House Intel Relied on Sources Besides CrowdStrike to Conclude Russians Stole DNC Emails, Source Says
The information provided by cybersecurity firm CrowdStrike wasnt the most compelling piece of evidence examined by a House committee to reach the conclusion that Russian hackers stole thousands of emails from the Democratic National Committee (DNC) server in late May 2016, according to a Republican on the panel who was directly involved in the investigation.
The House Intelligence Committee reviewed multiple independent sources, all of which were more compelling than the evidence handed over by CrowdStrike, the cybersecurity firm that the DNC hired to deal with the breach of its systems. The evidence for the exfiltration of the emails from the DNC server was as convincing as the evidence for the rest of the cyberattack, the source told The Epoch Times.
“The evidence on exfiltration was not weaker than for any other parts of the hacking operation. CrowdStrikes evidence was not the most compelling thing we had—it was the independent sources of information that also indicated Russian exfiltration. Unfortunately, those details are classified and were redacted from official reports on the hack,” the source said.
The committee disclosed the new information in response to questions that arose from the recently declassified testimony of Shawn Henry, the president of CrowdStrike Services, a wholly owned subsidiary of CrowdStrike. Henry told the House Intelligence Committee in 2017 that CrowdStrike had no direct evidence that Russian hackers exfiltrated emails from the DNC email server.
According to special counsel Robert Mueller, Russian hackers breached the DNCs Microsoft Exchange Server and stole thousands of emails sometime between May 25 and June 1, 2016, more than three weeks after the DNC hired CrowdStrike to protect itself from the hackers and oust them from its network.
The questions raised by Henrys testimony prompted CrowdStrike to issue a voluminous update last week to the statement it issued in June 2016 about its work with the DNC. The 2,400-word update includes just one sentence addressing Henrys acknowledgment of having no direct evidence of data being exfiltrated. The sentence addresses only a separate instance of exfiltration in April and omits the alleged theft of the emails that occurred a month later.
“Shawn Henry stated in his testimony to the House Intelligence Committee that CrowdStrike had indicators of exfiltration (page 32) and that data had clearly left the network,” the statement reads.
On page 32 of his interview transcript, Henry tells Rep. Adam Schiff (D-Calif.) that CrowdStrike had indicators of exfiltration occurring in April 2016. Schiff, referencing a CrowdStrike report which the company has refused to release to the public, pinpointed the date as April 22.
In response to questions from The Epoch Times about the alleged theft of the emails during the separate breach in late May 2016—when CrowdStrike was already engaged by the DNC—a company spokesperson said in a statement: “There is no indication that there was ever a breach on any DNC server or computer protected by CrowdStrikes technology.”
The assertion is notable because CrowdStrikes co-founder, Dmitriy Alperovitch, told Esquire in 2016 that the DNC had installed CrowdStrikes Falcon software on its systems on May 5, 2016, three weeks before the DNCs mail server was allegedly hacked. CrowdStrike declined to answer whether the Microsoft Exchange Server from which the emails allegedly were stolen was protected by Falcon.
The companys website describes Falcon as a breach-prevention software.
If the server was protected by CrowdStrikes software, the companys statement would contradict the findings of Mueller, who alleged that the emails were stolen in a separate breach in late May.
If the server wasnt protected, questions would arise about whether the DNC was aware that its systems were subject to more breaches and theft of emails after it had engaged CrowdStrike for protection from hackers.
CrowdStrike wouldnt confirm if an understanding existed with the DNC about whether the committees systems were protected from theft after CrowdStrike was engaged. Henry testified in 2017 that protection was the goal.
“To be clear, our goal, my goal was to protect the client. We were hired to protect the client. We identified an adversary there. The goal was to make sure that the adversary was removed and the client had a clean environment with which to work,” Henry told lawmakers.
CrowdStrikes new statement and timeline of the events show that the company began its investigation of the breach on May 1-2, 2016, roughly three weeks before the alleged breach and theft of emails from the DNC server.
The new timeline clashes with the one Alperovitch provided to Esquire in 2016. The companys founder told the magazine that the DNC had engaged CrowdStrike late on May 5. CrowdStrike didnt respond to a request to explain the discrepancy.
According to the new timeline, the company was planning a “remediation event” at the time of the alleged theft of the emails. The remediation took place over the course of three days, starting on June 10, and consisted of abandoning the hacked servers and setting up the DNCs systems from scratch. CrowdStrike didnt respond to a request to explain why it took 40 days to prepare.
Rep. Devin Nunes (R-Calif.), who chaired the House Intelligence Committee when it investigated the DNC breach as part of a broader Russia investigation, was asked directly about CrowdStrikes claim of having no direct evidence of email exfiltration in an interview on Fox News on May 13. Nunes didnt address the question and said that “Russia, China, North Korea, Iran, every single day, they are trying to get in and to break into these official records.”
“I dont think its rocket science to think that several countries could be breaking into government agencies at all hours of the day,” Nunes said.
Wikileaks published tens of thousands of stolen DNC emails during the heat of the 2016 presidential election cycle, dealing a blow to the candidacy of Hillary Clinton. Wikileaks has repeatedly claimed that Russia wasnt the source of the emails.
The Wikileaks releases served as part of the predicate for the opening of the investigation into the Trump campaign, an FBI probe that eventually evolved into the Russia investigation by Mueller. The special counsel found no evidence of collusion between the Trump campaign and RussiaRead More From Source
