On Monday, President Trump granted credence to Vladimir Putin’s account of the hacks of the Democratic National Committee and Democratic Congressional Campaign Committee, as well as Hillary Clinton’s campaign servers, had nothing to do with Russia. In doing so, he threw his own intelligence agencies under the bus. He has no evidence whatsoever to suggest that his intelligence agencies are wrong — but he does have a question he frequently posits, and that has been repeated ad nauseum by those on the right who question the official story: if the DNC was hacked by the Russians, why didn’t they turn over their servers to the FBI?
Trump explained:
You have groups that are wondering why the FBI never took the server — haven’t they taken the server. Why was the FBI told to leave the office of the Democratic National Committee? I’ve been wondering that, I’ve been asking that for months and months and I’ve been tweeting it out and calling it out on social media. Where is the server? I want to know where is the server and what is the server saying?
But there’s one problem: the DNC did apparently cooperate with the FBI, according to the FBI. And they didn’t have to “turn over” their servers in order to provide the FBI with the information on the hacking, as is obvious from the Mueller indictment of 12 Russian hackers. How could the FBI have gathered information on those hackers without access to information from the DNC servers?
The Daily Beast has a good look at the underlying information from Kevin Poulson today. Here’s the relevant section:
When cyber investigators respond to an incident, they capture that evidence in a process called “imaging.” They make an exact byte-for-byte copy of the hard drives. They do the same for the machine’s memory, capturing evidence that would otherwise be lost at the next reboot, and they monitor and store the traffic passing through the victim’s network. This has been standard procedure in computer intrusion investigations for decades. The images, not the computer’s hardware, provide the evidence. Both the DNC and the security firm Crowdstrike, hired to respond to the breach, have said repeatedly over the years that they gave the FBI a copy of all the DNC images back in 2016.
So the DNC didn’t turn over its physical servers because they were still using those during the campaign — and the FBI had access to the imaging. Former FBI Director James Comey said he wanted direct access to the DNC servers for purposes of accessing the live network — and that’s where the DNC turned the FBI down. That’s not uncommon, apparently:
When the computers belong to a cooperating victim, seizing the machines is pretty much out of the question, said James Harris, a former FBI cybercrime agent who worked on a 2009 breach at Google that’s been linked to the Chinese government. “In most cases you don’t even ask, you just assume you’re going to make forensic copies,” said Harris, now vice president of engineering at PFP Cyber. “For example when the Google breach happened back in 2009, agents were sent out with express instructions that you image what they allow you to image, because they’re the victim, you don’t have a search warrant, and you don’t want to disrupt their business.”
So the DNC wasn’t covering for a leak of material to the Russians. This is all apparently misdirection. And if it’s not, it would behoove those theorizing that it is to explain how the FBI got access to all the information they needed to indict those 12 Russian citizens.