FBI Warned the DNC about Hacking 30 Times

2019-06-21 update: crooked DC prosecutors in Roger Stone’s case wrote:

Stone asserts that the government did not “collect[] any evidence of the DNC breach directly” or “independently verify” the findings of Company 1 about Russia’s involvement in the hack of DNC computer systems. … That statement is incorrect.

Company 1 is assumed to be CrowdStrike (CRWD). The FBI Response to Intelligence Committee shows that that statement is correct. The FBI has not only taken the CrowdStrike’s word in place of the evidence, but uncritically adopted its methodology and even terminology! And even there they made mistakes – Fancy Bear and Cozy Bear became FancyBear and CozyBear! Also, see a different rebuttal by Adam Carter.

CrowdStrike was first hired by the DNC in December 2015 to investigate disagreement about access to NGP VAN by Sanders staffers. Then Barack Obama appointed CrowdStrike’s general counsel Steven Chabinsky, former assistant director to the FBI Director Robert Mueller, to the Commission on Enhancing National Cybersecurity. Then the DNC hired CrowdStrike to investigate (or to pretend investigating) its network breach. Then the Obama administration used the DNC/CrowdStrike allegations to spy on and to sabotage the Trump campaign. CrowdStrike and Steele (Fusion GPS) reports have been coordinated by the DNC through its law firm Perkins Coie.

The funny part I – the crooked prosecutors claimed that ” Russia’s role in the DNC hack is not material”, but submitted a sur-reply “to correct any misimpression” about this alleged role.

The funny part II – the crooked prosecutors wrote near the end of the sur-reply: “Stone’s statement that the government has no other evidence is not only irrelevant to this proceeding but is also mistaken“. That looks like an admission that all other Stone’s statements are absolutely true and correct.

The Senate Intelligence Committee published the FBI Response regarding the DNC hacking. It is shocking even for those who don’t believe the conspiracy theory of Trump – Russia collusion, and finds the DNC behavior suspicious. The main points:

  1. The FBI began its notification efforts to the DNC on 6 August 2015 after the FBI received reporting that the DNC was compromised by what it called CozyBear (reflecting the CrowdStrike influence), and continued them through at least April 2016, and followed up until June.
  2. Over that time, the FBI had over 30 separate interactions with DNC, and offered help. The DNC rejected all offers of help.
  3. “The cyber campaign in question targeted over 130 US victim companies and corporations, just one of which was the DNC“. Testifying in front of Senate Intelligence Committee, Former FBI Director Comey said: “It’s hundreds. I suppose it could be more than a thousand, but it’s at least hundreds.
  4. In both March and April 2016, the FBI warned the DNC about spear-phishing attacks by what it called FancyBear (reflecting the CrowdStrike influence).
  5. In January 2016, the FBI notified the DNC that “CozyBear” had been credibly associated with Russian cyberespionage. Cozy Bear is CrowdStrike name for a group associated with sophisticated malware family The Dukes (which includes MiniDuke and MiniDionis). The malware and the hacking group behind it was discovered by the Kaspersky Lab.
  6. DNC counsel Michael Sussmann of Perkins Coie was fully aware of the compromise since 2015.

This and other evidence leads to the following tentative conclusions:

  • The DNC claim that it started to suspect the network breach on April 28 of 2016 is false. The DNC knew that its network was compromised by hackers and/or malware publicly linked to Russia, and decided to exploit such opportunity to falsely accuse Trump.

  • Comey & Co. knew that the DNC acted suspiciously in regards to the hacks, and that Hillary and the DNC should have been persons of interest in any counterintelligence investigation; yet they decided to investigate Trump.

Here, The FBI Response to Intelligence Committee Questions 2018-02-12 is OCR’ed and searchable. The most relevant quotes (emphasis is mine):

FBI began its notification efforts to the DNC on 06 August 2015 after FBI received reporting that the DNC was compromised by the advanced persistent threat actor referred to as CozyBear. After FBI requested to speak with the individual responsible for maintaining the IT systems, DNC referred the FBI to its Director of IT Yared Tamene. He was quickly identified to be the appropriate person to receive victim notifications on behalf of the DNC. The FBI was not initially aware that Tamene was a contract employee. His status as a contractor was not an issue because the DNC Chief Operating Officer Lindsey Reynolds, Technology Director Andrew Brown, DNC counsel Graham M. Wilson and DNC counsel Michael Sussmann were fully aware of the details of the compromise, and the fact that Tamene was the FBI’s primary point of contact throughout the investigation. DNC executive management endorsed the FBI communicating technical details of the compromise with Tamene.”

FBI provided DNC with two compromised IP addresses during this initial notification, indicated the DNC could potentially be a victim or a future victim of an ongoing e-mail spear-phishing campaign, and advised the activity may be related to open source threat reporting under the names Miniduke and Minidionis. FBI had no reason to believe the information was not being handled appropriately, or that an in-person notification was warranted. … On multiple occasions thereafter, FBI requested to be connected with the individual in charge of the IT systems at DNC, and was always directed to the same individual, Yared Tamene. Furthermore, once senior level DNC members became involved in the matter, DNC counsel confirmed that the FBI should continue to work through this individual.”

“FBI re-contacted DNC in December 2015 to advise that DNC systems were likely still compromised and to provide additional threat information. In January 2016, the FBI provided the DNC with an open source report titled The Dukes: 7 Years of Russian cyberespionage, which contained additional background on the threat actors. The FBI continued to notify the DNC when information was received that led FBI to believe that the DNC was still compromised. In February 2016, the FBI offered the use of a cyber response team to help identify the malicious traffic on DNC’s network and offered to deploy a sensor on the network to help identify the malicious traffic; however, both offers were declined by the DNC.”

In March 2016 FBI notified DNC about a spear-phishing campaign by a second adversary, referred to as FancyBear, against the DNC. FBI notified DNC again in April 2016 about a second set of FancyBear spear-phishing targets and identified users who clicked malicious links. FBI requested and received log files from DNC in April 2016. FBI continued to follow-up with DNC through June 2016, at which point a private security firm began providing mitigation services to the DNC, and the FBI began working directly with that firm.”

The cyber campaign in question targeted over 130 US victim companies and corporations, just one of which was the DNC. FBI exceeded standard procedures in its victim engagement with the DNC and believed the matter was being handled appropriately, so there was no reason to further elevate the notification. Due to the size and scope of the malicious campaign in the summer of 2015, the most rapid and reliable method available for notification was direct telephonic notification. The FBI did recognize the high-profile nature of this victim, and acted accordingly… The FBI had over 30 separate interactions with DNC IT and executive management. The FBI offered the use of a cyber response team to help identify the malicious traffic on their network and the FBI offered to deploy a sensor on the network to help identify the malicious traffic; however, both were declined. Instead, the DNC retained a private security firm to manage detection and remediation.”

In April 2016, FBI hosted a tabletop training exercise modeled on the actual CozyBear campaign from July 2015, which DNC attended. … The Republican National Committee (RNC) was also provided information from the exercise.”

Leave a Reply