The FBI relied on CrowdStrike’s “conclusion” to blame Russia for hacking DNC servers, though the private firm never produced a final report and the FBI never asked them to, as Ray McGovern explains.
By Ray McGovern
Special to Consortium News
CrowdStrike, the controversial cybersecurity firm that the Democratic National Committee chose over the FBI in 2016 to examine its compromised computer servers, never produced an un-redacted or final forensic report for the government because the FBI never required it to, the Justice Department has admitted.
The revelation came in a court filing by the government in the pre-trial phase of Roger Stone, a long-time Republican operative who had an unofficial role in the campaign of candidate Donald Trump. Stone has been charged with misleading Congress, obstructing justice and intimidating a witness.
The filing was in response to a motion by Stone’s lawyers asking for “unredacted reports” from CrowdStrike in an effort to get the government to prove that Russia hacked the DNC server. “The government … does not possess the information the defandant seeks,” the filing says.
In his motion, Stone’s lawyers said he had only been given three redacted drafts. In a startling footnote in the government’s response, the DOJ admits the drafts are all that exist. “Although the reports produced to the defendant are marked ‘draft,’ counsel for the DNC and DCCC informed the government that they are the last version of the report produced,” the footnote says.
In other words CrowdStrike, upon which the FBI relied to conclude that Russia hacked the DNC, never completed a final report and only turned over three redacted drafts to the government.
These drafts were “voluntarily” given to the FBI by DNC lawyers, the filing says. “No redacted information concerned the attribution of the attack to Russian actors,” the filing quotes DNC lawyers as saying.
In Stone’s motion his lawyers argued: “If the Russian state did not hack the DNC, DCCC, or [Clinton campaign chairman John] Podesta’s servers, then Roger Stone was prosecuted for obstructing a congressional investigation into an unproven Russian state hacking conspiracy … The issue of whether or not the DNC was hacked is central to the Defendant’s defense.”
The DOJ responded: “The government does not need to prove at the defendant’s trial that the Russians hacked the DNC in order to prove the defendant made false statements, tampered with a witness, and obstructed justice into a congressional investigation regarding election interference.”
Thousands of emails from the DNC server were published by WikiLeaks in July 2016 revealing that the DNC interfered in the Democratic primary process to favor former Secretary of State Hillary Clinton over Senator Bernie Sanders for the party’s presidential nomination. The U.S. indicted 12 Russian military intelligence agents in 2018 for allegedly hacking the DNC server and giving the emails to WikiLeaks.
Comey Can’t Say Why
At a time of high tension in the 2016 presidential campaign, when the late Sen. John McCain and others were calling Russian “hacking” an “act of war,” the FBI settled for three redacted “draft reports” from CrowdStrike rather than investigate the alleged hacking itself, the court document shows.
Then FBI Director James Comey admitted in congressional testimony that he chose not to take control of the DNC’s “hacked” computers, and did not dispatch FBI computer experts to inspect them, but has had trouble explaining why.
In his testimony, he conceded that “best practices” would have dictated that forensic experts gain physical access to the computers. Nevertheless, the FBI decided to rely on forensics performed by a firm being paid for by the DNC.
Suspicions grew as Comey started referring to CrowdStrike as the “pros that they hired.” Doubts became more intense when he referred to CrowdStrike as “a high-class entity.” In fact the company had a tarnished reputation for reliability and objectivity well before it was hired by the DNC.
Dimitri Alperovitch, a CrowdStrike co-founder, is an opponent of Russian President Vladimir Putin and a senior fellow at the anti-Russian Atlantic Council think tank in Washington. CrowdStrike said it determined that Russia had hacked the DNC server because it found Cyrillic letters in the metadata, as well as the name of the first Soviet intelligence chief—clues an amateur might leave.
CrowdStrike was forced to “revise(d) and retract(ed) statements it used to buttress claims of Russian hacking during last year’s American presidential election campaign,” Voice of America reported in March 2017.
CrowdStrike’s Early Role
In a Memorandum for the President on July 24, 2017, Veteran Intelligence Professionals for Sanity referred prominently to this instructive time sequence:
June 12, 2016: Julian Assange announces WikiLeaks is about to publish ‘emails related to Hillary Clinton.’
June 14, 2016: DNC contractor CrowdStrike, (with a dubious professional record and multiple conflicts of interest) announces that malware has been found on the DNC server and claims there is evidence it was injected by Russians.
June 15, 2016: ‘Guccifer 2.0’ affirms the DNC statement; claims responsibility for the ‘hack;’ claims to be a WikiLeaks source; and posts a document that the forensics show was synthetically tainted with ‘Russian fingerprints.’
VIPS does not believe the June 12, 14, & 15 timing was pure coincidence. Rather, it suggests the start of a pre-emptive move to associate Russia with anything WikiLeaks might have been about to publish and to “show” that it came from a Russian hack.
Bill Binney, a former NSA technical director and a VIPS member, filed an affidavit in Stone’s case. Binney said: “WikiLeaks did not receive stolen data from the Russian government. Intrinsic metadata in the publicly available files on WikiLeaks demonstrates that the files acquired by WikiLeaks were delivered in a medium such as a thumb drive.”
Preferring CrowdStrike; ’Splaining to Congress
Why did FBI Director James Comey not simply insist on access to the DNC computers? Surely he could have gotten the appropriate authorization. In early January 2017, reacting to media reports that the FBI never asked for access, Comey told the Senate Intelligence Committee there were “multiple requests at different levels” for access to the DNC servers.“Ultimately what was agreed to is the private company would share with us what they saw,” he said. Comey described CrowdStrike as a “highly respected” cybersecurity company.
Asked by committee Chairman Richard Burr (R-NC) whether direct access to the servers and devices would have helped the FBI in their investigation, Comey said it would have. “Our forensics folks would always prefer to get access to the original device or server that’s involved, so it’s the best evidence,” he said.
Five months later, after Comey had been fired, Burr gave him a Mulligan in the form of a few kid-gloves, clearly well-rehearsed, questions:
BURR:And the FBI, in this case, unlike other cases that you might investigate — did you ever have access to the actual hardware that was hacked? Or did you have to rely on a third party to provide you the data that they had collected?
COMEY:In the case of the DNC, … we did not have access to the devices themselves. We got relevant forensic information from a private party, a high-class entity, that had done the work. But we didn’t get direct access.
BURR:But no content?
BURR:Isn’t content an important part of the forensics from a counterintelligence standpoint?
COMEY:It is, although what was briefed to me by my folks — the people who were my folks at the time is that they had gotten the information from the private party that they needed to understand the intrusion by the spring of 2016.
More telling was earlier questioning by House Intelligence Committee member, Rep. Will Hurd (R-TX), who had been a CIA officer for a decade.On March 20, 2017 while he was still FBI director, Comey evidenced some considerable discomfort as he tried to explain to the committee why the FBI did not insist on getting physical access to the DNC computers and do its own forensics:
HURD:So there was about a year between the FBI’s first notification of some potential problems with the DNC network and then that information getting on — getting on Wikileaks.
HURD:… when did the DNC provide access for — to the FBI for your technical folks to review what happened?
COMEY:Well we never got direct access to the machines themselves. The DNC in the spring of 2016 hired a firm that ultimately shared with us their forensics from their review of the system. …
HURD:… So, Director FBI notified the DNC early, before any information was put on Wikileaksand when — youhave still been — never been given access to any of the technical or the physical machines that were — that were hacked by the Russians.
COMEY: That’s correct although we got the forensics from the pros that they hired which — again, best practice is always to get access to the machines themselves, but this — my folks tell me was an appropriate substitute.
Comey Spikes Deal With Assange
Director Comey’s March 20, 2017 testimony to the House Intelligence Committee came at the same time he was scuttling months-long negotiations between Assange and lawyers representing the DOJ and CIA to grant some limited immunity for the WikiLeaks founder. In return, Assange offered to: (1) redact “some classified CIA information he might release in the future,” and (2) “provide technical evidence and discussion regarding who did not engage in the DNC releases.”
Investigative journalist John Solomon, quoting WikiLeaks’ intermediary with the government, broke this story, based on “interviews and a trove of internal DOJ documents turned over to Senate investigators.” It would be a safe assumption that Assange was offering to prove that Russia was not WikiLeaks’ source of the DNC emails, something Assange has repeatedly said.
That, of course, would have been the last thing Comey would have wanted.
On March 31, 2017 WikiLeaks released the most damaging disclosure up to that point from what it called “Vault 7” — a treasure trove of CIA cybertools leaked from CIA files. This disclosure featured the tool “Marble Framework,” which enabled the CIA to hack into computers, disguise who hacked in, and falsely attribute the hack to someone else by leaving so-called tell-tale signs — like Cyrillic, for example.
The CIA documents also showed that the “Marble” tool had been employed in 2016.
Two weeks later, then CIA Director Mike Pompeo branded WikiLeaks a “non-state hostile intelligence service,” and the U.S. put pressure on Ecuador, which had given Assange asylum, to expel him from its London embassy. He was on April 11 when British police arrested him. On the same day he was convicted of skipping bail on a Swedish investigation that had since been dropped. Assange was sentenced to 50 weeks in London’s max-security Belmarsh prison.
Comey, it seems a safe bet, still worries that Assange or one of his associates, will provide “technical evidence” enough to prove “who did not engage in the DNC releases.”
What Were They Thinking?
At the March 20, 2017 House Intelligence Committee hearing, Congressman Trey Gowdy heaped effusive praise on then-FBI Director Comey, calling him “incredibly respected.” At that early stage, no doubt Gowdy meant no double entendre. He might now.
As Russia-gate transmogrifies into Deep State-gate, the DOJ is launching a probe into the origins of Russia-gate and the intelligence agencies alleged role in it. It remains to be seen whether U.S. Attorney for the District of Connecticut John Durham, who is leading the probe, will interview Assange, unlike Special Counsel Robert Mueller, who did not.
It is proving very difficult for some of my old FBI friends and others to believe that Comey and other justice, intelligence, and security officials at the very top could have played fast and loose with the Constitution and the law and lived a lie over the past few years.
“How did they ever think they could get away with it?” they ask. The answer is deceivingly simple. Comey himself has explained it in a moment of seemingly unintentional candor in his pretentious book, “A Higher Loyalty.” He wrote, “I was making decisions in an environment where Hillary Clinton was sure to be the next president.”
There would be no problem, of course, if Mrs. Clinton had won the election. That’s what they all thought; and that probably explains their lack of care in keeping their activities off the written record and out of computers. Elementary tradecraft goes out the window with these upper-echelon, “high-class-entity” officials, when they are sure that she, and they, are going to be the inevitable winners — with promotions, not indictments in store for them.
Additional reporting by Joe Lauria
Ray McGovern works with Tell the Word, a publishing arm of the ecumenical Church of the Saviour in inner-city Washington. During his 27-year career as a CIA analyst, he led the Soviet Foreign Policy Branch and prepared the President’s Daily Brief for three presidents. He is co-founder of Veteran Intelligence Professionals for Sanity.