John Bolton, the one-time staple of U.S. national security who is now accused of mishandling classified information, first realized that Iranian hackers had broken into his AOL account on a Tuesday morning in the summer of 2021 — as he and his assistant noticed how emails in his message list went from bold to regular font before their very eyes.
They were reading his incoming emails in real time.
Making matters worse, whoever was on the other end seemed to have updated the two-factor authentication that would have stopped someone from accessing Bolton’s sensitive emails by sending him a coded text message before granting them access. The hacker added their email and phone number instead.
His assistant emailed the FBI.
“I’m alerting you that evidently someone has gotten into Amb. Bolton’s AOL account,” the assistant wrote, explaining the situation. “If there is anything you can help us with, that would be appreciated.”
The incident and many other details were revealed in new court filings related to the Department of Justice’s current case against Bolton, which threatens to put one of the country’s best-known conservative foreign policy hawks behind bars for the rest of his life. Bolton, who turns 77 later this month, faces a decade in prison for each crime listed in the 18-count indictment filed last month.
Newly unredacted portions of the FBI’s affidavit supporting the search of Bolton’s home in August provide more detail on the tense moments after the former ambassador tried to contain the damage from hackers deemed affiliated with the Iranian regime, long the target of Bolton’s ire.
The FBI quickly assessed the situation, with a special agent telling Bolton’s assistant on a phone call that agents had already conducted a cybercrime investigation and had determined that “one or more email accounts under your control may have been compromised by a nation-state cyber actor around late June 2021.” That meant hackers had only gained access a few days or weeks earlier.
But it was enough time for them to find a damning trove of information: notes and files relating to his 17-month stint as President Donald Trump’s national security adviser. After a nasty falling out with Trump that resulted in him leaving the White House in September 2019, Bolton wrote a memoir that closely documented what he claimed was Trump’s impulsive and emotionally driven decision-making process. Massive chunks of the book had to be removed before its 2020 publication because federal archivists had determined they touched on classified information.
But drafts of the book were sitting in Bolton’s email account a year later, thanks to what the assistant explained to the FBI as Bolton’s decision to write the book while “on the road” and send excerpts to himself. And hackers managed to find them.
“I do not think you would be interested in the FBI being aware of the leaked content of John’s email (some of which have been attached), especially after the recent acquittal,” the hackers wrote to Bolton on July 25, 2021.
It had been 19 days since the former national security adviser had discovered the hack, and what appeared to be classified information was still sitting in Bolton’s AOL emails.
“This could be the biggest scandal since Hillary’s emails were leaked, but this time on the GOP side!” the hackers added.
That reference carried a particularly personal sting, given that Bolton for years had criticized former Secretary of State Hillary Clinton’s decision to store government communications on an unsecured personal email server — something that led him to tell Fox News: “If you’re conscious of the need to protect classified information, you’ll remember what the rules are.”
The Oct. 16, 2025, indictment barely addresses the moment when Bolton’s team moved into damage-control mode on their own in late July 2021 by purging his emails — even though in reality hackers already had weeks to easily grab everything in the AOL account. But the newly unredacted documents show that Bolton’s assistant was exceedingly open with the FBI about the belated step he was taking, making admissions about the messy hoarding of sensitive information.
“We are going to be deleting most of Amb. Bolton’s emails (both in deleted folder and sent items but there are a lot of emails that got deleted automatically by AOL so it’s hard to really remember everything that was in his account),” the assistant wrote.
The indictment also makes a passing reference to a subsequent message from hackers on Aug. 5, 2021, threatening to leak their findings. Unredacted filings show how they signed off by poking at Bolton’s signature look: “Good luck Mr. Mustache!”
New details hint at how the FBI began to conclude that Bolton had allegedly broken the law, explaining how federal investigators there were conducting a “routine review” of an online account that the bureau had captured — one that had been used to dupe government officials and specialists at think tanks. FBI personnel were reviewing the hackers’ spoils and found a red flag: an email Bolton had sent himself through his AOL account on June 21, 2019, while he was still Trump’s national security adviser.
That date carries particular significance in Bolton’s memoir, as it aligns with what he described as the stressful week when Iran shot down a U.S. drone, leading Bolton and other hawkish top officials to recommend an aggressive retaliation in the form of missile strikes — only to have Trump call them off last minute over worries that killing Iranians would seem disproportionate, a notion that made Bolton furious.
The newly unredacted filings explain how the FBI in June 2022 sent Bolton’s email to an unidentified U.S. spy agency, which told the bureau that Bolton’s stolen email had information classified as “top secret.”
While Bolton is accused of mishandling classified information by transmitting it — even to himself — over everyday email, new details show that Bolton did try to take some precautions at home. The indictment notes that Bolton, as the White House’s highest-ranking national security official, was entitled to have a sensitive compartmented information facility, or SCIF, — essentially a locked-down room — in his own home. That SCIF was “decertified” a month after Trump fired him in 2019, which the indictment notes meant that “no location within Bolton’s home was approved for the lawful storage of classified information” from that point on.
However, newly available details in the FBI’s search warrant affidavit claim that Bolton actually tried to make one himself.
“Government records indicate that Bolton made attempts to re-accredit his home SCIF in February 2020, even though he was no longer an employee of the U.S. government,” the FBI affidavit says.
Bolton’s assistant even emailed Trump’s National Security Council to let members know that Bolton was reinstalling an SCIF at home to replace the official one he previously had in a corner of his basement.
Apparently, the NSC’s security director wasn’t having any of it, firing back a response that same day to make clear that the DIY home project was “not a viable option.”
Don’t miss the stories shaping Washington.
This site is protected by reCAPTCHA, and the Google Privacy Policy and Terms of Service apply. By continuing on NOTUS, you agree to its Terms of Use and Privacy Policy.
Sign in
Log into your free account with your email. Don’t have one?
This site is protected by reCAPTCHA, and the Google Privacy Policy and Terms of Service apply. By continuing on NOTUS, you agree to its Terms of Use and Privacy Policy.
Check your email for a one-time code.
We sent a 4-digit code to . Enter the pin to confirm your account.
New code will be available in 1:00
Let’s try this again.
We encountered an error with the passcode sent to . Please reenter your email.
This site is protected by reCAPTCHA, and the Google Privacy Policy and Terms of Service apply. By continuing on NOTUS, you agree to its Terms of Use and Privacy Policy.