During her first three months in office, all of former Secretary of State Hillary Clinton's official emails, which she sent from a personal server based at her home, were unencrypted, new research has found.
According to Forbes, it wasn't until the end of March 2009 that a digital certificate to verify the authenticity of her server was installed on her network, a lapse that left the account highly vulnerable to hacking.
The research by Venafi's also found that even after the encryption was installed, only access to the server was encrypted, not the emails themselves.
During her
press conference on Tuesday to address the controversy surrounding her email, Clinton mentioned the issue of security, saying that she did not email any classified information and that the account had never been compromised.
But, according to Forbes, there is no way to verify these claims.
Not even the "most sophisticated security organizations" and Fortune 500 companies are able to make this kind of claim, Kevin Bocek, vice president of Security Strategy and Threat Intelligence at Venafi, told Forbes. "Even though they believe they aren't compromised, they often find out that they are."
According to research by Venafi, it would have been easy to compromise Clinton's email account, particularly during her first three months as secretary of state. And without a digital certificate verifying her account, her email could have been spoofed and used to spread malware.
Meanwhile, the lack of encryption means that the account could have been spied on without much difficulty, particularly in places like China, Forbes said.
"Those three months were really risky times especially given the travel of the secretary," Bocek said. "Certainly traveling to China raises a lot of concern." Clinton traveled widely in her first three months as secretary, visiting Turkey, Japan, Israel, Indonesia and Korea, among other countries, as well as China, Forbes reported.
Not only could the account have been compromised, but it also could have been used to damage other sensitive high-level accounts.
"Critical communication with foreign heads of state are not only at risk but this email account could be used to further infiltrate this government's," Patrick Peterson, CEO of Agari, told Forbes.
In addition, Clinton's account could have become a "carrier of cyber disease," Tom Kellermann, chief cybersecurity officer at TrendMicro, told Forbes, noting that it could have been used to spread malware.