In September 2016, Reddit users engaged in a collaborative effort to preserve and secure what they believe is evidence that a fellow user posting under the screen name stonetear, who had sought technical advice about stripping addresses from e-mail messages, is actually Paul Combetta — an employee of Platte River Networks, the company that managed Hillary Clinton’s infamous private e-mail server. Combetta allegedly sought questionable advice via Reddit about stripping out a “very VIP’s e-mail address from a bunch of archived email” during times crucial to the Clinton e-mail investigation in 2014 and 2015.
On 18 September 2016, a Twitter user published a galvanizing tweet suggesting Combetta was u/stonetear:
— Katica (@GOPPollAnalyst) September 19, 2016
Establishing a clear timeline of developments was difficult due to the number of subreddits concurrently involved in what immediately became a pick-up investigation. A highly-upvoted post submitted to r/The_Donald (a community of Donald Trump supporters) on 19 September 2016 included a screenshot of a post widely referenced as the most damning evidence Combetta and u/stonetear were the same person:
The since-deleted, 24 July 2014 post published by u/stonetear read:
Hello all — I may be facing a very interesting situation where I need to strip out a VIP’s (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don’t want the VIP’s email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out. I am not sure if something like this is possible with PowerShell, or exporting all of the emails to MSG and doing find/replaces with a batch processing program of some sort. Does anyone have experience with something like this, and/or suggestions on how this might be accomplished?
Commenters on that July 2014 post pointed out that the advice sought was technically infeasible and legally questionable:
After interest in u/stonetear’s true identity escalated sharply on 18 September 2016, Reddit users rushed to archive “everything [they could]” as stonetear’s posts began disappearing. Fellow Redditors quickly preserved as much of u/stonetear’s rapidly vanishing comment history as they could
Page 1: http://archive.is/WJtMh
Page 2: http://archive.is/fN627
Page 3: http://archive.is/UlqGx
Page 4: http://archive.is/WqKHV
Page 5: http://archive.is/fvnYL
Page 6: http://archive.is/sj3br
Page 7: http://archive.is/7T1Py
Page 8: http://archive.is/qYE6o
Page 9: http://archive.is/TJYxP
Page 10: http://archive.is/27VD4
Other Redditors posted animated GIFs of u/stonetear’s deletions as they purportedly occurred:
Redditors combined a list of possible connections between the Redditor Stonetear and Combetta. First, Combetta apparently uses a Gmail address email@example.com. This is indicated on a webpage advertising how to download a help file for a video game. At the end of the webpage, a message reads: “I am extremely grateful to Paul Combetta for hosting these files. If you have problems downloading the zip, you are welcome to e-mail him at firstname.lastname@example.org.” A 2002 forum post on Slashdot (archived here) shows someone named Stonetear saying he’s contracted by the state government.
According to Motherboard, a Google Account profile for email@example.com also showed a photo that looked a lot like Combetta. Other indications included that the username Stonetear had posted on Reddit about losing a dog in Narrangansett and Intelius showed that Combetta had lived in Narrangansett. There’s also an Etsy page for a Stonetear that’s owned by someone named Paul Combetta. There’s a Stonetear Steam profile with a photo that resembles Combetta, users on Reddit discovered. And the inactive website combetta.com is registered to firstname.lastname@example.org, Reddit users discovered. You can read a detailed Reddit discussion about the whole thing here or here.
It didn’t take long for the compelling story to filter from Reddit to the media. On 19 September 2016, news outlets began covering what appeared to be a strong circumstantial tie between Combetta and the Reddit account in question (as well as information aligning the dates of posts of interest to developments in the timeline of the Clinton e-mail controversy):
The evidence connecting Combetta to the account is circumstantial, but also voluminous … And, perhaps most damningly, there are the dates.
On July 24, 2014, stonetear posted to reddit … Stonetear posted to reddit on Dec. 10, 2014 [for advice about 60-day e-mail retention.]
On July 23, 2014, the House Select Committee on Benghazi had reached an agreement with the State Department on the production of records, according to an FBI report released earlier this month on the bureau’s probe of her email use … The FBI report says that Cheryl Mills, a longtime Clinton aide and attorney, requested in December 2014 that the email retention policy be shortened to 60 days. The FBI report says Mills “instructed [redacted] to modify the email retention policy on Clinton’s clintonemail.com e-mail account” but that “according to [redacted] he did not make these changes to Clinton’s clintonemail.com account until March 2015.”
By 20 September 2016, the controversy had reached Congress. The House Committee on Science, Space, and Technology issued a press release and letter [PDF] announcing their intent to interview Combetta:
House Committee on Science, Space, and Technology Chairman Lamar Smith (R-Texas) yesterday sent a letter reiterating his request for transcribed interviews with Platte River Networks employees in light of new information regarding the role of a key employee in managing Secretary Clinton’s private email server. Yesterday reports surfaced indicating a Platte River Networks employee, Paul Combetta, sought help from reddit.com users on how to strip a “VERY VIP’s” email address from archived emails he maintained at the time.
“If true, these details raise new questions as to whether Platte River Networks purposefully defied legal document retention requirements. Further, it is unclear if the Federal Bureau of Investigation was aware of these facts at the time of their investigation. By speaking with Platte River Networks employees, including Paul Combetta, the Committee will be able to provide clarity to these outstanding questions directly related to its investigation,” the letter states.
“Additionally, I am concerned that Mr. Combetta may have made an attempt to delete relevant posts, including the post mentioned above, from his reddit.com username just hours after reports initially surfaced on September 19, 2016, about his request for assistance on deleting email addresses from archived emails. This raises significant concerns that materials directly related to the Committee’s investigation and responsive to its outstanding requests are being actively destroyed in an attempt to conceal relevant information from coming to light,” Smith continues.
The committee initially requested transcribed interviews with seven Platte River Networks Employees on July 12. Committee staff has attempted to schedule the interviews through email on four separate occasions, and by phone on at least three occasions. Yesterday’s letter requests dates for the interviews be provided by Friday, September 23.
That same day, the Committee issued a separate press release announcing additional efforts to obtain documentation regarding Clinton’s e-mail activities from the Federal Bureau of Investigation (FBI):
House Committee on Science, Space, and Technology Chairman Lamar Smith (R-Texas) today issued a subpoena to FBI Director James Comey for documents and information related to the security of former Secretary of State Hillary Clinton’s private email account and server. The committee requested these documents in a Sept. 9 letter. Director Comey has failed to produce any documents pursuant to the previous request.
As Chairman Smith stated in a recent hearing before the Oversight and Government Reform Committee, the Science Committee has jurisdiction to evaluate the “way in which Executive Branch departments and agencies and private entities can improve their cybersecurity.”
The committee is convinced that former Secretary Clinton’s unusual server and network arrangement necessitates amendments to the Federal Information Security Modernization Act of 2014 (FISMA). The Committee continues to have questions about the structure and security of the email system used by former Secretary Clinton and whether she and her staff employed cybersecurity standards required by FISMA.
Congressman Rep. Mark Meadows told The Hill on 19 September 2016 that Reddit’s discovery was “troubling” due to the timing of Combetta’s putative posts:
“The Reddit post issue and its connection to Paul Combetta is currently being reviewed by OGR staff and evaluations are being made as to the authenticity of the post,” Meadows told The Hill.
Reddit users appear to have uncovered a two-year-old post from an account believed to belong to Combetta, an engineer with Platte River Networks. The Denver, Colo.-based firm managed Clinton’s private server.
The post, which has been deleted but can be read in images archived by Reddit users, coincides with the discovery of Clinton’s use of the server.
Combetta is currently one of the targets of a broader Oversight investigation on whether Clinton ordered the destruction of emails that had been subpoenaed by the Benghazi Select Committee.
“If it is determined that the request to change email addresses was made by someone so closely aligned with the Secretary’s IT operation as Mr. Combetta, then it will certainly prompt additional inquiry,” Meadows told The Hill. “The date of the Reddit post in relationship to the establishment of the Select Committee on Benghazi is also troubling.”
On 21 September 2016, Fortune observed that Combetta’s potential misstep was using the same handle in a number of Internet locations, allowing Reddit users to track him with apparent ease:
To make a long story short, Combetta screwed up by recycling an online handle he had used before. It’s something all of us do. It’s human nature to use the same name, rather than invent a new handle for each Internet site we visit.
To be clear, the evidence that Combetta is “stonetear” is circumstantial, and it’s not clear if there is anything illegal about the Reddit request. But the optics sure don’t look good, and strongly suggest that Combetta turned to social media for advice about how to tamper with government records that should been preserved.
The Republican-led Oversight Committee in the House of Representatives says it is looking into the Reddit post. A lawyer for Combetta’s employer, Platte River Networks, has denied media requests for comment.
The identity of u/stonetear has not yet been confirmed, and an attorney for Platte River Networks has declined to comment on the claims. Combetta was earlier granted immunity by the Justice Department with respect to the Clinton e-mail investigation, and he invoked his Fifth Amendment right not to testify during a hearing earlier in September 2016, before the Reddit controversy placed him under sharper scrutiny.
House Republicans have scheduled a hearing pertaining to preservation of state records for 22 September 2016, and Rep. Smith’s letter set a deadline of 23 September 2016 for Combetta and other Platte River Networks employees to arrange “transcribed interviews” with the Committee. Neither Combetta nor legal representatives for Platte River Networks have denied the claims.