
FBI never examined hacked DNC servers - glasz
http://thehill.com/policy/national-security/312767-fbi-never-examined-hacked-dnc-servers-report
======
janzer
Before anyone else is confused while reading the article, this was published
January 4th.

~~~
anigbrowl
Yeah, not sure what OP's point in publishing a 6 month-old story is. Maybe
amend the title to reflect that, I thought it was some new development and was
also confused.

~~~
3131s
Six months ago would have been right during the most frantic moments of the
election. A lot of people probably missed it.

I already had to vouch for it, but I doubt this will survive another 10
minutes of the flagging / downvote brigade.

~~~
anigbrowl
?!

~~~
3131s
Complete brain failure...

~~~
anigbrowl
Happens to the best of us ;)

------
rdtsc
The firm hired to investigate seems a bit shady to me. They've been playing
fast and loose with their analysis before.

[https://www.linkedin.com/pulse/crowdstrike-needs-address-
har...](https://www.linkedin.com/pulse/crowdstrike-needs-address-harm-
causedukraine-jeffrey-carr)

They simply just made up facts to suit some story. Complete with James Bond
like names - "Fancy Bear" and such. They seem pretty biased against Russia for
whatever reason. It would be nice there was some other evidence for the
"Russia hacked out elections" story. Otherwise what started as a great
propaganda campaign will be running out of steam soon. Or maybe it already
has.

------
r721
"It’s common for the initial forensic analysis to be conducted by outside
firms like CrowdStrike, and once that data has been copied, there’s often
little need to copy it again. BuzzFeed described the FBI’s lack of interest in
the DNC’s server as unusual, citing a number of response firms that preferred
not to be named. But that’s not a unanimous opinion, and two experts contacted
by The Verge disagreed that it was unusual.

“This is normal practice,” says Matt Tait, founder and CEO of Capital Alpha
Security. “In cases like this, the onus for digital forensics is on the third-
party contracted by the company that's calling in the incident response team,
in this case CrowdStrike.”

It’s part of a long-standing division of labor between private firms and law
enforcement, in which incident response firms handle the initial analysis and
network cleanup, leaving broader legal questions to law enforcement. That
division of labor saves time, but it also protects companies from what could
potentially be seen as an invasion of privacy. Turning over a company’s entire
network to a law enforcement agency can be an awkward proposition,
particularly before the nature of the compromise is clear.

That’s particularly true for the DNC, since the FBI was actively investigating
Hillary Clinton for mishandling classified information at the time — and it’s
clear the agency had no reservations about searching for evidence of those
crimes in unrelated cases. Similar awkwardness is common at corporate
breaches, and the result has given incident response firms like CrowdStrike a
persistent business as intermediaries between companies and law enforcement.

...

Once incident response has been conducted, the crucial evidence can be handed
over directly to officials without politically tricky questions of broader
access. We don’t know exactly what CrowdStrike handed over (the company
declined to comment), but that data can range from full disk images to an
edited digest of suspicious files and logged connections. If CrowdStrike did
image the server, any subsequent analysis would simply be confirming that the
firm hadn’t screwed up.

Law enforcement groups sometimes do double-check that data, but it’s unlikely
to change the attribution itself. Even if CrowdStrike wanted to skew the
results toward a particular party, the FBI would be able to check their work
against data pulled directly from the network. “The IC would certainly be able
to check the malware and associated technical data recovered from the DNC
network themselves,” says Tait. “The FBI may be reliant on CrowdStrike to find
malware on the DNC network, but they are not beholden to CrowdStrike's
analysis.”

...

There’s also reason to think CrowdStrike is simply better at this kind of
ground-level forensics than the FBI. The bureau has long struggled to retain
cybersecurity talent, losing a steady stream of agents to more lucrative
positions at a long list of private-sector security companies. That list
includes CrowdStrike itself: the company’s services branch is run by Shawn
Henry, an FBI lifer who many credit with the bureau’s recent focus on
cybersecurity. The result is a persistent brain drain, and a valid reason for
the FBI to focus its energy on the higher-level problems of attribution. If
the FBI had decided to duplicate CrowdStrike’s work, it’s not clear they could
have done a better job."

[https://www.theverge.com/2017/1/5/14178806/fbi-dnc-hack-
serv...](https://www.theverge.com/2017/1/5/14178806/fbi-dnc-hack-server-
examined-forensics-russia)

------
RickJWagner
<Yawn>

Time to move on.

------
droopybuns
This fact has been overlooked by way too many people.

One should ask why the victims would refrain from providing law enforcement
with access to evidence related to a crime that is later blamed as the reason
they lost the election.

~~~
klodolph
"…the FBI never requested access to the DNC’s computer servers…"

~~~
shard972
Then how are they able to say with certainty of what happened? Is it normal to
just take private companies at their word when it comes to investigations?

~~~
mejari
The servers were investigated directly by a private company that specialized
in such things, that the FBI regularly works with, and the results were handed
over. It's really not that strange for an organization to balk at handing over
it's private proprietary information to the federal government. Especially
when there was a chance that within a year that government would be run by
someone with a personal vendetta against said organization.

~~~
Cozumel
> 'The servers were investigated directly by a private company'

A private company owned by the very people who apparently did the breach.
Dmitri Alperovitc is Russian and owns Crowdstrike, the company that did the
'investigation'.

I'm not saying they did it, and honestly I don't care one way or the other but
hiring the people who (allegedly) hacked you to find out who hacked you is the
epitome of stupidity.

Going by what we see of the FBI they absolutely reek of incompetence, paying
$1 million to unlock an iPhone is another example!

(edited: typo)

~~~
klodolph
Are you saying that Dmitri Alperovitc did the hacking, or that he's an agent
of those who did? Or are you just saying that if you think some Russians did
hacking, you should not trust any Russians? None of these options make any
sense to me.

