Democratic National Committee, CrowdStrike and FBI: A Humdinger of Collusion
By: Jeffrey Winograd
Secret congressional testimony recently unlocked at the prodding of the acting Director of National Intelligence has exposed a disgraceful tale of collaboration between the Democratic National Committee (DNC), the cybersecurity firm CrowdStrike and the FBI.
Under grilling by two Republican members of the House Permanent Select Committee on Intelligence, Shawn Henry, president of CrowdStrike and former key FBI official, testified under oath that his firm was never able to prove the Russian among Democrats and the mainstream press.
Even more revealing, Henry inadvertently gave away a significant secret that was carefully kept under wraps by the DNC and its operatives.
Henry’s testimony, which took place on Dec. 5, 2017, shines the spotlight on four key points:
1. CrowdStrike and the Intelligence Community (IC) lied about the certainty that the Russian government hacked the DNC computers.
2. The DNC used the legal barrier of attorney-client privilege to protect itself from embarrassing revelations about its ties to the notorious Fusion GPS, the firm behind the totally discredited Steele dossier.
3. Perkins Coie, a Washington, D.C.-based law firm hired by the DNC, is now exposed as a nest bed of unethical operators who misled FBI investigators to prevent the Feds from learning it had hired Fusion GPS to generate dirt on Republican presidential candidate Donald Trump.
4. The date of April 12, 2016, was the day that made DNC-CrowdStrike-FBI collusion essential to protect the presidential candidacy of Hillary Clinton.
On June 15, 2016, CrowdStrike posted on its website a statement that “it stands fully by its analysis and findings identifying two separate Russian intelligence-affiliated adversaries present in the DNC network in May 2016.” Despite assertions of a related Russian disinformation campaign, “these claims do nothing to lessen our findings related to the Russian government’s involvement, portions of which we have documented for the public and the greater security community,” it added.
Almost seven months later, on January 6, 2017, the IC released a report titled “Russia’s Influence Campaign Targeting the 2016 Presidential Elections.” According to this report, “in July 2015, Russian intelligence gained access to DNC networks and maintained that access until at least June 2016.”
Then came this assertion: “We assess that the General Staff Main Intelligence Directorate (GRU) cyber operations resulted in the compromise of the personal e-mail accounts of Democratic Party officials and political figures. By May, GRU had exfiltrated large volumes of data from the DNC.” [emphasis added]
However, the IC report coyly included a rather stunning disclaimer: “Judgments are not intended to imply that we have proof that shows something to be a fact.” [emphasis added]
According to Shawn Henry, on April 30, 2016, CrowdStrike was retained to investigate the details of an alleged hacking of DNC computer servers.
“CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee, the formal governing body for the US Democratic Party, to respond to a suspected breach,” a June 15, 2016, a company blog update said.
However, this statement was clearly misleading and false.
In fact, CrowdStrike was retained by Perkins Coie, the law firm representing the DNC, a key point, the importance of which became clearer in the closed-door testimony of Henry.
Under questioning by Rep. Chris Stewart (R-UT), Henry revealed that the threat of a hack was first brought to the attention of the DNC by a company that was overseeing its computer network. This company submitted a report or reports to that effect.
It emerged that the contractor was first contacted by the FBI, months prior to April 30, and warned about possible hacking.
“l don’t know what [the FBI] had access to in the environment,” Henry said. “l can tell you that the intelligence that we shared with them, including forensic information, indicators of compromise, which are pieces of malware, et cetera, we provided all of that to the FBI. Starting in June of 2016, we provided them the data that would have been of value to them.”
Added Henry: “They were conducting an investigation. Whether they were feeding back information to the DNC or not, I don’t know. And when we sat with them in June, we provided them with a lot of the indicators, the malware, and other pieces of code that we took off of the computer network.’
Rep. Stewart wanted to know if the FBI could conduct their own investigation in a thorough fashion without access to the actual hardware. “Maybe,” replied Henry, “it depends on what else they had access to.” (NOTE: the FBI never had access to any DNC computer hardware)
The wily Stewart then signaled his belief that that something didn’t compute if the goal was to have the FBI conduct a better investigation. “So, the question is, would there be reasons for not making [equipment or hardware] available that override the benefit of having a more conclusive investigation? If someone wasn’t going to make that available, they would have to have reasons for not doing that because they would likely have a less thorough investigation by not making it available?”
“You’re asking me to speculate. I don’t know the answer,” Henry said.
What is DNC hiding?
As Rep. Stewart continued with his questions, two attorneys retained by the DNC jumped in and warned they would invoke attorney-client privilege if they did not like the direction Stewart’s questions were taking.
“Just for the record, some of the comments we were just discussing, as Mr. Henry indicated, certain of the work that was performed was performed at the behest of counsel, Perkins Coie, Mr. Sussmann,s law firm,” said David Lashway, of the law firm Baker and McKenzie, representing CrowdStrike. “Therefore, certain of that information, the DNC, as the client of Perkins Coie, has asserted privilege and some confidences over certain of that information, sir. And so we would turn to Perkins Coie, as counsel to the DNC, to ensure that Mr. Henry can actually answer some of these questions relating — some of that information that would otherwise be considered protected by the DNC, as the client.”
Another attorney then stepped in. “On behalf of the DNC, the DNC takes the work of this committee and this investigation incredibly seriously … and wants to cooperate in every way that we can in order to provide this committee all the information it needs,” said Graham Wilson, of the Perkins Coie Political Law Group. CrowdStrike was actually working for Perkins Coie and was “performing work in order to help Perkins Coie advise the DNC on this matter,” he added.
Stewart probed further and Wilson revealed that “we had a contract between Perkins Coie and CrowdStrike, with a scope of work for the DNC — specific work.”
At this point, under prodding by Rep. Stewart, Henry acknowledged that CrowdStrike never had a contract with the DNC. “I mentioned it was with Michael Sussmann from Perkins Coie,” said Henry. (NOTE: Sussmann was the attorney who, on behalf of the DNC, retained Fusion GPS to get the goods on Trump)
And then came this revelation. “So, the one thing I would want to say is I think we are not waiving any of the attorney-client privilege over the work product here today,” Wilson said. “Again, l’m not waiving any privilege, We’re happy to have him continue to go’ With the request for a specific document and the contents, you know, like that was a DNC document, if you want to put that question to the DNC, I’d be happy to discuss that with him and we can come back to it.”
Equivocation Is CrowdStrike Tactic
Rep. Stewart raised the claim that the hack on the DNC was not perpetrated by the Russian government and it was clear from Henry’s responses that there was no definitive proof of Russian hacking.
Here are some of Henry’s inconclusive responses (with emphasis added):
- “We said that we had a high degree of confidence it was the Russian government.
- “There are other nation-states that collect this type of intelligence for sure, but the — what we would call the tactics and techniques were consistent with what we’d seen associated with the Russian state.”
- “Counsel just reminded me that, as it relates to the DNC, we have indicators that data was exfiltrated. we did not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated’
- “There is evidence of exfiltration, not conclusive, but indicators of exfiltration off the DNC.”
- “There’s not evidence that they [emails] were actually exfiltrated. There’s circumstantial evidence.”
- “So, I said that we didn’t have direct evidence. But we made a conclusion that the data left the network.”
A Whiff Of Collusion
During the questioning of Henry, Rep. Mike Conaway (R-TX) asked when CrowdStrike sent data, in whatever form, to the FBI, “did you filter anything out of that that the DNC would not have wanted the FBI to look at?”
“No, sir. I don’t think so,” replied Henry. “No. And I say that because I know that part of our report is redacted, but I have no — my understanding is everything we gave to the FBI was as we collected it.”
Rep. Stewart followed this up by asking Henry if he or CrowdStrike is required to report any illegal activity that you find on a client’s computer? “l won’t speculate on what my legal obligations are,” responded Henry.
Conaway then wanted to know if the DNC restricted anything that CrowdStrike shared with the FBI or that the FBI asked for. “Did they tell you ‘no’ at any point?” asked the congressman.
“No, I have no recollection. Again, I know that there are redacted reports and there was some restriction on the reports. That’s the only thing I can recall,” was Henry’s retort. This statement appears to be evasive since Henry acknowledged he received directions from Perkins Coie, which retained CrowdStrike, and not the DNC.
The direction and tone of the questions shifted when Rep. Eric Swalwell (D-CA) had his turn. Queried Swalwell: “And, in your experience, comparing this case to other clients that you’ve had or in your work at the FBI, you believe that the images were sufficient for the FBI to understand what had occurred?
“I believe that the FBI got everything that they asked for that related to the DNC from us. Everything that we had access to related to images and servers, when they asked for it, they got it,” said Henry.
Swalwell also wanted to know who received the findings of the CrowdStrike investigation. “I believe it was to Perkins Coie, to the law firm, because they were the client, essentially, right? We were contracted through the law firm,” answered Henry.
April 12, 2016 — Hiding Origins Of Trump-Russia Collusion Witch Hunt
Rep. Stewart then pinned down Henry on a key point when he asked; “You said, I believe, talking about the DNC computer, you had indications that data was prepared to be exfiltrated, but no evidence it actually left. Did I write that down correctly?
“Yes,” replied Henry.
Continued Stewart: “And, in this case, the data I am assuming you’re talking about is the email as well as everything else they may have been trying to take.”
Henry’s response was quite revealing but Stewart did not follow it up. “There were files related to opposition research that had been conducted but no evidence it was actually exfiltrated.”
So, here are a few questions that deserve answers:
- How did Shawn Henry know there were files related to opposition research sitting in the DNC servers?
- Had Henry been instructed by Perkins Coie to do whatever necessary to protect the content of those opposition research files?
- What specific requests were made by the FBI to the DNC and CrowdStrike, and were those requests fulfilled?
Why the importance of April 12, 2016? According to “Witch Hunt” by Gregg Jarrett, that was the day “Fusion GPS was hired by lawyers for the Clinton campaign and DNC to do opposition research on Donald Trump,” an action that gave birth, among other things, to the totally discredited Steele dossier and FBI abuse of the Foreign Intelligence Surveillance Court.
What would have happened if this had all seen the light of day before the incoming Trump administration was wrapped in a virtual straightjacket?