Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Reviewed Cybersecurity Firm’s Evidence in 2016 DNC Election Hack

CLAIM: The FBI only relied on the word of a cybersecurity firm, CrowdStrike, to determine that Russia hacked the emails of the Democratic National Committee.

AP’S ASSESSMENT: False. CrowdStrike provided forensic evidence and analysis for the FBI to review during its investigation into a 2016 hack of DNC emails.

CLAIM: The FBI only relied on the word of a cybersecurity firm, CrowdStrike, to determine that Russia hacked the emails of the Democratic National Committee.

AP’S ASSESSMENT: False. CrowdStrike provided forensic evidence and analysis for the FBI to review during its investigation into a 2016 hack of DNC emails.

THE FACTS: Social media posts are wrongly claiming that the FBI failed to review evidence in the hack of the DNC’s computer network before concluding that Russia was responsible for the breach.

The claims circulated widely on Twitter and Facebook after the White House released a rough transcript of a July phone call President Donald Trump had with Ukrainian President Volodymyr Zelenskiy in which he asked Zelenskiy to investigate CrowdStrike.

CrowdStrike is the private U.S.-cybersecurity firm that first helped the DNC identify the malware on its system in 2016 and later traced it back to Russia. The company has identified hacks for major clients that also include the National Republican Congressional Committee and U.S. government.

The FBI never took physical hold of the DNC’s computer system. Instead, it reviewed a wide range of computer forensic evidence provided by CrowdStrike, which is common practice in such investigations.

“With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI,” the firm said in an emailed statement to The Associated Press. “As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US intelligence community.”

Former FBI Director James Comey also told Congress in 2017 that CrowdStrike “ultimately shared with us their forensics from their review of the system.”

Advertisement. Scroll to continue reading.

That’s not unusual, said Eugene H. Spafford, a professor of computer science at the Center for Education and Research in Information Security at Purdue University.

Such reviews are a comprehensive copy of what is on the machine at the time and include a replica of saved messages, network connections and active accounts.

“Just making a verified, hardware-level copy of all the bits, all the data that’s stored on the system is sufficient for almost all investigations that would have to be conducted,” said Spafford, who has assisted the FBI in cases.

It’s “generally unnecessary” for law enforcement to physically confiscate a computer during an investigation, especially ones involving a business or organization because they need the computer systems to keep operations going, Spafford added.

He described CrowdStrike as a “well-respected” cybersecurity firm that would have properly recorded evidence in the case so that it could be used in an investigation, as the one conducted by the FBI.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.