The transcript was from an interview conducted with CrowdStrike's president of services and chief security officer Shawn Henry by the US House Permanent Select Committee on Intelligence in December 2017, but only released to the US Special Counsel Robert Mueller who conducted a two-year inquiry into alleged Russian collusion in the 2016 presidential poll.
While the exfiltration of emails from the DNC server has been accepted as a proven fact, Henry's answers to queries from committee members make it clear that this was definitely not the case.
In one typical exchange, Henry was asked, "What about the emails that everyone is so, you know, knowledgeable of? Were there also indicators that they were prepared but not evidence that they actually were exfiltrated?"
To this Henry responded, "There's not evidence that they were actually exfiltrated. There's circumstantial evidence - but no evidence that they were actually exfiltrated."
Asked why the FBI had not taken the lead in the investigation, Henry replied: "In these types of cases, my experience typically has been notification made to the victim about what has occurred in their environment, not that the FBI would typically come in. And they certainly wouldn't conduct a remediation."
Henry said CrowdStrike had begun its analysis of the hacked servers in May and the process had taken about four to six weeks, after which remediation commenced. The DNC was still vulnerable while the analysis was taking place.
While he claimed the network environment had been cleaned up by the remediation, Henry also said that in September another attack was noticed which CrowdStrike could not mitigate with the tools used to fix the first attack.
Asked by the head of the committee, Adam Schiff, when the emails from the DNC were exfiltrated, Henry replied: "We did not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated."
And in response to another query, Henry said: "There are times when we can see data exfiltrated, and we can say conclusively. But in this case, it appears it was set up to be exfiltrated, but we just don't have the evidence that says it actually left."
Numerous stories in media organs around the world have claimed that the DNC emails were handed to WikiLeaks publisher Julian Assange, but Henry's statements cast serious doubts on that.
On his part, Assange has always said that while a foreign power may have been involved in the DNC breach, the emails which WikiLeaks released in the run-up to the election were not given to the organisation by Russia or any state-actors.
Assange is now in prison in the UK, awaiting a hearing to decide whether Britain will extradite him to the US for trial over leaking government information.
While Henry claimed that the DNC had never told him that the FBI was requesting a look at the servers, there have been reports that the security agency, headed by James Comey at the time, made numerous requests for access to the hacked hardware.
Comey has admitted in congressional testimony that he chose not to take control of the hacked servers, and did not send FBI tech experts to inspect them, but has not given any explanation so far as to why he acted in this way.
CrowdStrike's involvement helped the company no end, increasing its public profile to the point where the company was able to go public last year. It is now valued at around US$16 billion, easily the highest valuation in the industry.
Since publication, CrowdStrike has responded and issued a statement for inclusion in this article.
CrowdStrike Statement of Response:
- The suggestion that CrowdStrike ‘had no proof’ of the data being exfiltrated is incorrect. Shawn Henry clearly said in his testimony that CrowdStrike had indicators of exfiltration ( page 32 of the testimony) and circumstantial evidence (page 75) that indicated the data had been exfiltrated. Also, please note that the Senate Intelligence Committee in April 2020 issued a report (https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume4.pdf/) validating the previous conclusions of the Intelligence community that Russia was behind the DNC data breach.
- This sentence is a mischaracterisation of Henry’s testimony: “While he claimed the network environment had been cleaned up by the remediation, Henry also said that in September another attack was noticed which CrowdStrike could not mitigate with the tools used to fix the first attack.” On page 28 of the testimony, Henry says "the second breach was in an environment that had not - did not have our technology deployed into it." There is no indication of any subsequent breaches taking place on the DNC’s corporate network or any machines protected by CrowdStrike Falcon.