WASHINGTON – The allegedly hacked Democratic National Committee email server is the key piece of forensic evidence in Russia's suspected interference in the 2016 presidential election.
Advertisement - story continues below
The intelligence-community assessment released in January 2017 on purported Russian meddling in the race, conducted by the CIA, the FBI, and the NSA, concludes Russian President Vladimir Putin personally ordered the hacking of the DNC and the dissemination of emails from key staffers via WikiLeaks to damage Hillary Clinton's candidacy.
But the intelligence agencies attributing the sweeping cyber-intrusion to Russia-backed hackers have yet to provide any actual evidence.
In fact, not a single government agency has even viewed the hacked computer servers to conduct a forensic data-breach investigation.
They never will.
The DNC destroyed the server, former DNC Chairwoman Donna Brazile revealed.
Advertisement - story continues below
The FBI asked the DNC to surrender its allegedly breached servers to the bureau. But the DNC didn't comply and, instead, hired the cybersecurity firm CrowdStrike to make a "replica" of all the information on its server and computers, turning over a major law-enforcement investigation to the private sector.
"The person we hired was the former No. 3 at the FBI, and they worked it out. [CrowdStrike] got a list from the FBI – the things that the FBI wanted. In that list of items that the FBI requested, they asked for a replica or an exact copy of everything that we have from our server – knowing that if we got rid of our server, we actually would get rid of our entire database," Brazile explained during a discussion at the National Press Club in Washington, D.C., about her new book, "Hacks."
"Our brain would be gone. And then essentially we would have nothing."
Advertisement - story continues below
CrowdStrike claimed in June 2016 that “two separate Russian intelligence-affiliated adversaries” hacked into the DNC network in May 2016.
Crowdstrike, which previously had assisted with government investigations, alleged in its report that the DNC breach was perpetrated by a group the cybersecurity firm encountered in 2015 while investigating a hack on the unclassified networks of the White House, State Department and Joint Chiefs of Staff.
Google, which gave millions of dollars to the Clinton campaign and was under fire during the election for manipulating and suppressing negative search results for Clinton, is one of CrowdStrike's primary investors.
Advertisement - story continues below
Another company that significantly invests in CrowdStrike is Warburg Pincus, run by a former staffer of both the Clinton and Obama administrations, Timothy Geithner.
Thank President Trump for all his accomplishments during his first year in office. Send him a FREE card of your choice. Go to ThankTrump.us
Availing the server to the FBI for examination would allow intelligence agencies and federal government resources to determine whether the DNC was hacked, establish the source of the breach, and verify whether the trove of DNC and Clinton campaign emails published during the election were leaked from a party within the DNC.
Yet, Brazile insisted "killing" the server was critical after the data was breached because the server would continue to be affected by spyware had it not been destroyed.
"In the last two weeks of the election, we had to make another decision as to whether or not to shut down that server – to actually kill it – because we kept getting, you know, we kept getting more spyware," she said. "They were so stealth; the operation was so stealth."
The replica and remediation process after the hacking cost the DNC "millions" of dollars, Brazile said.
"We made a replica of everything and turned it all over to [the FBI]. We also let them see all of the evidence from all of the individual computers, from everything else. So, we – trust me, it cost us quite a penny to make replicas and then we destroyed the machines and then bought the staff people new laptops," she said. "If you can imagine this, right before the convention, these staffers had lost all of their data, all of their materials – everything was gone. Everything was wiped clean, but we made a replica."
While Brazile admits she cooperated with the FBI by supplying the agency with replicas of its server, DNC Deputy Communications Director Eric Walker told Buzzfeed on Jan. 4 the FBI never requested access to the DNC's computer servers in question and that it had been "providing access to all of the information uncovered by CrowdStrike – without any limits."
Days later, on Jan 10, former FBI Director James Comey told the Senate Intelligence Committee the FBI issued "multiple requests at different levels" to the DNC to gain direct access to their computer systems and conduct their own forensic analysis, and his investigators were denied access to the physical servers.
"Our forensics folks would always prefer to get access to the original device or server that's involved, so it's the best evidence," he said.
Comey struggled to explain why the FBI was not given access.
After "multiple requests at different levels ... what was agreed to is that the private company would share with us what they saw," he said.
In March 2017, Comey told the House Intelligence Committee his investigators had still not accessed the servers analyzed by CrowdStrike, but he maintained his investigators believed they had an "appropriate substitute."
Brazile blasted Comey for testifying to Congress that the DNC did not cooperate with the FBI regarding access to its server.
"We turned over," she said. "Every time [the FBI] would say that about us I would go after them and say 'What the hell are you talking about? We've given you everything that you're asking for.'"
A cybersecurity government contractor for a U.S. intelligence agency, who asked that his named be withheld for security reasons, told WND he believes Brazile's explanation for "killing" the server "is the stupidest thing I ever heard."
"That's clearly a lie by a politician who knows nothing about cyber security, or they're lying. It doesn't matter if the server has spyware. The FBI wanted the server in the unaltered condition that it was in operation. If it had spyware, it's not going to matter to the FBI. They are going to do cyber forensics on everything on the server, regardless of the spyware," he said.
An FBI investigative file on Clinton revealed during the 2016 presidential race that the Clinton campaign used a special program known as BleachBit to delete her private emails and try to prevent their recovery.
The DNC likely followed suit, the cybersecurity expert suspected.
"If the FBI came to your door and said, 'We are taking your laptop for an investigation,' you are not going to say, 'Well, let me give you a copy of the data,' unless your name is Hillary Clinton. I promise you it's going to be filtered out and all the incriminating and illegal evidence that's on there is going to be destroyed because they know that if they delete the files from the hard drive, the data is still there, it just deletes the reference to the file."
The primary purpose of the DNC destroying the server, he said, is to conceal data.
"The only reason they would replicate the data is to sort through what they don't want the FBI getting; then they destroyed the original server so real forensic analysis cannot be performed on the data that was deleted. I guarantee you there's a lot of missing emails on the replica," he said.
"Even if they scrub the hard drive, there are techniques that the FBI has to recover deleted data. I guarantee the DNC erased the files off the server. It's not the DNC's job to determine whether the FBI needs to be protected from spyware. They should have just turned it over as is, and they didn't because they have something to hide. This is common knowledge that any cyber security person would know."
Howard J. Cohen, who has over 30 years experience in architecture and implementation of complex software applications, ranging from bioinformatics to chip-design tools, told WND he believed the Russians hacked the DNC server based on what he's read and seen in the news.
Brazile's explanation for why the DNC destroyed the server doesn't add up, Cohen said.
"Making a replica of the information on the disks is standard forensic practice, but why they would then want to destroy the original? It seems like a cover-up to me," he said. "You're getting rid of possible useful information. There's no other reason to destroy the server that I can think of.
"That doesn't make sense – that really doesn't make sense to me," he continued. "Why would you destroy the machines, which is, in some sense, doing a cover-up or making further investigation impossible?"
Brazile's claim the server needed to be destroyed because it contained spyware is also implausible, Cohen said.
"If a computer has been infected in some ways, you can certainly wipe it clean and rebuild it from clean back up," he said. "There are different exploits to take over machines by actually going into firmware of a computer, which is software that lives inside some chips and is outside of the disks. If the firmware is infected you might not be able to actually get rid of the exploit. In that sense, maybe you'd want to replace the chips that contain the firmware.
"You keep the server as evidence. You make replicas or images of disks to prevent the original evidence from getting damaged if you are doing some testing that may be destructive. The imaging is standard for disk backup and recovery."
CrowdStrike has defended its investigation multiple times, stating efforts to delegitimize conclusions are part of a "Russian intelligence disinformation campaign." But controversy continues to surround the DNC and the intelligence community's assessment that Moscow was behind the cyberattack.
According to a December 2016 Morning Consult poll, 71 percent of the American public did not believe Russia influenced the 2016 election.
President Trump has repeatedly rejected the Russian-influence claim, arguing the allegations are an attempt by Democrats to delegitimize his presidency. He has insisted anyone could have hacked the DNC and has suggested the Democratic Party's refusal to accept help from DHS was "all a big Dem HOAX!"
...Why did Democratic National Committee turn down the DHS offer to protect against hacks (long prior to election). It's all a big Dem HOAX!
— Donald J. Trump (@realDonaldTrump) June 22, 2017
So how and why are they so sure about hacking if they never even requested an examination of the computer servers? What is going on?
— Donald J. Trump (@realDonaldTrump) January 6, 2017
When will the Fake Media ask about the Dems dealings with Russia & why the DNC wouldn't allow the FBI to check their server or investigate?
— Donald J. Trump (@realDonaldTrump) May 7, 2017
Online hacker Kim Dotcom believes slain DNC staffer Seth Rich was behind the leaking of DNC emails to WikiLeaks and was developing technologies to expose corruption and the influence of corporate money in politics.
Rich, who was officially working on voter-registration systems for the DNC in the summer of 2016, was gunned down by unknown attackers in the early hours of July 10, 2016, just blocks from his home. Official investigation has turned up nothing on his killers or any possible reason for his murder. WikiLeaks began publishing tens of thousands of Clinton campaign and DNC emails 12 days after he was killed.
WikiLeaks founder Julian Assange is offering a $10,000 reward to find Rich's murderers and has insinuated that Rich is the source of the emails.
The FBI and CrowdStrike did not return WND's request for comment.