While Democrats and Trump’s critics continue to press the narrative of Russian hacking into the Democratic National Committee’s internal computer system, there is evidence that DNC files were removed in much more simple fashion.
An independent researcher known only as The Forensicator released information on July 9 that claims that the DNC files that were eventually published by the Guccifer 2.0 leaker were first downloaded by someone with physical access to a computer connected to the internal DNC network. It is likely that the person used a USB drive to copy the information. The research thus seriously undermines that continuing narrative about Russian hacking, as well as calling into question the actions of Crowdstrike and the DNC.
It was the CrowdStrike cybersecurity firm that originally claimed that it had found evidence of Russian hacking into DNC computers. CrowdStrike is a vendor for the DNC.
CrowdStrike is the only group that has directly analyzed the DNC servers, and other groups that claimed Russians hacked the DNC based themselves on CrowdStrike analysis. In addition, federal investigators have yet to examine the hacked computer server that handled email from the DNC. It is thus that the claim that Russian hacked the DNC comes solely from CrowdStrike. The DNC has yet to give federal investigators permission to look at the server: a key piece of evidence for the current investigation into alleged Russian meddling in the 2016 election.
Democrats and Republicans question CrowdStrike analysis
According to the Washington Times, Sen. Lindsey Graham (R-SC) said, “I want to find out from the company [that] did the forensics what their full findings were.” Graham is leading the Senate Judiciary Committee’s inquiry. Other Republicans have voiced similar doubts.
A Democrat who is troubled by the DNC’s refusal is former Department of Homeland Security secretary Jeh Johnson, who served under Obama. He told the House Permanent Select Committee on Intelligence in June that the DNC refused assistance from Homeland Security during the campaign to determine what was happening. “The DNC,” Johnson said, “did not feel it needed DHS’ assistance at that time. I was anxious to know whether or not our folks were in there, and the response I got was the FBI had spoken to them, they don’t want our help, they have CrowdStrike.” Former FBI director James Comey told the Senate Select Committee on Intelligence that his agency issued “multiple requests at different levels” to help the DNC with a cyber-forensic analysis but was refused. In addition, Sen. Kamala Harris (D-CA) also wants to know more.
President Donald Trump asked in a May 7 tweet, “When will the Fake Media ask about the Dems dealings with Russia & why the DNC wouldn’t allow the FBI to check their server or investigate?” So far, the DNC has refused to divulge the location of its server or allow federal investigators to get their hands on it.
DNC connection to CrowdStrike
When embarrassing internal emails were leaked during the campaign that pitched Hillary Clinton and Bernie Sanders against each other, the DNC reached out to CrowdStrike, a cybersecurity tech company. It challenged the dominance of cyber-security firms such as McAfee and Symantec and McAfee. Co-founded by George Kurtz and Dmitri Alperovitch, CrowdStrike quickly acquired a high-profile clients. It has since been valued at more than $1 billion. Among its investors are Warburg Pincus, whose president, Timothy Geithner, worked for the Clinton and Obama administrations. Google employees -- Hillary Clinton’s biggest corporate contributor -- kicked in more than $1.3 million in 2016 and also funded CrowdStrike.
Last year, the DNC paid CrowdStrike more than $410,000 for its security services, while in 2017 the DNC paid in excess of $121,000.
The National Republican Congressional Committee is also one of CrowdStrike’s clients. Despite the tie to Republicans, CrowdStrike’s credibility, and the impartiality of co-founder Alperovich, have been questioned. Alperovich is a senior founder at the Atlantic Council, which is partially funded by Ukrainian billionaire Victor Pinchuk. The latter donated more than $10 million to the Clinton Foundation.
During its analysis for the DNC, Crowdstrike said it identified two teams of Russian hackers with the code names “Fancy Bear” and “Cozy Bear” operating inside the DNC computer network. Malware known as X-Agent was found on the DNC computers. X-Agent is a malware used by Russia’s Federal Security Service and its military branch (GRU) to penetrate unclassified networks at the White House, State Department, and the Joint Chiefs of Staff.
However, cybersecurity experts such as author Jeffrey Carr have questioned CrowdStrike’s analysis, pointing out that X-Agent has been attributed to Russia even though others use it. Carr has said that Crowdstrike was duped or suspects Russian involvement everywhere. In addition, the respected International Institute for Strategic Studies of the UK disputed CrowdStrike’s analysis of a Russian hack of Ukrainian artillery during Ukraine’s war with Russian-backed separatists. CrowdStrike then revised and retracted portions of its analysis.
Because its finding that Russian hackers supposedly got into the DNC server was included in an official assessment by the Office of the Director of National Intelligence (DNI), which first raised concerns about Russian meddling, it has become the focus of politicians’ attention.
The DNI, under Director James Clapper, briefed Obama and Trump on the Russian operation and issued classified and public assessments. It concluded that “the Russian government directed the recent compromises of emails from U.S. persons and institutions, including from U.S. political organizations,” including the DNC.
WikiLeaks, the transparency organization that broadcast the DNC’s embarrassing emails, has always denied that the material came from an official Russian source. Julian Assange, the founder WikiLeaks, told Fox News in January: “We can say, we have said, repeatedly over the last two months that our source is not the Russian government and it is not a state party.”
CrowdStrike may still have its day before Congress. After hearing former DHS secretary Jeh Johnson say that the DNC refused his agency’s help to allay hackers, Rep. Trey Gowdy (R-SC) “There may be something else on that server [that the DNC] didn’t want law enforcement to see.” Rep. Louie Gohmert (R-TX), a former prosecutor, opined that DNC and CrowdStrike are acting like defendants with something to hide. “Why would they not invite them in?” Gohmert asked during a June interview with Fox News. “And I’m really interested in their excuse. But just from my own experience in all those years, usually the reason somebody didn’t want to invite law enforcement in to investigate is because they knew they would find that they had committed crimes if they came in and started investigating.”
For far, CrowdStrike is standing by its analysis for the DNC.
Democrats continue to stone-wall
Former Reagan administration official Jeffrey Lord, a Trump supporter, was interviewed on Anderson Cooper’s “360” show on CNN on July 6. Filling in for Cooper was CNN reporter John Berman, who interviewed other guests who included political analyst former Hillary Clinton campaign officials Robbie Mook and Jen Psaki. The segment started with a discussion about President Donald Trump’s recent statements in which he said that while he thinks that Russia was meddling in the 2016 election, there were probably others involved.
The discussion came on the day that Trump made a rousing speech in Warsaw, recalling the sacrifices of the Polish people for their liberty, while also blasting Russia’s expansionism. Berman mildly chided Lord for referring to Trump’s speech as the equivalent of a notable speech by Ronald Reagan at Westminster in the 1980s. Also, Lord disagreed that Trump was taking a swipe at the intelligence community but is being cautious about what he says about foreign involvement in the past general election.
Changing up the conversation over whether Trump’s speech was in the tradition of Winston Churchill or Ronald Reagan, Lord said, “But, you know, it was a good thing to do. But I don't think -- and one of the things that would help here, at least it's my understanding and maybe you guys know better than I, whether the Democratic National Committee is withholding forensics on their server.”
Host Berman began to interject when both Psaki and Mook were seen to laugh. Lord asked, “I mean that certainly would tell us, wouldn't it?”
Berman dismissed the question, saying “I suppose the president didn't bring that up today, Jeffrey, while he was doing that. I think that's a rabbit hole. That he isn't part of what happened today overseas.”
Lord pressed on, “But I mean if we find out, we -- if they do the forensics to see with some degree of accuracy who hacked, we would know, would we not? And they are withholding their servers, I understand it.”
Berman asked Mook if Lord’s question plays to the Republican party base and Trump’s base. “Does it play to the entire base of the Republican Party right now or President Trump's base when he talks about U.S. intelligence like this?”
Mook responded, and after saying that what Trump cares most about is Donald Trump, gave an answer that has been echoed by other Democrats. He said Trump is “trying to drudge up the past” but “we've got to solve this in a bipartisan way. And when the president does that, he undermines our country's ability to come together and solve the problem. This was an attack on all of us, all of us in this country, both parties, everyone in this room and the president is trying to divide us because that helps him feel better about his own election win. That's dangerous.”