QUESTIONS ABOUT THE Democratic National Committee hack and Russia’s alleged involvement have been swirling for months, and have intensified as the intelligence community prepares to brief president-elect Donald Trump about its conclusions on Friday and release a declassified report next week. Ahead of this announcement, the DNC told Buzzfeed on Wednesday that neither the FBI nor any other intelligence agency ever did an independent assessment of the organization’s breached servers. Instead, they alleged, the FBI relied exclusively on information from private digital forensics company Crowdstrike. Now the FBI is refuting this account of the events.
In a statement to WIRED, a senior FBI law enforcement official wrote in an email Thursday that “The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated.” This contrasts with what DNC deputy communications director Eric Walker told Buzzfeed in an email: “The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers.”
In its statement, the FBI agreed with the DNC’s implication that it had instead relied on data from Crowdstrike. But the Bureau points the finger for its lack of independent evaluation squarely at the DNC. According to the FBI official, “This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.”
When asked about the FBI’s comments and the two institutions’ differing accounts of events, the DNC referred WIRED to its statement to Buzzfeed on Wednesday.
On Thursday evening Trump tweeted that the DNC’s claim raises fundamental questions about whether a hack even occurred at the DNC at all. But whether the DNC was hacked is not in doubt. On that point the DNC and FBI agree that the hack happened. Third party evidence revealed an intrusion regardless of intelligence community findings (which also agree that a hack occurred).
The possibility that the FBI based its investigation on inferior-quality evidence is significant, though, as the US government and public try to assess the intelligence community’s Russia attribution. The Obama administration issued sanctions against Russian intelligence groups last week, but Trump and others have raised doubts about the conclusion that Russia was behind various incidents of election meddling, including the DNC hack. Meanwhile, in a Senate Armed Services Committee hearing Thursday morning, US Director of National Intelligence James Clapper alleged that Russia was involved in fake news operations and disinformation campaigns during the US presidential campaign season.
Still, the attribution of the DNC hack to Russia has been extensively vetted by multiple agencies within the US intelligence community as well as the civilian infosec community. Even given healthy skepticism, the overall consensus from both groups is that Russia orchestrated and executed the hacking campaigns. Officials told theWashington Post on Thursday that one factor intelligence agencies considered in their attribution was intercepted communications in which Russian officials openly celebrated Donald Trump’s election and Hillary Clinton’s loss as a political boon to the Kremlin. The Post reports that some of the revelers were Russian officials who knew about initiatives to interfere with the US presidential campaigns.
At the time of publication, the FBI had not yet responded to a request for comment from WIRED about whether it feels that it missed out on higher caliber evidence in investigating the DNC breach or whether it was satisfied with the evidence it collected through other channels. NBC News reporter Ken Dilanian tweeted on Wednesday that a “source close to the investigation says FBI didn’t need the DNC servers because it already had the forensic data from upstream collection.”
The FBI official’s characterization that the DNC “caused significant delays and inhibited the FBI from addressing the intrusion earlier” is somewhat at odds with a report published by the New York Times in mid-December, which indicated that the FBI originally took a “low-key approach” to notifying the DNC about suspicious activity the Bureau had detected on the DNC’s network. In that reported version of the timeline, it wasn’t until seven months after the initial (half-hearted) FBI warning that the DNC was first motivated to defend its network.
At the Senate hearing on Thursday, NSA director Michael Rogers said, “The biggest frustration to me is speed, speed, speed. We have got to get faster. We have got to be more agile.”
Updated 1/5/17 7:30 p.m. to include response from the Democratic National Committee.
Updated 1/5/17 8:00 p.m. to include Donald Trump’s tweet.