FBI never saw CrowdStrike unredacted or final report on alleged Russian hacking because none was produced
The FBI relied on CrowdStrike’s “conclusion” to blame Russia for hacking DNC servers, though the private firm never produced a final report and the FBI never asked them to, as Ray McGovern explains.
by Ray McGovern
by Ray McGovern
Part 4 - Preferring CrowdStrike; ’Splaining to Congress
Why did FBI Director James Comey not simply insist on access to the DNC computers? Surely he could have gotten the appropriate authorization. In early January 2017, reacting to media reports that the FBI never asked for access, Comey told the Senate Intelligence Committee there were “multiple requests at different levels” for access to the DNC servers.“Ultimately what was agreed to is the private company would share with us what they saw,” he said. Comey described CrowdStrike as a “highly respected” cybersecurity company.
Asked by committee Chairman Richard Burr (R-NC) whether direct access to the servers and devices would have helped the FBI in their investigation, Comey said it would have. “Our forensics folks would always prefer to get access to the original device or server that’s involved, so it’s the best evidence,” he said.
Five months later, after Comey had been fired, Burr gave him a Mulligan in the form of a few kid-gloves, clearly well-rehearsed, questions:
Asked by committee Chairman Richard Burr (R-NC) whether direct access to the servers and devices would have helped the FBI in their investigation, Comey said it would have. “Our forensics folks would always prefer to get access to the original device or server that’s involved, so it’s the best evidence,” he said.
Five months later, after Comey had been fired, Burr gave him a Mulligan in the form of a few kid-gloves, clearly well-rehearsed, questions:
BURR:And the FBI, in this case, unlike other cases that you might investigate — did you ever have access to the actual hardware that was hacked? Or did you have to rely on a third party to provide you the data that they had collected?
COMEY:In the case of the DNC, … we did not have access to the devices themselves. We got relevant forensic information from a private party, a high-class entity, that had done the work. But we didn’t get direct access.
BURR:But no content?
COMEY:Correct.
COMEY:In the case of the DNC, … we did not have access to the devices themselves. We got relevant forensic information from a private party, a high-class entity, that had done the work. But we didn’t get direct access.
BURR:But no content?
COMEY:Correct.
BURR:Isn’t content an important part of the forensics from a counterintelligence standpoint?
COMEY:It is, although what was briefed to me by my folks — the people who were my folks at the time is that they had gotten the information from the private party that they needed to understand the intrusion by the spring of 2016.
More telling was earlier questioning by House Intelligence Committee member, Rep. Will Hurd (R-TX), who had been a CIA officer for a decade.On March 20, 2017 while he was still FBI director, Comey evidenced some considerable discomfort as he tried to explain to the committee why the FBI did not insist on getting physical access to the DNC computers and do its own forensics:
HURD:So there was about a year between the FBI’s first notification of some potential problems with the DNC network and then that information getting on — getting on Wikileaks.
COMEY:Yes, sir.
COMEY:It is, although what was briefed to me by my folks — the people who were my folks at the time is that they had gotten the information from the private party that they needed to understand the intrusion by the spring of 2016.
More telling was earlier questioning by House Intelligence Committee member, Rep. Will Hurd (R-TX), who had been a CIA officer for a decade.On March 20, 2017 while he was still FBI director, Comey evidenced some considerable discomfort as he tried to explain to the committee why the FBI did not insist on getting physical access to the DNC computers and do its own forensics:
HURD:So there was about a year between the FBI’s first notification of some potential problems with the DNC network and then that information getting on — getting on Wikileaks.
COMEY:Yes, sir.
HURD:… when did the DNC provide access for — to the FBI for your technical folks to review what happened?
COMEY:Well we never got direct access to the machines themselves. The DNC in the spring of 2016 hired a firm that ultimately shared with us their forensics from their review of the system. …
HURD:… So, Director FBI notified the DNC early, before any information was put on Wikileaksand when — youhave still been — never been given access to any of the technical or the physical machines that were — that were hacked by the Russians.
COMEY: That’s correct although we got the forensics from the pros that they hired which — again, best practice is always to get access to the machines themselves, but this — my folks tell me was an appropriate substitute.
COMEY:Well we never got direct access to the machines themselves. The DNC in the spring of 2016 hired a firm that ultimately shared with us their forensics from their review of the system. …
HURD:… So, Director FBI notified the DNC early, before any information was put on Wikileaksand when — youhave still been — never been given access to any of the technical or the physical machines that were — that were hacked by the Russians.
COMEY: That’s correct although we got the forensics from the pros that they hired which — again, best practice is always to get access to the machines themselves, but this — my folks tell me was an appropriate substitute.
Source, links:
Comments
Post a Comment