Saturday, June 6, 2020

53 Transcripts: The Hacks

Unlike my other summaries of the 53 transcripts recently released by the House Intelligence Committee, there is a lot about this subject I simply don't know enough about to have an informed opinion, other than sticking for now to my default view that the hacks were Russian linked and that the Trump campaign had nothing to do with them. 

The 2016 election campaign hack story can be confusing because there were three different hacks and releases by Wikileaks and a fourth possible hack, which would have occurred earlier, and provides essential context.

The Hacks

John Podesta (Chairman of Clinton campaign) - March 2016 with Wikileaks release on October 7, 2016.

Democratic Congressional Campaign Committee (DCCC) - April 2016 with Wikileaks release in late August.

Democratic National Committee (DNC) - April 2016 with Wikileaks release beginning on July 22, 2016.

The fourth possible hack is of the Hillary Clinton emails from her time as Secretary of State (2009-13) when she maintained a private server which did not meet government security standards.  These include 33,000 emails she had destroyed in an effort to obstruct justice.  It is possible that foreign powers, including Russia and/or China, may be obtained these emails.  The missing emails and the possibility of a foreign unfriendly power having them was being publicly discussed well before public knowledge of the three hacks described above.

Interviews

Those interviewed by the committee with knowledge relevant to the hacks:

John Podesta
Andrew Brown (Technology Director, DNC)
Marc Elias (Perkins Coie, counsel for DNC and Clinton Campaign)
Michael Sussman (Perkins Coie)
Shawn Henry (Crowdstrike)
Yared Tamed (IT Contractor, DNC)

Podesta and Brown had nothing of value to say.  Podesta's hack was very simple.  He clicked on a link in an email sent to him which allowed someone access to his emails.  The summary below will focus on the DNC hack along with some discussion of the DCCC hack.

The Testimony

Yared Tamed worked as a fulltime IT contractor for the DNC since 2013, reporting to Andrew Brown.  In September 2015 she was notified by the FBI that its cybersecurity unit had identified a possible penetration of the DNC servers by a foreign entity.  She and her team looked but could not find anything.  Tamed continued periodically speaking but the "Information FBI was providing honestly was frustrating in how redacted it was". (p.15)

In April 2016, the FBI requested logs (metadata from email which was sent on the 29th), but the day before her team found unusual activity on the network leading them to a hacker.  They subsequently found a second hacker using tools provided by CrowdStrike once it was brought into the matter.

Tamed testified she provided requested images to CrowdStrike which provided them to the FBI.

Marc Elias of Perkin Coie became aware of the DNC hack in April 2016 and reached out to his firm's cybersecurity law expert, Michael Sussman, a former DOJ lawyer.  Sussman hired Crowdstrike, with whom he had not worked before, on the recommendation of others at the firm, but testified the FBI told him it was Russian hackers even before CrowdStrike was hired.

Although James Comey testified the FBI was denied access to the servers, Sussman testified he told the FBI they could have access to anything they wanted, including the servers, but they never asked for access.

Shawn Henry, President of CrowdStrike, joined the company after retiring from the FBI in 2012.  According to Henry what they saw after being hired "was consistent with what we'd seen previously and associated with Russian Government". (p.25)

Henry explained that the two hackers were (1) Russian intelligence (known as Cozy Bear) and (2) Russian military intelligence (known as Fancy Bear).  Cozy Bear had been monitoring email and communications channels at the DNC since July 2015.  Fancy Bear got into the DCCC opposition research and candidate files in early April 2016 and was able to migrate from there into the DNC servers on April 11 where, later that month, it was discovered by Tamed's team.  According to Henry, CrowdStrike did not "have any reason to believe they actually were coordinating with each other." (p.49)

Regarding the issue of data exfiltration which received some media attention when the transcripts were released, Henry stated:
"We have indicators that data was exfiltrated.  We did not have concrete evidence that data was exfiltrated from the DNC . . . it appears it was set up to be exfiltrated, but we just don't have the evidence that says it actually left". (p.32)
However, Henry said there was clear evidence data was exfiltrated from the DCCC.

Marc Elias made an intriguing remark about the DCCC hack:
"I would dare say that not even every member of the committee would, if give the - was able to hack either the [DCCC] or [NRCC] would have the level of sophistication to pick out the kinds of records that were picked out and put online.  And certainly, it seemed to me unlikely that a foreign adversary sitting in Moscow did that" (p.57)
He later speculated regarding the leaked swing House district opposition research, that while it was plausible Russians did the hacking they would not have understood the value of the information.

These observations were not followed up during the committee questioning.  My guess is Elias made them to try to give creedence to the idea that the Trump campaign was coordinating with the Russians and providing the expertise to interpret the documents.  I find that absurd, given how little political expertise (and time) the Trump campaign staff had, along with the fact there is not one bit of concrete evidence of such collaboration.

Under questioning Sussman testified to something not directly relevant to the hacks but of interest as to the Russia collusion story.  Prior to the election, Sussman's former colleague at DOJ and then General Counsel of the FBI, Jim Baker, passed on to him information about contacts to Russian entities and the Trump organization which he then passed on to the New York Times, Washington Post, and Slate.

All of those associated with the Trump campaign who testified denied any involvement with or knowledge of any of the hacks.  They thought it was a bad joke when the accusations were made and dismissed Trump's remarks during the campaign about Hillary's emails as the candidate's typical riffing off the cuff. 

During his testimony Steve Bannon was asked if there had been any discussions about the hacking.  He said it only came up in the debate prep, when the discussion was how, if the question was asked, to pivot to the topic of Clinton corruption which Trump was hammering away on.

No comments:

Post a Comment