Three of Pagliano’s supervisors also told investigators they had no idea that Clinton used the basement server or that Pagliano was moonlighting on it.

Through an attorney, Pagliano declined a request from The Post for an interview. He also refused a request from the Senate Judiciary and Homeland Security and Governmental Affairs committees to discuss his role. On Sept. 1, 2015, his attorney told the committees that he would invoke his Fifth Amendment rights if any attempt was made to compel his testimony. He was later given immunity by the Justice Department in exchange for his cooperation, according to articles in the New York Times and The Post.

In a statement, Clinton’s campaign said the server was protected but declined to provide technical details. Clinton officials have said that server logs given to authorities show no signs of hacking.

“The security and integrity of her family’s electronic communications was taken seriously from the onset when it was first set up for President Clinton’s team,” the statement said. “Suffice it to say, robust protections were put in place and additional upgrades and techniques employed over time as they became available, including consulting and employing third party experts.”

The statement added that “there is no evidence there was ever a breach.”

The number of emails moving through the basement system increased quickly as Hillary Clinton dove into the endless details of her globetrotting job. There were 62,320 in all, an average of 296 a week, nearly 1,300 a month, according to numbers Clinton later reported to the State Department. About half of them were work-related.

Her most frequent correspondent was Mills, her chief of staff, who sent thousands of notes. Next came Abedin, the deputy chief of staff, and Jacob Sullivan, also a deputy chief of staff, according to a tally by The Post.

The majority went to two dif­ferent addresses that Clinton sometimes used interchangeably on a single chain of email, [email protected] and [email protected], making it immediately apparent that the emails were not coming from or going to a government address.

Most of her emails were routine, including those sent to friends. Some involved the coordination of efforts to bring aid to Haiti by the State Department and her husband’s New York-based Clinton Foundation — notes that mixed government and family business, the emails show.

Others involved classified matters. State Department and Intelligence Community officials have determined that 2,093 email chains contained classified information. Most of the classified emails have been labeled as “confidential,” the lowest level of classification. Clinton herself authored 104 emails that contained classified material, a Post analysis later found.

Before the server received a digital certificate marking the use of standard encryption, Clinton and her aides exchanged notes touching on North Korea, Mexico, Afghanistan, military advisers, CIA operations and a briefing for Obama.

Clinton adviser Philippe Reines wrote a note to her about Afghanistan President Hamid Karzai. Reines started his note by reminding Clinton that Reines’s “close friend Jeremy Bash is now [CIA Director Leon E.] Panetta’s Chief of Staff.” The rest of the note was redacted before release, under grounds that it was national-security-sensitive.

On Sunday, March 29, 2009, just hours before standard encryption on the server began, Sullivan emailed Clinton a draft of a confidential report she was to make to Obama. “Attached is a draft of your Mexico trip report to POTUS,” Sullivan wrote.

In the high-pressure world of diplomacy, the sharing of such material had been a discreet but common practice for many years. Officials who manage problems around the clock require a never-ending flow of incisive information to make timely decisions.

Not all classified material is equally sensitive. Much of it involves discussions about foreign countries or leaders, not intelligence sources and methods. Working with classified materials can be cumbersome and, in the case of low-level classification, annoying.

On Feb. 10, 2010, in an exchange with Sullivan, Clinton vented her frustration one day when she wanted to read a statement regarding José Miguel Insulza, then secretary general of the Organization of American States. Sullivan wrote that he could not send it to her immediately because the department had put it on the classified network.

“It’s a public statement! Just email it,” Clinton shot back, just moments later.

“Trust me, I share your exasperation,” Sullivan wrote. “But until ops converts it to the unclassified email system, there is no physical way for me to email it. I can’t even access it.”

Early on June 17, 2011, Clinton grew impatient as she waited for “talking points” about a sensitive matter that had to be delivered via a secure line.

“They say they’ve had issues sending secure fax. They’re working on it,” Sullivan wrote his boss.

Clinton told him to take a shortcut.

“If they can’t, turn into nonpaper w no identifying heading and send nonsecure,” she said.

Clinton spokesman Fallon said she was not trying to circumvent the classification system.

“What she was asking was that any information that could be transmitted on the unclassified system be transmitted,” he said. “It is wrong to suggest that she was requesting otherwise. The State Department looked into this and confirmed that no classified material was sent through a non-secure fax or email.”

Security remained a constant concern. On June 28, 2011, in response to reports that Gmail accounts of government workers had been targeted by “online adversaries,” a note went out over Clinton’s name urging department employees to “avoid conducting official Department business from your personal email accounts.”

But she herself ignored the warning and continued using her BlackBerry and the basement server.

In December 2012, near the end of Clinton’s tenure, a nonprofit group called Citizens for Responsibility and Ethics in Washington, or CREW, filed a FOIA request seeking records about her email. CREW received a response in May 2013: “no records responsive to your request were located.”

Other requests for Clinton records met the same fate — until the State Department received a demand from the newly formed House Select Committee on Benghazi in July 2014. The committee wanted Clinton’s email, among other things, to see what she and others knew about the deadly attack in Libya and the response by the U.S. government.

Officials in the department’s congressional affairs office found some Clinton email and saw that she had relied on the private domain, not the department’s system.

Secretary of State John F. Kerry resolved to round up the Clinton emails and deliver them to Congress as quickly as possible. Department officials reached out to Clinton informally in the summer of 2014. On Oct. 28, 2014, the department contacted Clinton and the offices of three other former secretaries — Madeleine K. Albright, Condoleezza Rice and Colin L. Powell — asking if they had any email or other federal records in their possession.

Albright and Rice said they did not use email while at State. Powell, secretary of state from 2001 to 2005, had a private email account through America Online but did not retain copies of his emails. The inspector general for the State Department found that Powell’s personal email account had received two emails from staff that contained “national security information classified at the Secret or Confidential levels.”

Clinton lawyer David Kendall later told the State Department that her “use of personal email was consistent with the practices of other Secretaries of State,” citing Powell in particular, according to a letter he wrote in August.

But Powell’s circumstances also differed from Clinton’s in notable ways. Powell had a phone line installed in his office solely to link to his private account, which he generally used for personal or non-classified communication. At the time, he was pushing the department to embrace the Internet era and wanted to set an example.

“I performed a little test whenever I visited an embassy: I’d dive into the first open office I could find (sometimes it was the ambassador’s office). If the computer was on, I’d try to get into my private email account,” Powell wrote in “It Worked for Me: In Life and Leadership.” “If I could, they passed.”

Powell conducted virtually all of his classified communications on paper or over a State Department computer installed on his desk that was reserved for classified information, according to interviews. Clinton never had such a desktop or a classified email account, according to the State Department.

On Dec. 5, 2014, Clinton lawyers delivered 12 file boxes filled with printed paper containing more than 30,000 emails. Clinton withheld almost 32,000 emails deemed to be of a personal nature.

The department began releasing the emails last May, starting with some 296 emails requested by the Benghazi committee. In reviewing those emails, intelligence officials realized that some contained classified material.

Clinton and her campaign have offered various responses to questions about the classifications. At first, she flat-out denied that her server ever held any. “There is no classified material,” she said at a March 10, 2015, news conference.

Her campaign later released a statement saying she could not have known whether material was classified, because it was not labeled as such. “No information in Clinton’s emails was marked classified at the time she sent or received them,” the statement said.

Clinton has also suggested that many of the emails were classified as a formality only because they were being prepared for release under a FOIA request. Her campaign has said that much of the classified material — in emails sent by more than 300 individuals — came from newspaper accounts and other public sources.

“What you are talking about is retroactive classification,” she said during a recent debate. “And I think what we have got here is a case of overclassification.” Her statement appears to conflict with a report to Congress last year by inspectors general from the State Department and the group of spy agencies known as the Intelligence Community. They made their report after the discovery that four emails, from a sample of 40 that went through her server, contained classified information.

“These emails were not retro­actively classified by the State Department,” the report said. “Rather these emails contained classified information when they were generated and, according to IC classification officials, that information remains classified today. This classified information should never have been transmitted via an unclassified personal system.”

One of those four emails has since been declassified and released publicly by the State Department. The department has questioned the classification of another of those emails.

Twenty-two emails discovered later were deemed so highly classified that they were withheld in their entirety from public release. “They are on their face sensitive and obviously classified,” Rep. Chris Stewart (R-Utah), a member of the House Permanent Select Committee on Intelligence, told The Post. “This information should have been maintained in the most secure, classified, top-secret servers.”

Fallon pointed out that none of those emails originated with Clinton, something that he said Dianne Feinstein (D-Calif.), the Senate Select Intelligence Committee vice chairman, has noted. “We strongly disagree with the decision to withhold these emails in full,” he said.

Under Title 18, Section 1924, of federal law, it is a misdemeanor punishable by fines and imprisonment for a federal employee to knowingly remove classified information “without authority and with the intent to retain such documents or materials at an unauthorized location.”

Previous cases brought under the law have required proof of an intent to mishandle classified information, a high hurdle in the Clinton case.

The basement server also put Clinton at risk of violating laws and regulations aimed at protecting and preserving government records.

In a statement, Clinton’s campaign said she had received “guidance regarding the need to preserve federal records” and followed those rules. “It was her practice to email government employees on their ‘.gov’ email address. That way, work emails would be immediately captured and preserved in government ­record-keeping systems,” the statement said.

Fallon said that “over 90 percent” of the more than 30,000 work-related emails “were to or from government email accounts.”

Specialists interviewed by The Post said her practices fell short of what laws and regulations mandated. Some of those obligations were spelled out a few months before Clinton took office in National Archives and Records Administration Bulletin 2008-05, which said every email system was supposed to “permit easy and timely retrieval” of the records.

The secretary of state’s work emails are supposed to be preserved permanently. In addition, rules also mandated that permanent records are to be sent to the department’s Records Service Center “at the end of the Secretary’s tenure or sooner if necessary” for safekeeping.

Under Title 18, Section 2071, it is a misdemeanor to take federal records without authorization, something that is sometimes referred to as the “alienation” of records. The law is rarely enforced, but a conviction can carry a fine or imprisonment.

Jason R. Baron, a former director of litigation at the National Archives and Records Administration, told the Senate Judiciary Committee last year he believed that Clinton’s server ran afoul of the rules. In a memo to the committee, Baron wrote that “the setting up of and maintaining a private email network as the sole means to conduct official business by email, coupled with the failure to timely return email records into government custody, amounts to actions plainly inconsistent with the federal recordkeeping laws.”

On May 19, 2015, in response to a FOIA lawsuit from the media organization Vice News, U.S. District Judge Rudolph Contreras ordered all the email to be released in stages, with re­dactions.

One notable email was sent in August 2011. Stephen Mull, then serving as the department’s executive secretary, emailed Abedin, Mills and Kennedy about getting a government-issued BlackBerry linked to a government server for Clinton.

“We are working to provide the Secretary per her request a Department issued Blackberry to replace personal unit, which is malfunctioning (possibly because of her personal email server is down.) We will prepare two version for her to use — one with an operating State Department email account (which would mask her identity, but which would also be subject to FOIA requests).”

Abedin responded decisively.

“Steve — let’s discuss the state blackberry. doesn’t make a whole lot of sense.”

Fallon said the email showed that the secretary’s staff “opposed the idea of her identity being masked.”

Last month, in a hearing about a Judicial Watch lawsuit, U.S. District Judge Sullivan cited that email as part of the reason he ordered the State Department produce records related to its initial failures in the FOIA searches for Clinton’s records.

Speaking in open court, Sullivan said legitimate questions have been raised about whether Clinton’s staff was trying to help her to sidestep FOIA.

“We’re talking about a Cabinet-level official who was accommodated by the government for reasons unknown to the public. And I think that’s a fair statement: For reasons heretofore unknown to the public. And all the public can do is speculate,” he said, adding: “This is all about the public’s right to know.”