The FBI has publicly accused Russia of hacking the emails of the Democratic National Committee and Hillary Clinton's campaign chairman, John Podesta. Now a new report is raising questions about how the bureau — as well as other intelligence agencies who've accused the bureua — can be so sure of its conclusion.
BuzzFeed News reported Wednesday that DNC sources confirmed the FBI never even examined its compromised servers. The same sources also said that no government agency conducted an independent forensic analysis of the technology before Homeland Security Secretary Jeh Johnson and Director of National Intelligence James Clapper issued a joint statement in early October, naming the Russian government as a key player:
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations...Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities.
Two months later, on Dec. 29, the DHS, FBI and Office of the Director of National Intelligence released another statement, adding to intelligence sources' original assessment that Russia interfered in the U.S. election:
The U.S. government can confirm that the Russian government, including Russia’s civilian and military intelligence services, conducted many of the activities generally described by a number of these security companies. The Joint Analysis Report recognizes the excellent work undertaken by security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response.
But despite officials' seemingly definitive conclusion, DNC deputy communications director Eric Walker reportedly said Wednesday that while the DNC met several times with intelligence officers, the FBI "never requested access to the DNC's computer servers."
Shannon McMurtrey, assistant professor of management information systems at Drury University in Springfield, Missouri, told TheBlaze Thursday that while access to a compromised computer server can help determine the source of a cyberattack, the task of assigning blame can be much more complicated.
"Attribution is extremely difficult due to the ease with which you can spoof just about every detail. Physical access to the server is a start, but even then critical logs may be missing or altered," McMurtrey said.
"Security companies and private sector network owners and operators," as mentioned in the Dec. 29 statement by the FBI, DHS and ODNI, suggests U.S. officials relied on the evidence provided by cybersecurity experts at one or more privately owned cybersecurity firms to draw what is perhaps one of the intelligence community's most important investigations in years — arguably since 9/11.
Indeed, BuzzFeed reported the name of the company assigning blame to Russia is the California-based cybersecruity firm, CrowdStrike.
A representative for the company did not immediately respond to a request for comment from TheBlaze.
“CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate," one intelligence official told BuzzFeed.
However, at least three intelligence officials told BuzzFeed it is usually "par for the course" for the FBI to conduct its own forensic research, especially in a case of this magnitude. Although, in this instance, it's not clear why the FBI did not adhere to what seems to be standard procedure.
An FBI spokesman did not immediately respond to a request for comment from TheBlaze.