[This is an important finding, in light of the in-depth narrative Scott Ritter assembled in his Medium article in August 2017, which I cited here. Given what DCNF’s Luke Rosiak has compiled, it’s worth quoting again what Scott Ritter says CrowdStrike was doing during the 40 days when the DNC system was allowed to keep operating while penetrated by the Cozy Bear and Fancy Bear malware.
CrowdStrike and the DNC were aware that their emails were being pilfered the entire time CrowdStrike was performing the system analytics described by Ritter:
Shawn Henry and his team used CrowdStrike’s Falcon Overwatch capability to monitor the DNC’s compromised servers for more than 30 days, mapping out the scope of the intrusion and tracking the actions of the attackers. The scope of the Cozy Bear intrusion was potentially devastating. According to CrowdStrike, Cozy Bear had roamed uncontested throughout the totality of the DNC server, collecting and transmitting email and Voice over Internet Protocol (VoIP) communications. Significant amounts of data had been exfiltrated during this time, CrowdStrike assessed, and the DNC had to assume that anything stored in the server had been compromised.
Fancy Bear appeared to have more limited objectives. Henry’s team detected evidence of a few select files having already been exfiltrated, while others were staged for future exfiltration. An analysis of these files showed that Fancy Bear was focused on opposition research being done by the DNC on the erstwhile Republican nominee, Donald J. Trump.
Now Luke Rosiak clarifies that the DNC kept sending and receiving emails — most of which weren’t even written until after 29 April, the day the DNC recognized it had been penetrated — as if everything were normal throughout that period. This seems inexplicable. – J.E.]
The majority of the Democratic National Committee (DNC) emails released by Wikileaks were not even written until after the DNC knew it had been hacked, raising questions about the effectiveness of Democrats’ decision to turn to a private firm instead of the FBI.
DNC CEO Amy Dacey learned of the breach in late April, but of the 27,500 DNC emails published by Wikileaks, fewer than 7,000 pre-date April 29. A Daily Caller News Foundation analysis of the published emails shows that the majority were written between May 5 and May 25 — after cybersecurity firm CrowdStrike was brought in to respond.
The emails exposed dirty laundry that Democrats have said swayed the election in President Donald Trump’s favor, and they might never have seen the light of day had the DNC enlisted law enforcement to immediately lock down its system after first detecting problems.
Dacey and chairwoman Debbie Wasserman Schultz decided not to call in the FBI and instead, about five days after the hack, enlisted the company CrowdStrike to perform investigation and remediation without consulting the DNC’s board, according to Brazile. CrowdStrike implanted itself May 5, within a day of being asked, according to The Washington Post. In the intervening days, 5,800 new emails were written and captured.
For weeks after the highly-paid firm responded, the breach continued unabated. More than 16,000 emails later published by Wikileaks were written after May 5.
CrowdStrike said known viruses were responsible for creating the vulnerability.
The fact that newly-written emails continued to be captured weeks after the DNC’s top staff was well aware it had been breached raises questions about why Wasserman Schultz and Dacey did not turn to the FBI, and whether the FBI could have immediately stemmed the flow.
CrowdStrike replaced the software on all DNC computers in what it believed would put the issue to rest June 10 — a month after the DNC detected the breach. Furthermore, there is reason to believe the breach had already ended, with the last Wikileaks email written May 25.
CrowdStrike did not return a request for comment.
Of the 10 emails WaPo deemed “most damaging,” nine of them were written after April 29 when the DNC’s leaders knew its emails could be intercepted. They include examples of the DNC seemingly failing to administer the primary election in a neutral way, with Wasserman Schultz calling a Sanders aide a “damn liar” and the DNC’s chief financial officer plotting to use Sanders’ religious beliefs against him.
Clinton later said that then-FBI Director James Comey not taking the DNC’s hack seriously enough “was the principal reason I lost the election.” But a timeline of Democrats’ own reactions suggests that it was they who did not react urgently.
“DNC leaders were tipped to the hack in late April. Chief executive Amy Dacey got a call from her operations chief saying that their information technology team had noticed some unusual network activity,” a June 14, 2016 Washington Post story said. The same day, Dacey spoke to a lawyer at Perkins Coie, which worked for both the Hillary Clinton campaign and the DNC. The law firm also funded the infamous Trump dossier.
“Soon after,” WaPo wrote — a length of time that now appears to be about five days — the lawyer called in CrowdStrike.
Wikileaks began publishing the emails July 22, 2016, triggering an apoplectic reaction among Democrats — rhetoric that arguably did not correspond with the urgency of their actions. Dacey and Wasserman Schultz did not even tell the body’s officers about the breach until June 14, and when they did, Wasserman Schultz’s tone was “so casual,” according to board member Donna Brazile.
Even after Wasserman Schultz had seen the damage that “some unusual network activity” can cause, she had an inexplicable reaction soon after when she learned in September of anomalies tied to her longtime House of Representatives IT aide Imran Awan, who is named in the leaked DNC emails as the only staffer with Wasserman Schultz’s password.
Wasserman Schultz later said that Capitol Police told her Awan was suspected of “data transfer violations.” But she refused to fire him, saying she feared the police might be Islamophobic against the Pakistani-born staffer. She created a new, second IT position on her House payroll for his wife, who is a suspect in the same ongoing investigation, and continued paying Awan even after House authorities banned him from the House network.
After he was banned from the network, Awan left a laptop with the username “RepDWS” in a phone booth, according to a police report. Wasserman Schultz continued to pay him and hired an outside lawyer to block authorities from looking at the laptop.
Even within the last few days, there is evidence that the DNC is not singularly focused on security when it comes to IT. In an Oct. 30 email seeking candidates for technology jobs, instead of casting a broad net for the most qualified workers, DNC Data Service Manager Madeleine Leader wrote, “I personally would prefer that you not forward to cisgender straight white males.”
This report, by Luke Rosiak, was cross-posted by arrangement with the Daily Caller News Foundation.