Security Market Segment LS
Wednesday, 13 May 2020 10:01

CrowdStrike chief admits no proof that Russia exfiltrated DNC emails

By
CrowdStrike chief admits no proof that Russia exfiltrated DNC emails Image by Muhammad Ribkhan from Pixabay

The controversial American security firm CrowdStrike, which was called in to investigate the alleged Russian hack of DNC servers in 2016, had no proof that any emails from the system had been exfiltrated despite public assertions that this had occurred, according to the transcript of an interview released by the US Government a few days ago.

The transcript was from an interview conducted with CrowdStrike's president of services and chief security officer Shawn Henry by the US House Permanent Select Committee on Intelligence in December 2017, but only released to the US Special Counsel Robert Mueller who conducted a two-year inquiry into alleged Russian collusion in the 2016 presidential poll.

While the exfiltration of emails from the DNC server has been accepted as a proven fact, Henry's answers to queries from committee members make it clear that this was definitely not the case.

In one typical exchange, Henry was asked, "What about the emails that everyone is so, you know, knowledgeable of? Were there also indicators that they were prepared but not evidence that they actually were exfiltrated?"
To this Henry responded, "There's not evidence that they were actually exfiltrated. There's circumstantial evidence - but no evidence that they were actually exfiltrated."

Henry told the panel that CrowdStrike had become a part of the investigation after a contractor working for the DNC contacted him. The FBI had notified the DNC that it had been hacked and that the intrusion was believed to have been carried out by a foreign power.

Asked why the FBI had not taken the lead in the investigation, Henry replied: "In these types of cases, my experience typically has been notification made to the victim about what has occurred in their environment, not that the FBI would typically come in. And they certainly wouldn't conduct a remediation."

Henry said CrowdStrike had begun its analysis of the hacked servers in May and the process had taken about four to six weeks, after which remediation commenced. The DNC was still vulnerable while the analysis was taking place.

While he claimed the network environment had been cleaned up by the remediation, Henry also said that in September another attack was noticed which CrowdStrike could not mitigate with the tools used to fix the first attack.

Asked by the head of the committee, Adam Schiff, when the emails from the DNC were exfiltrated, Henry replied: "We did not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated."

And in response to another query, Henry said: "There are times when we can see data exfiltrated, and we can say conclusively. But in this case, it appears it was set up to be exfiltrated, but we just don't have the evidence that says it actually left."

Numerous stories in media organs around the world have claimed that the DNC emails were handed to WikiLeaks publisher Julian Assange, but Henry's statements cast serious doubts on that.

On his part, Assange has always said that while a foreign power may have been involved in the DNC breach, the emails which WikiLeaks released in the run-up to the election were not given to the organisation by Russia or any state-actors.

Assange is now in prison in the UK, awaiting a hearing to decide whether Britain will extradite him to the US for trial over leaking government information.

While Henry claimed that the DNC had never told him that the FBI was requesting a look at the servers, there have been reports that the security agency, headed by James Comey at the time, made numerous requests for access to the hacked hardware.

Comey has admitted in congressional testimony that he chose not to take control of the hacked servers, and did not send FBI tech experts to inspect them, but has not given any explanation so far as to why he acted in this way.

CrowdStrike's involvement helped the company no end, increasing its public profile to the point where the company was able to go public last year. It is now valued at around US$16 billion, easily the highest valuation in the industry.

Since publication, CrowdStrike has responded and issued a statement for inclusion in this article.

CrowdStrike Statement of Response:

  1. The suggestion that CrowdStrike ‘had no proof’ of the data being exfiltrated is incorrect. Shawn Henry clearly said in his testimony that CrowdStrike had indicators of exfiltration ( page 32 of the testimony) and circumstantial evidence (page 75) that indicated the data had been exfiltrated. Also, please note that the Senate Intelligence Committee in April 2020 issued a report (https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume4.pdf/) validating the previous conclusions of the Intelligence community that Russia was behind the DNC data breach.

  2. This sentence is a mischaracterisation of Henry’s testimony: “While he claimed the network environment had been cleaned up by the remediation, Henry also said that in September another attack was noticed which CrowdStrike could not mitigate with the tools used to fix the first attack.” On page 28 of the testimony, Henry says "the second breach was in an environment that had not - did not have our technology deployed into it." There is no indication of any subsequent breaches taking place on the DNC’s corporate network or any machines protected by CrowdStrike Falcon.

Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments