Sign in Subscribe

John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt

Kim Zetter

7 min read
comment-1 Created with Sketch Beta.
John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt
Former US National Security Advisor John Bolton meeting Russian President Vladimir Putin in June 2018. (Photo: The Office of the President of the Russian Federation)

The investigation into former national security advisor John Bolton's handling of classified material stemmed in part from an admission Bolton made to the FBI in July 2021 that hackers – believed to be from Iran – had breached his private AOL email account and tried to extort him over classified information contained in it.

The breach was reported last month by CNN following a law enforcement search of Bolton's office and home in August. But it was based on a redacted search warrant affidavit in which details around the hacking incident were blacked out and only a header was visible: "Hack of Bolton AOL Account by Foreign Entity."

The indictment of Bolton released Thursday has now provided details of the breach as well as how Bolton found himself in the position of being extorted after regularly sending what prosecutors say was top-secret information to his wife and daughter via email and encrypted chat. Prosecutors say Bolton did this regularly over the fifteen short months he was in the job – often sending excited messages with multiple exclamation points and 10- to 25-page documents containing information about discussions he had in the White House Situation Room or detailing information he learned in other meetings.

The indictment includes a number of interesting details I haven't seen reported elsewhere yet, so I thought I'd go over the contents of the indictment here.

Bolton used this communication, prosecutors say, as a kind of diary that he was keeping in order to eventually write a book about his experience as national security advisor. Prosecutors say Bolton took detailed handwritten notes on yellow notepads throughout his workday at the White House and in other secure locations and then transcribed them on a computer and sent them to his wife and daughter via AOL or Gmail accounts or via an encrypted messaging app. In some cases, either Bolton or his wife or daughter printed out some of the emails, and these printouts were still in Bolton's home when law enforcement searched it in August.

He sent his two family members more than a thousand pages of information about his day-to-day activities, prosecutors say, "including information relating to the national defense which was classified up to the TOP SECRET/SCI level." The indictment doesn't identify the recipients – only indicating they were two people related to Bolton – but CNN has reported they were his wife and daughter. Bolton enlisted them as informal editors to help him shape the notes he sent them. But at times, the indictment shows, they also tasked him with missions to get specific information, suggested actions he might take in his work, and expressed frustration or disappointment when he didn't send them information they anticipated.

For example, in December 2018, Bolton sent them a 15-page document that contained information about an individual who had been arrested in a foreign country. One of the recipients – it's not clear if it was his wife or daughter – expressed disappointment that he hadn't sent information about the administration's "sentiment" about the arrest. Bolton allegedly replied, "I'm working on it!"

A couple of days later, the correspondent told Bolton that the arrested individual was apparently in the process of being interrogated by law enforcement in the country where they were arrested, and that a relative of the individual would be in DC. She suggested it might be "useful to get him in front of [senior U.S. Government official] or anyone else."

At some point between September 2019 when Trump fired Bolton via Twitter, and July 2021, someone hacked into Bolton's AOL email account and obtained the correspondence he'd sent his wife and daughter and then tried to extort him. Prosecutors say that Bolton believed Iran was behind the breach, although there's nothing in the indictment to indicate why they attributed it to the Islamic Republic.

Bolton was national security advisor to Trump from April 2018 to
September 2019, and immediately after taking the job he began sending his wife and daughter the transcripts of notes he was keeping while on the job. On April 8, 2018, the day before he began his national security job, he and his wife and daughter had created a group chat specifically to do this. His wife or daughter asked in the chat why they were using the messaging app: "Why are we using this now? The encryption?" The other family member replied "Yup. Why not?" And Bolton added, "For Diary in the future!"

Over the subsequent weeks and months he sent them large attachments ranging between 10 and 25 pages as he received military and intelligence briefings and went on official travel. On July 23, 2018, Bolton sent them a 24-page document describing information he had learned on his job, and followed up with a message saying: "None of which we talk about!!!" His wife or daughter replied: "Shhhhh."

Almost immediately after Trump fired Bolton on September 10, 2019, Bolton began compiling the notes he'd taken – including the ones he'd sent to his wife and daughter – into a book. "Dramatic ending," his wife or daughter wrote to the group after his firing. "But will there be a new diary." The other member of the group replied: "Nope on diary. Now bookwriting."

The day after Bolton was fired, his literary agent sent an email to a book publisher describing the manuscript her client was writing, saying it would be written "in a ‘meticulously observed manner with direct quotes from all parties based on contemporaneous notes." Bolton reportedly received a $2 million advance for the book. He had already done so much writing by the time he left his job, that he was able to deliver the manuscript to the publisher on December 30, a little over three months after he was fired.

Bolton submitted the book to the National Security Council to review around the same time he sent it to his publisher – national security officials are required to submit their manuscripts to the government for advance review to determine if any classified information is in them that needs to be removed. Bolton was told his book did contain a significant amount of highly classified material. The indictment notes that Bolton removed this material from the book before it was published six months later. But he failed to wait to receive an approval letter from the government – a requirement – before he published.

As the release date for his book approached the following spring, the Justice Department filed an injunction to block publication of the book, but failed. So the Justice Department sued Bolton in an attempt to seize his earnings from the book. A year later in June 2021, it agreed to dismiss the civil suit on condition that Bolton sign an agreement to hand over to the government any material in his possession or control that might contain classified information.

Bolton signed the settlement agreement on June 16, but on July 6 a representative for Bolton sent an email to the FBI revealing that Bolton's personal email account had been hacked.

"Evidently someone has gotten into Amb. Bolton's" personal email account, the representative wrote, and "it looks as though it is someone in Iran..." The person didn't indicate how they came to the conclusion that Iran, or someone in Iran, was behind it. The indictment does not reveal how or when Bolton discovered the hack, but the hacker may have communicated directly with Bolton. Because on July 25th, weeks after reaching out to the FBI, Bolton and his representative received what appears to be an extortion email from the hacker, suggesting perhaps that the person knew Bolton had contacted the FBI about the breach. The person wrote:

"I do not think you would be interested in the FBI being aware of the leaked content of John’s email (some of which have been attached). Especially after the recent acquittal.
This could be the biggest scandal since Hilary's emails were leaked, but this time on the GOP side!
Contact me before it's too late..."

The indictment doesn't indicate if the hacker was seeking money or anything else from Bolton.

Bolton's representative sent the hacker's message to the FBI on July 28, indicating that they were just sending the text of the extortion email and "not the documents [the hacker] attached since there might be sensitive information in them)."

A day later, Bolton's representative followed up with another email to the FBI informing the bureau that Bolton would be deleting the contents of the hacked email account.

On August 5th, the hacker sent another missive to Bolton: "OK John ... As you want (apparently), we'll disseminate the expurgated sections of your book by reference to your leaked email." The hacker also wrote, "Good luck Mr. Mustache!"

The message suggests the hacker had possession of the classified portions of Bolton's book that he had removed from it before publication. The indictment does not indicate if the hacker possessed documents containing classified information that Bolton had sent his wife and daughter, but the implication is that the hacker had these as well as deleted book passages. However, at no point in his communication with the FBI, prosecutors say, did Bolton's representative reveal that the hacked AOL account contained classified information that Bolton had shared with his wife and daughter during the time he was national security advisor and that the hacker may have obtained this.

The following year, the FBI launched a formal investigation into the hack, believing the email account likely did contain classified information that Bolton illegally shared. Prosecutors obtained warrants to get the contents of Bolton’s AOL and Gmail accounts. But the investigation progressed slowing, CNN reports, because data from the accounts had to be reviewed by the intelligence community and also processed through a special filter team at the Justice Department whose job it was to pull out any confidential attorney-client records that might be in the accounts, since Bolton was a lawyer and may have used the accounts to communicate with clients.

So what was the nature of the information that Bolton sent to his wife and daughter via unencrypted email or encrypted messaging chat? The government lists the following in the indictment:

Share this post: