The cybersecurity firm that investigated and remediated the alleged hack of the Democratic National Committee’s servers in 2016 found no direct evidence that hackers stole any data or emails, according to a newly declassified interview transcript.
Shawn Henry, the president of CrowdStrike Services, told the House Intelligence Committee in late 2017 that his firm had no evidence that the alleged Russian hackers stole any data from the Democratic National Committee (DNC) servers.
“There’s not evidence that they were actually exfiltrated,” Henry said. “There’s circumstantial evidence, but no evidence that they were actually exfiltrated.”
The publication by WikiLeaks of more than 44,000 emails from senior DNC officials became one of the biggest stories of the turbulent 2016 presidential race and served as the predicate for the FBI’s investigation of the Trump campaign. Special counsel Robert Mueller, who took over the probe in May 2017, eventually charged a group of Russians with hacking the DNC. The indictment alleges that the Russians hacked into the DNC and stole thousands of emails.
Prior to Mueller’s indictment, the public knowledge of the alleged DNC hack consisted of CrowdStrike’s brief report on the matter released on June 14, 2016, days after the firm claims to have ousted the hackers from the committee’s systems. The report makes no mention of stolen data, although Henry told The Washington Post in an article published the same day that the Russians allegedly “stole two files.”
Of the more than 44,000 emails published by WikiLeaks, more than 98 percent were sent and received by senior DNC officials between April 18 and May 25 of 2016. During more than half of that time frame, CrowdStrike had already installed its software on the DNC’s servers and was monitoring the network.
In its response for an explanation for how the hackers pilfered the emails on its watch without leaving a trace, CrowdStrike pointed to a portion from Henry’s testimony which does not address the alleged breach.
“So the analysis started the first day or two in May, and then that was about 4 to 6 weeks, I think, on June 10th, we started what we call the remediation event. So we collected enough intelligence. We identified where the adversaries were in the environment. We came up with a remediation plan to say we see them in multiple locations. These are the actions that we need to execute in order to put a new infrastructure in place and to ensure that the adversaries don’t have access to the new infrastructure. So that would have been June 10th when we started. And we did the remediation event over a couple of days,” Henry said.
A CrowdStrike spokesperson, referencing the period after the alleged hack, wrote in an email to The Epoch Times that, “to be clear, there is no indication of any subsequent breaches taking place on the DNC’s corporate network or any machines protected by CrowdStrike Falcon.”
The company did not respond to a request to explain how the emails were allegedly pilfered under its watch and why it failed to find evidence despite closely monitoring the servers with full awareness that hackers were present.
