The cybersecurity firm that investigated and remediated the alleged hack of the Democratic National Committees servers in 2016 found no direct evidence that hackers stole any data or emails, according to a newly declassified interview transcript.
Shawn Henry, the president of CrowdStrike Services, told the House Intelligence Committee in late 2017 that his firm had no evidence that the alleged Russian hackers stole any data from the Democratic National Committee (DNC) servers.
“Theres not evidence that they were actually exfiltrated,” Henry said. “Theres circumstantial evidence, but no evidence that they were actually exfiltrated.”
The publication by WikiLeaks of more than 44,000 emails from senior DNC officials became one of the biggest stories of the turbulent 2016 presidential race and served as the predicate for the FBIs investigation of the Trump campaign. Special counsel Robert Mueller, who took over the probe in May 2017, eventually charged a group of Russians with hacking the DNC. The indictment alleges that the Russians hacked into the DNC and stole thousands of emails.
Prior to Muellers indictment, the public knowledge of the alleged DNC hack consisted of CrowdStrikes brief report on the matter released on June 14, 2016, days after the firm claims to have ousted the hackers from the committees systems. The report makes no mention of stolen data, although Henry told The Washington Post in an article published the same day that the Russians allegedly “stole two files.”
Of the more than 44,000 emails published by WikiLeaks, more than 98 percent were sent and received by senior DNC officials between April 18 and May 25 of 2016. During more than half of that time frame, CrowdStrike had already installed its software on the DNCs servers and was monitoring the network.
In its response for an explanation for how the hackers pilfered the emails on it watch without leaving a trace, CrowdStrike pointed to a portion from Henrys testimony which does not address the alleged breach.
“So the analysis started the first day or two in May, and then that was about 4 to 6 weeks, I think, on June 10th, we started what we call the remediation event. So we collected enough intelligence. We identified where the adversaries were in the environment. We came up with a remediation plan to say we see them in multiple locations. These are the actions that we need to execute in order to put a new infrastructure in place and to ensure that the adversaries dont have access to the new infrastructure. So that would have been June 10th when we started. And we did the remediation event over a couple of days,” Henry said.
The company did not respond to a request to explain how the emails were allegedly pilfered under its watch and why it failed to find evidence despite closely monitoring the servers with full awareness that hackers were present.
Muellers indictment alleges that Russian hackers broke into a DNC server and stole emails on or about May 25 and June 1 of 2016, roughly three weeks after CrowdStrike installed its software on the DNC servers and assessed that Russian hackers had gained access.
CrowdStrikes involvement in the events surrounding the alleged DNC hack has long been the subject of controversy. Some facts about the firms involvement remain disputed by key players, including Henry, who told the House Intelligence Committee that he was not aware of the DNC or CrowdStrike denying any FBI requests related to the server hack. Henrys testimony contradicted what then-FBI Director James Comey told the Senate Intelligence Committee in January 2017. Comey told senators that the FBI sought and was repeatedly denied access to thRead More From Source