CLAIM: The FBI only relied on the word of a cybersecurity firm, CrowdStrike, to determine that Russia hacked the emails of the Democratic National Committee.
AP’S ASSESSMENT: False. CrowdStrike provided forensic evidence and analysis for the FBI to review during its investigation into a 2016 hack of DNC emails.
THE FACTS: Social media posts are wrongly claiming that the FBI failed to review evidence in the hack of the DNC’s computer network before concluding that Russia was responsible for the breach.
The claims circulated widely on Twitter and Facebook after the White House released a rough transcript of a July phone call President Donald Trump had with Ukrainian President Volodymyr Zelenskiy in which he asked Zelenskiy to investigate CrowdStrike.
CrowdStrike is the private U.S.-cybersecurity firm that first helped the DNC identify the malware on its system in 2016 and later traced it back to Russia. The company has identified hacks for major clients that also include the National Republican Congressional Committee and U.S. government.
The FBI never took physical hold of the DNC’s computer system. Instead, it reviewed a wide range of computer forensic evidence provided by CrowdStrike, which is common practice in such investigations.
“With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI,” the firm said in an emailed statement to The Associated Press. “As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US intelligence community.”
Former FBI Director James Comey also told Congress in 2017 that CrowdStrike “ultimately shared with us their forensics from their review of the system.”
That’s not unusual, said Eugene H. Spafford, a professor of computer science at the Center for Education and Research in Information Security at Purdue University.
Such reviews are a comprehensive copy of what is on the machine at the time and include a replica of saved messages, network connections and active accounts.
“Just making a verified, hardware-level copy of all the bits, all the data that’s stored on the system is sufficient for almost all investigations that would have to be conducted,” said Spafford, who has assisted the FBI in cases.
It’s “generally unnecessary” for law enforcement to physically confiscate a computer during an investigation, especially ones involving a business or organization because they need the computer systems to keep operations going, Spafford added.
He described CrowdStrike as a “well-respected” cybersecurity firm that would have properly recorded evidence in the case so that it could be used in an investigation, as the one conducted by the FBI.

More from Associated Press
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
- Biden Picks New NSA Head, Key to Support of Ukraine, Defense of US Elections
- White House Unveils New Efforts to Guide Federal Research of AI
- Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US
- China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States
- ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
