Volume V from the Senate Intelligence Committee then turns from "Counterintelligence Concerns" to the government response, and once again it gets interesting and significant. There are two sub-sections, one on the DNC hack and the FBI's response and the other on Christopher Steele and his infamous dossier.
The first part is by far the shorter, taking up only 35 pages, from 811 to 845. Or rather, 815 to 835, with the first few pages serving as a general introduction. The introduction cites now familiar facts about the FBI investigation of the Trump campaign. It began with a tip from a friendly foreign government, name redacted, but known to be Australia. The FBI gave the Trump campaign its usual counter-intelligence briefing without mentioning that four members of the campaign were under FBI investigation. It also said that the Mueller investigation, being criminal, did not address all counterintelligence concerns.
Longer and more interesting is the discussion of the FBI's interactions with the Democratic National Committee (DNC). The report discusses at length the failures to communicate between the two entities, with each blaming the other. The details need not concern us. The FBI attempted to warn the DNC starting in August, 2015 that they were targets for hacking. Recall at the time, the hacker was Cozy Bear a/k/a the SVR a/k/a Russia's civilian intelligence agency, which limited itself to intelligence gathering and did not publicly release any information. That was seen as normal intelligence gathering -- undesirable, of course, but not particularly alarming. The FBI issued warnings to the DNC's cyber security director, but he did not find anything. The FBI asked for DNC cyber logs and apparently saw the request as a sign of alarm, but the DNC did not recognize the request as alarming. Fancy Bear, a/k/a the GRU a/k/a Russian Military Intelligence, the agency that did publish DNC e-mails, did not successfully break into the DNC system until April, 2016.
It was the Fancy Bear hack that the DNC discovered first, on April 28, 2016, only ten days after Fancy Bear broke in. It was only after that that the DNC began to take alarm and make logs available to the FBI. However, the DNC did not invite the FBI to examine its system, and instead reached out to CrowdStrike, a private security firm. It was CrowdStrike that discovered the Cozy Bear hack. The DNC swapped out its system on June 10, 2016 and publicly reported the matter on June 14, 2016. It was only after the matter became public that the FBI reached out to request copies of the malware CrowdStrike had collected. The Committee concluded that communications were inadequate on both sides, and that the FBI should have been more forceful in conveying the gravity of the situation, even resorting to subpoena or other compulsory process.
Volume V also emphasizes the high level of distrust on the part of the DNC, and that this is quite common among victims of hacking. This is important to keep in mind, since right wing revisionist history claims there was a conspiracy between the Clinton campaign and the FBI to frame Donald Trump. In fact, Hillary Clinton was under FBI investigation and deeply distrustful of the FBI, an distrust that extended to the DNC.
But this distrust is by no means limited to Hillary Clinton or the DNC. The FBI's experience is that very often the targets of hackers are uncooperative. Most organizations do not want to publicize the fact that they have been hacked for fear of losing public trust. Most organizations also do not want the FBI searching through their computer systems and looking at private and proprietary data. They prefer to hire private security to deal with the hack as privately as possible. The FBI, in turn, does not know how to navigate most organizations' computer systems and depends on the organization to guide them. A grand jury subpoena is an option, but rarely used. The report quotes the FBI as saying that in "a majority of cases" (p. 817) or "half the time" (p. 818) the victim does not want to cooperate.
Next up: The Steele Dossier
No comments:
Post a Comment