This post is authored by Mitchell Nemeth
In Episode 1259, Dan discussed some analysis of the alleged DNC hack. Dan’s analysis lasers in on one of Stephen McIntyre’s Twitter threads: here. In the thread, McIntyre analyzes public documentation and reporting and pieces together various elements of the alleged Russian hacking of the DNC.
In December 2016, the Federal Bureau of Investigation released a report detailing that “the U.S. Government confirms that two different RIS (Russian Intelligence Services) actors participated in the intrusion into a U.S. political party.” This has been the predominant narrative since then, but interestingly enough the recently released interviews from the House Intelligence Committee paints a somewhat more obscure picture.
On December 5th of 2017, the House Permanent Select Committee on Intelligence interviewed Shawn Henry. Henry serves as the president of CrowdStrikes Services. CrowdStrike utilizes cybersecurity professionals to conduct incident response operations. According to Henry’s testimony, on April 30th of 2016, Michael Sussmann of Perkins Coie reached out to request the services of Henry. Within days, the two came to an agreement for CrowdStrike to provide services to Sussmann’s client, who is believed to be the DNC.
Later, Henry states that his firm “shared intelligence with the FBI.” CrowdStrike “had contact with them over a hundred times in the course of many months.” Henry emphasized that in these instances the FBI typically provides “notification…to the victim about what has occurred in their environment.”
Representative Stewart from Utah asks Henry about the “degree of confidence” that this network intrusion was associated with the Russian Government. To which Henry replies, “We said that we had a high degree of confidence it was the Russian Government. And our analysts that looked at it that had looked at these types of attacks before, many different types of attacks similar to this in different environments, certain tools that were used…that it was consistent with a nation-state adversary and associated with Russian intelligence.”
On Page 32 of the interview transcript, Representative Adam Schiff definitively asks, “Do you know the date in which the Russians exfiltrated the data from the DNC?” Interestingly enough, upon Henry’s quick response, his counsel intervenes. Henry states, “counsel just reminded me that, as it relates to the DNC, we have indicators that data was exfiltrated. We did not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated.” He continues, “There are times when we can see data exfiltrated, and we can say conclusively. But in this case it appears it was set up to be exfiltrated, but we just don’t have the evidence that says it actually left.”
On Page 75 of the interview transcript, Representative Stewart asks of the leaked DNC emails, “What about the emails that everyone is so, you know, knowledgeable of? Were there also indicators that they were prepared but not evidence that they actually were exfiltrated?” To which Henry replies, “There’s not evidence that they were actually exfiltrated. There’s circumstantial evidence.”
Why is any of this relevant? Comparing Henry’s interview with the FBI report from December 2016 leads to an interesting question. CrowdStrike believed the behavior of the network intruders followed a similar pattern of past RIS hacks. During Henry’s testimony he mentioned that CrowdStrike’s findings were presented to the DNC in a report, which was also provided to the House Permanent Select Committee on Intelligence. Where is this report and when are we going to see it? Just as the Government Accountability Office released a highly detailed report outlining the extent to which hackers infiltrated the Equifax network, the American public deserves similar transparency with the DNC hack.
