Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Reviewed Cybersecurity Firm’s Evidence in 2016 DNC Election Hack

CLAIM: The FBI only relied on the word of a cybersecurity firm, CrowdStrike, to determine that Russia hacked the emails of the Democratic National Committee.

AP’S ASSESSMENT: False. CrowdStrike provided forensic evidence and analysis for the FBI to review during its investigation into a 2016 hack of DNC emails.

CLAIM: The FBI only relied on the word of a cybersecurity firm, CrowdStrike, to determine that Russia hacked the emails of the Democratic National Committee.

AP’S ASSESSMENT: False. CrowdStrike provided forensic evidence and analysis for the FBI to review during its investigation into a 2016 hack of DNC emails.

THE FACTS: Social media posts are wrongly claiming that the FBI failed to review evidence in the hack of the DNC’s computer network before concluding that Russia was responsible for the breach.

The claims circulated widely on Twitter and Facebook after the White House released a rough transcript of a July phone call President Donald Trump had with Ukrainian President Volodymyr Zelenskiy in which he asked Zelenskiy to investigate CrowdStrike.

CrowdStrike is the private U.S.-cybersecurity firm that first helped the DNC identify the malware on its system in 2016 and later traced it back to Russia. The company has identified hacks for major clients that also include the National Republican Congressional Committee and U.S. government.

The FBI never took physical hold of the DNC’s computer system. Instead, it reviewed a wide range of computer forensic evidence provided by CrowdStrike, which is common practice in such investigations.

“With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI,” the firm said in an emailed statement to The Associated Press. “As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US intelligence community.”

Advertisement. Scroll to continue reading.

Former FBI Director James Comey also told Congress in 2017 that CrowdStrike “ultimately shared with us their forensics from their review of the system.”

That’s not unusual, said Eugene H. Spafford, a professor of computer science at the Center for Education and Research in Information Security at Purdue University.

Such reviews are a comprehensive copy of what is on the machine at the time and include a replica of saved messages, network connections and active accounts.

“Just making a verified, hardware-level copy of all the bits, all the data that’s stored on the system is sufficient for almost all investigations that would have to be conducted,” said Spafford, who has assisted the FBI in cases.

It’s “generally unnecessary” for law enforcement to physically confiscate a computer during an investigation, especially ones involving a business or organization because they need the computer systems to keep operations going, Spafford added.

He described CrowdStrike as a “well-respected” cybersecurity firm that would have properly recorded evidence in the case so that it could be used in an investigation, as the one conducted by the FBI.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.