Cybersecurity

FBI, Dems bicker over investigation of hacked servers

The Democratic National Committee (DNC) and the FBI are fighting over reports that claim the bureau did not conduct an independent analysis of the party’s hacked servers.

The DNC told Buzzfeed in a statement published Wednesday that the FBI never requested access to its servers after they were breached.

But a senior law enforcement official disputed that characterization on Thursday.

“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated,” the official said.

“This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.”

But a former FBI official told The Hill it’s not unusual for the bureau to bypass a direct examination of a hacked server.

“In nine out of 10 cases, we don’t need access, we don’t ask for access, we don’t get access. That’s the normal [procedure],” Leo Taddeo, a former special agent in charge of the cyber division of the FBI’s New York office, told The Hill.

“It’s extraordinarily rare for the FBI to get access to the victim’s infrastructure because we could mess it up,” he added. “We usually ask for the logs and images, and 99 out of a hundred times, that’s sufficient.”

{mosads}Asking for direct access to a server wouldn’t be necessary, Taddeo said, “unless there was a reason to think the victim was going to alter the evidence in some way.”

The Hill has reached out to the DNC for comment but did not receive a response before this story was published.

“The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (D.C.) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices,” DNC deputy communications director Eric Walker told BuzzFeed, but added, “the FBI never requested access to the DNC’s computer servers.”

And according to Buzzfeed, no U.S. intelligence agency has done an independent forensics analysis on the servers.

Instead, the bureau relied on analysis done by the third-party security firm CrowdStrike, which investigated the breach for the DNC.

“Crowdstrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” an intelligence official told BuzzFeed.

The dispute comes against the backdrop of fierce Democratic outrage over the FBI’s role in the 2016 presidential election.

Many — include former Senate Minority Leader Harry Reid (D-Nev.) — have explicitly blamed FBI Director James Comey for Hillary Clinton’s loss in November.

Eleven days before Election Day, Comey sent a letter to lawmakers telling them investigators had uncovered new emails that could be “potentially pertinent” to the bureau’s previously completed probe of Clinton’s private email server and handling of classified material while secretary of State.

The announcement exploded in the final days of the election — and a subsequent missive from Comey saying the new emails had turned up no new evidence did little to quell the storm.

The spat has also highlighted a simmering dispute about whether the FBI dropped the ball in investigating the breach.

When the bureau first contacted the DNC about a nation-state breach of its systems, the tech-support contractor who fielded the call was unsure if the special agent was actually from the FBI, or was a prankster. For weeks, the agent continued to call the committee, but did not receive a response.

CrowdStrike president Shawn Henry, who is also a former head of the FBI’s cyber division, told The New York Times he was shocked the FBI didn’t send an agent to the DNC’s offices directly.

“We are not talking about an office that is in the middle of the woods of Montana,” Henry said. “We are talking about an office that is half a mile from the FBI office that is getting the notification.”

But the statement of the law enforcement official who spoke to the The Hill casts the DNC as recalcitrant and difficult to work with throughout the investigation.

At the time of the first FBI contact, the DNC was dealing with fallout from evidence that the presidential campaign of Sen. Bernie Sanders (I-Vt.), Clinton’s chief rival during the Democratic primary, had improperly accessed Clinton’s campaign data, which may have colored its response.

Security experts say it’s common for lawyers for private organizations to turn down requests from law enforcement for access to servers. Comey has publicly bemoaned that fact, wishing aloud that companies would trust the FBI more.

Companies or private organizations might turn down the FBI over concerns about leaks to the media, or information that might come out in court. IT staff also worry about the FBI possibly damage a company’s systems.

A source with experience in both FBI cyber investigations and private sector forensics said over the past five years it’s become common to let well-established companies handle forensics — even after the FBI comes in.

Forensic procedure involves documentation, allowing the FBI to focus on other aspects of the work. In issues with sensitive information, such as those involving email breaches of high-profile victims, the FBI occasionally prefers not to ever have data that could be mishandled.

Controversy continues to surround the intelligence community’s assessment that Russia was behind the cyberattacks on the DNC and on Clinton campaign chairman John Podesta’s personal email account.

The Obama administration has characterized the hacks as an attempt to interfere in the U.S. election, and officials have said they are “100 percent certain” that Russia is the culprit.

But President-elect Donald Trump has repeatedly rejected that assessment, characterizing it as an attempt by the Obama administration to undermine his presidency.

In a series of tweets this week, Trump accused intelligence officials of delaying a briefing until Friday in order to build a case against Russia — an allegation denied by other officials.

He also appeared to side with WikiLeaks founder Julian Assange, who released emails believed to have been hacked by Russia, over U.S. intelligence agencies. Trump noted in a tweet that Assange has said the emails did not come from Russia, while repeating that anyone could have hacked the DNC.

“Somebody hacked the DNC but why did they not have ‘hacking defense’ like the RNC has and why have they not responded to the terrible things they did and said (like giving the questions to the debate to H). A total double standard! Media, as usual, gave them a pass.” Trump tweeted Wednesday.

The White House has been under fierce pressure to provide a public account of the intelligence community’s assessment.

It delivered its final, classified assessment to President Obama on Thursday, which intelligence officials say will be released in an unclassified form to the public early next week.

Security experts widely derided a joint Homeland Security–FBI report released last week that purported to give technical indicators linking Russia to the breaches, calling it overly broad and “a mess.”

CrowdStrike has gone much further in its published forensics analysis and its evidence is strong, outside experts say, because Russia is widely known to conduct the kind of “active measures” the administration has accused it of using in this case.

Joe Uchill contributed.