By
The Democratic National Committee last month denied a claim made by its former chairwoman, Donna Brazile, about the timeline of the hacking of the committeeâs systems, the latest of many contradictions related to the crucial days when thousands of emails were allegedly stolen from the partyâs mail server.
In her 2018 book, Brazile wrote that after learning that alleged Russian hackers were inside its systems, the Democratic National Committee (DNC) asked Crowdstrike, the cybersecurity firm it hired to defend against the hack, to wait one month before kicking out the intruders.
Midway through the month-long wait, the hackers are said to have stolen the 40,000 emails that would eventually be published by Wikileaks.
Brazileâs claim gained renewed significance last month with the release of the final Russia report by the Senate Select Committee on Intelligence (SSCI). The report (pdf) stated that the DNC was aware that the hackers had already stolen files from its systems before the postponement request described by Brazile.
âNo one asked anyone to wait,â a senior DNC official told The Epoch Times. âThere was a period of time between when we discovered the breach and fully remediated, but that is incredibly fast and everyone was working around the clock to get ready to totally flip our system as fast as possible.â
Crowdstrike Senior Director of Public Relations Illina Cashiola told The Epoch Times that the company âwouldnât comment on a clientâs remediation strategy.â
Brazile did not respond to a request for comment. The former DNC chairwoman wrote in her book that the committee requested the one-month delay in May 2016 because staff needed their computers during the state primaries.
âIn May, when CrowdStrike recommended that we take down our system and rebuild it, the DNC told them to wait a month, because the state primaries for the presidential election were still underway, and the party and the staff needed to be at their computers to manage these efforts. For a whole month, CrowdStrike watched Cozy Bear and Fancy Bear operating,â Brazile wrote, referring to the codenames Crowdstrike assigned to the two intruders discovered on the DNC network.
Brazile became the interim chair of the DNC on July 24, 2016, less than two days after Wikileaks published 19,252 emails and 8,034 attachments as part of the first installment of material taken from the committee. After taking over, Brazile was deeply involved in the committeeâs cybersecurity efforts and worked directly with Crowdstrike, the FBI, and a group of more than two dozen Silicon Valley cybersecurity experts who volunteered to protect the DNCâs network, according to her book.
Despite her direct involvement in the aftermath of the hack, Brazile was not the head of the DNC during the six-week period in May and June of 2016 when Crowdstrike was first engaged and the emails were taken. She did not specify from whom she learned about the request to delay the remediation. The three most detailed timelines of the hack and the remediationâby Crowdstrike, the SSCI, and the FBIâs Deputy Director Andrew McCabeâmake no mention of Brazileâs claim.
Crowdstrike carried out the remediation of the DNC systems over the weekend on June 10-13, 2016. If Brazileâs claim is true, the DNC made the request for a one-month delay on or around May 10. The date is significant because DNC CEO Amy Dacey learned days earlier that the alleged Russian hackers had already stolen âa few filesâ from the DNC ârelated to Trump research.â
The contradiction between the committee and its chairwoman is among a number of clashing accounts about the emails that were taken from the DNC, the crime at the origin of the FBIâs investigation of the Trump campaign. Special counsel Robert Mueller, who took over the FBI probe of the Trump campaign in May 2017, and Crowdstrike are at odds about whether the DNCâs mail server was hacked and if emails were taken.
Mueller alleged that Russian hackers breached the DNCâs Microsoft Exchange Server between May 25 and June 1, 2016Â âand stole thousands of emails from the work accounts of DNC employees.â Crowdstrike claims that no hack had occurred on any DNC system protected by its software.
During the May 25 to June 1 hack timeframe alleged by Mueller, Crowdstrike had an armada of forensic tools deployed at the DNC, including at least 200 sensors to monitor the network, the Falcon software to defend committee systems, and the Forensic Collector software to detect historical suspicious activity.
While Mueller alleged that the Russians âstole thousands of emails,â Shawn Henry, who led Crowdstrikeâs DNC remediation, told Congress that the company âdid not have concrete evidence that data was exfiltratedâ but had âindicators that it was exfiltrated.â
With both the breach and the theft in question, the SSCIâs final volume on the Russia investigation promised to provide some answers about how the DNC emails were taken. The 966-page volume, released last month, instead offered one vague sentence.
âHenry testified that CrowdStrike was âable to see some exfiltration and the types of files that had been touchedâ but not the content of those files.â