CLAIM: The FBI only relied on the word of a cybersecurity firm, CrowdStrike, to determine that Russia hacked the emails of the Democratic National Committee.
AP’S ASSESSMENT: False. CrowdStrike provided forensic evidence and analysis for the FBI to review during its investigation into a 2016 hack of DNC emails.
THE FACTS: Social media posts are wrongly claiming that the FBI failed to review evidence in the hack of the DNC’s computer network before concluding that Russia was responsible for the breach.
The claims circulated widely on Twitter and Facebook after the White House released a rough transcript of a July phone call President Donald Trump had with Ukrainian President Volodymyr Zelenskiy in which he asked Zelenskiy to investigate CrowdStrike.
CrowdStrike is the private U.S.-cybersecurity firm that first helped the DNC identify the malware on its system in 2016 and later traced it back to Russia. The company has identified hacks for major clients that also include the National Republican Congressional Committee and U.S. government.
The FBI never took physical hold of the DNC’s computer system. Instead, it reviewed a wide range of computer forensic evidence provided by CrowdStrike, which is common practice in such investigations.
“With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI,” the firm said in an emailed statement to The Associated Press. “As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US intelligence community.”
Former FBI Director James Comey also told Congress in 2017 that CrowdStrike “ultimately shared with us their forensics from their review of the system.”
That’s not unusual, said Eugene H. Spafford, a professor of computer science at the Center for Education and Research in Information Security at Purdue University.
Such reviews are a comprehensive copy of what is on the machine at the time and include a replica of saved messages, network connections and active accounts.
“Just making a verified, hardware-level copy of all the bits, all the data that’s stored on the system is sufficient for almost all investigations that would have to be conducted,” said Spafford, who has assisted the FBI in cases.
It’s “generally unnecessary” for law enforcement to physically confiscate a computer during an investigation, especially ones involving a business or organization because they need the computer systems to keep operations going, Spafford added.
He described CrowdStrike as a “well-respected” cybersecurity firm that would have properly recorded evidence in the case so that it could be used in an investigation, as the one conducted by the FBI.

More from Associated Press
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
- Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
- Biden Picks New NSA Head, Key to Support of Ukraine, Defense of US Elections
- White House Unveils New Efforts to Guide Federal Research of AI
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
