WASHINGTON — The FBI did not examine the servers of the Democratic National Committee before issuing a report attributing the sweeping cyberintrusion to Russia-backed hackers, BuzzFeed News has learned.
Six months after the FBI first said it was investigating the hack of the Democratic National Committee's computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News.
“The DNC had several meetings with representatives of the FBI's Cyber Division and its Washington (DC) Field Office, the Department of Justice's National Security Division, and U.S. Attorney's Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC's computer servers,” Eric Walker, the DNC’s deputy communications director, told BuzzFeed News in an email.
The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.
“CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official said, adding they were confident Russia was behind the widespread hacks.
The FBI declined to comment.
“Beginning at the time the intrusion was discovered by the DNC, the DNC cooperated fully with the FBI and its investigation, providing access to all of the information uncovered by CrowdStrike — without any limits,” said Walker, whose emails were stolen and subsequently distributed throughout the cyberattack.
It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014.
BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was "par for the course" for the FBI to do their own forensic research into the hacks. None wanted to comment on the record on another cybersecurity company's work, or the work being done by a national security agency.
The hack of the DNC servers and the subsequent release of purloined emails by WikiLeaks has become a Washington scandal of proportions perhaps not seen since the Watergate era. The hacks — part of what intelligence officials, the White House, and private sector analysts say was a broader Moscow-directed effort to influence the US election — were specifically designed to undercut democratic nominee Hillary Clinton’s path to the presidency and bolster Donald Trump, according to CIA and FBI analysis.
Trump has denied that analysis and mocked the US intelligence agencies that produced it. The president-elect is due to receive an in-depth briefing on the subject on Friday.
In a 13-page report made public the last week of December, the FBI and the Department of Homeland Security confirmed in a joint analysis that Russia was behind the widespread hacks, which targeted Democrats with the intention to manipulate the US election. But the analysis was attributed to broad intelligence across both public and private sectors. Nowhere in the report does it say that the government conducted its own computer forensics on the DNC servers.
“Public attribution of these activities to [Russian Intelligence Services] is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities,” the report says.
On the heels of the report’s release, the White House expelled 35 Russian diplomats, sanctioned, among other things, two of Russia’s premier intelligence agencies, and shut down access to two Russian diplomatic facilities in the US.
Sheera Frenkel contributed reporting to this story.
The article has been updated to reflect that CrowdStrike first discovered Russia-backed hackers had infiltrated the DNC in May 2016. A previous version of the article incorrectly said the group first discovered it in March.