When presented with allegations of a devastating foreign cyber attack on one of the two major political parties, the FBI meekly agreed to allow CrowdStrike and Perkins Coie to do the forensic examination and, for all intents and purposes, run the investigation. And, as discussed in the previous article, that company, CrowdStrike, was to do the investigation pursuant to its contract with Michael Sussmann of Perkins Coie, the law firm that represented Hillary Clinton’s presidential campaign. So, instead of using a search warrant or some other legal process to perform a direct, hands on forensic examination of the DNC server, the FBI agreed to base its investigation on the findings of a private cybersecurity company. Q: Was there one request or multiple requests?Ī: Multiple requests at different levels and ultimately what was agreed to is that the private company would share with us what they saw. Q: Do you know why you were denied access to those servers?Ī: I don’t know for sure. It said the Arizona server held “thousands of files” for the GRU officers for their operations in 2016.Ĭalls to cybersecurity experts and academics seeking comment on the Russians’ reported methods were not immediately returned Friday.Q: But is that typically the way the FBI would prefer to do the forensics or would your forensic unit rather see the servers and do the forensics themselves?Ī: We always prefer to have access hands on ourselves, if that’s possible. Stolen data first went to a group of “middle servers” that communicated with the Arizona server, which the Russians would then access, according to the report. In addition to X-Agent, the Russians used “X-Tunnel” that gave the hackers the capability to view screenshots of Democratic employees’ computers. The Arizona computer “served as a nerve center,” the report said, allowing the Russian hackers to control the malware that broke in and stored the stolen Democratic data. The bulk of the information stolen using the Arizona-based computer “included passwords, internal communications between employees, banking information, and sensitive personal information” and occurred between April and June 2016, according to the Special Counsel’s report. The malware “transmitted information from the victims’ computers to a GRU-leased server located in Arizona” that the Russians checked for information – keystroke logs and information on fundraising and voter outreach, for example. The indictment said the GRU officers installed malware called “X-Agent” on 10 computers of the Democratic National Committee and the Democratic Congressional Campaign Committee in April 2016. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S.
persons and entities involved in the 2016 U.S.
It said the 12 conspired to “gain unauthorized access (to ‘hack’) into the computers of U.S. Same report, different take for state lawmakers eyeing Mueller report The unredacted portions do not reveal where in Arizona the leased computer was located or which company might have leased it.īut the report echoes information that was cited in a June indictment filed by Special Counsel Robert Mueller’s office against 12 officers of the GRU, the Russian intelligence directorate. That’s according to the long-awaited Mueller report on the two-year investigation into possible Russian meddling in the 2016 presidential election.īuried in the 448-page report is a little more than a page that said Russian intelligence officers used a “leased computer” in Arizona to help funnel information that was stolen from hacked Democratic Party computers.Ībout half of the page on the Arizona server is redacted because the information relates to an “investigative technique” – one of the areas blacked out from the report, along with information about grand jury testimony, ongoing investigation and privacy concerns. Petersburg apparently passes through Arizona – at least the cyber-road does. PHOENIX – The road from Washington to St. Outtakes of the Special Counsel’s report – the Mueller report – on Russian meddling in the 2016 presidential election and a June indictment by the special counsel’s office of 12 alleged Russian hackers both cite a leased computer server in Arizona that was used to transmit stolen Democratic Party data.