The call lasted several minutes, as Hawkins outlined in somewhat cryptic terms the bureau’s concerns about the breach. He wanted to know whether the committee had detected the intrusion on its own and done anything about it. Tamene hesitantly acknowledged that the committee had endured some phishing attacks, but dodged detailed questions about the organization’s staff and systems. Hawkins then offered the first hint—although an indirect one—that the bureau suspected Russia. Check for malware associated with “the Dukes,” he said, an industry nickname for the hacking group with ties to Moscow. Tamene seemed unfamiliar with the moniker but agreed to have a look. After hanging up, he and a colleague did a quick internet search, read up on the group’s methods, and performed a cursory search of DNC log files. They found nothing and Tamene couldn’t help wondering whether he had fallen for a prank. Tamene informed his supervisor, Andrew Brown, the DNC’s chief technology officer, of the incident.
The disconnect persisted through subsequent interactions—that is, when both sides managed to connect at all. In October, two months after he first called the DNC, Hawkins left a series of voice mails for Tamene, who ignored them, later explaining he had nothing new to report. Behind the scenes, he appealed to Brown for help, telling him, “We need better tools or better people.” A month later, in November, the FBI agent finally got through, only to be told by Tamene that the DNC network appeared clean. Hawkins countered by again providing the DNC address, saying it was “calling home” to Russia. Tamene took this warning more seriously. He and his team began exploring whether there were gaps in the DNC’s defenses—bad search parameters, problems with the firewall—that were preventing the IT department from detecting the intrusion. But again, his follow-up checks yielded no evidence of compromise. It would later turn out that the FBI’s internal deliberations were so slow that by the time Hawkins had permission to pass along one IP address, the Russians had switched to another.
All of this back-and-forth had given Russia’s hackers another three months inside the DNC servers. In all that time, the FBI’s Hawkins had not seen fit to raise the matter with top officials at the DNC. Nor did they learn at this stage from their own staff: because of the tech team’s failure to find evidence of the hack, Brown evidently felt no need to sound internal alarms.
The bureau’s failure to contact a single official above Tamene would later be deemed by the DNC to be an unfathomable lapse. The FBI, for its part, felt it had tried repeatedly to warn the committee—in fact, Hawkins was so frustrated by the difficulty in getting through that in December 2015, he went to the low-slung DNC building on a quiet street two and a half blocks south of the Capitol. He asked the security guard in the lobby to be on the lookout for Tamene, and to stop him and have him call the bureau.
After months of frustration, the FBI pushed for a face-to-face meeting. In February 2016, Hawkins, Tamene, and two of his IT colleagues arrived at Joe’s Cafe, in Sterling, Virginia, thirty miles west of the DNC’s Washington office, but a ten-minute drive from the DNC’s data center in Loudoun County.
There in Joe’s Cafe, Tamene’s lingering uncertainty about Hawkins’s FBI credentials finally subsided when the agent produced his badge. More important, Hawkins also produced a set of computer logs from a day in December showing precise time stamps that enabled the DNC to narrow its search for suspicious activity. He listed penetrations of other targets by the Dukes and recommended a tool that could help detect intruders on DNC systems. In a February 18 email, Hawkins even provided IP addresses associated with the DNC intrusions—data that traced the attack back to its origin in Russia.
AFTER FINALLY CONVINCING THE DNC TECH TEAM THAT THE breach was real, Hawkins urged them not to block those Russian incursions. Take modest steps to protect sensitive data, he said, but don’t disrupt the correspondence between the two systems or make any moves that would let Russia know its operation had been discovered. Though counterintuitive, this would allow further monitoring and avoid sending the hackers into hiding or, in a worst-case scenario, wiping the system of data to cover their tracks—leaving a barren, broken network. But it also left more time for Russia to make off with more data.
Tamene and his team went back to search their firewall logs. Again, nothing. They continued to wonder whether it was all a hoax, mischievous hackers merely “spoofing” DNC addresses online and making the FBI think the committee’s defenses had been pierced. Nevertheless, for the next couple of months, the FBI continued to alert the DNC about possible intrusions. In March, one of Hawkins’s colleagues, FBI special agent Lafayette Garrett, emailed the DNC tech team twice, alerting them to phishing attempts aimed at committee staffers; thus prompted, the committee’s tech team was able to repel the forays. A month later, Hawkins asked Tamene for copies of computer logs that might help the FBI see which IP addresses were connecting to the DNC network. Tamene said he needed to ask the DNC’s lawyers.
On April 26, Hawkins was put in touch with Michael Sussmann, a former prosecutor who handles cyber cases at the DNC’s law firm in Washington, Perkins Coie. Sussmann urged DNC executives to approve the FBI’s request, saying that the logs would be part of a classified investigation and kept from the public. “They really are helping you,” he explained in an internal email. But by then it was already too late. Critical opportunities to contain the damage had been squandered—by FBI agents who took too long to get past the DNC help desk and by committee staff who failed to grasp the growing danger or get the attention of committee executives.
AS ALL OF THIS WAS GOING ON, HILLARY CLINTON WAS BEING PUMMELED by additional digital trauma.
Clinton’s use of a private email account while serving as the nation’s top diplomat between 2009 and 2013 had been a self-inflicted political wound that hobbled her candidacy from the outset. The practice had been unearthed by Republicans as part of an intensely partisan congressional inquiry into one of the most tragic events of Clinton’s State Department tenure—a 2012 attack on two American compounds in Benghazi, Libya, in which the U.S. ambassador, J. Christopher Stevens, and three other Americans were killed.
Congress is equipped with an array of oversight committees to investigate such events, and a whopping seven of them did. They found security breakdowns and unheeded warnings but no evidence to substantiate incendiary claims that the Obama administration had blocked a viable rescue mission or engaged in a cover-up. The Republican leadership, however, created an additional panel—the House Select Committee on Benghazi—with a deep budget, broad authority, and cynical mission that was inadvertently revealed long afterward by one of its architects.
“Everybody thought Hillary Clinton was unbeatable, right?” House majority leader Kevin McCarthy, a California Republican, said in a Fox News interview in September 2015 as the presidential campaign was heating up.[1] “But we put together a Benghazi special committee, a select committee. What are her numbers today? Her numbers are dropping. Why? Because she’s untrustable. But no one would have known any of that had happened, had we not fought.”
The Benghazi committee was by no means the first to politicize a catastrophic event overseas, but the effectiveness with which it did so altered the dynamic in Washington. The name of the coastal Libyan city became a political shorthand—like Watergate or Whitewater—for a scandal that Clinton couldn’t shake. But it wasn’t any particular decision she had made about State Department personnel or facilities in Benghazi that proved most politically damaging. Instead it was the committee’s discovery as it assembled documents that Clinton had used a private email server while serving as secretary, and that the department had only a portion of her official correspondence.
Russia undoubtedly took note of this dynamic as it mounted its election interference campaign. And many of the partisan impulses that were sharpened by the Benghazi experience would resurface in 2016, impeding the United States’ ability to deliver a united response.
Clinton’s use of a nongovernment email server—@clintonemail.com—had first been revealed in 2013 by a Romanian hacker who went by the name Guccifer. But the committee zealously dug further into the matter. Led by South Carolina Republican and former federal prosecutor Trey Gowdy, the panel noticed that messages to and from the secretary were being routed not through classified State Department