DNC ‘Russian Hacking’ Conclusion Comes from Google-Linked Firm

CrowdStrike
CrowdStrike

CrowdStrike, the third-party company relied upon by the FBI to make its assessment about alleged Russian hacking into the Democratic National Committee (DNC), was financed to the tune of $100 million from a funding drive last year led by Google Capital.

Google Capital, which now goes by the name of CapitalG, is an arm of Alphabet Inc., Google’s parent company. Eric Schmidt, the chairman of Alphabet, has been a staunch and active supporter of Hillary Clinton and is a longtime donor to the Democratic Party.

On Thursday, a senior law enforcement official told CNN that the DNC “rebuffed” the agency’s request to physically examine its computer servers after the alleged hacking. Instead, the FBI relied on CrowdStrike’s assessment that the servers had most likely been hacked by Russian agents.

“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated,” CNN quoted the senior law enforcement official as saying. “This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.”

The news network was following up on a BuzzFeed report that first broke the story that the FBI did not examine the DNC’s servers before issuing a joint report with the DHS last week accusing Russian civilian and military intelligence services of compromising networks and infrastructure associated with the 2016 presidential election.

Contrary to the claim from the FBI about being rebuffed, Eric Walker, the DNC’s deputy communications director, told BuzzFeed that the FBI never requested access to the servers.

“The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers,” Walker wrote in the email.

BuzzFeed further reported on the FBI’s reliance on CrowdStrike’s assessment about the alleged Russian hacking:

The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.

“CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official said, adding they were confident Russia was behind the widespread hacks.

The CNN report also affirmed that the FBI relied on CrowdStrike’s findings.

CrowdStrike is a California-based cybersecurity technology company co-founded by experts George Kurtz and Dmitri Alperovitch. The company’s website explains the firm was founded because Alperovitch and Kurtz “realized that a brand new approach was needed — one that combines the most advanced endpoint protection with expert intelligence to pinpoint the adversaries perpetrating the attacks, not just the malware.”

In an Esquire profile, Alperovitch, a Russian expat, recalls he first discovered that Russia allegedly hacked into the DNC when one of his analysts installed a proprietary software package into the DNC’s system and immediately discovered the alleged Russian breach.

“Are we sure it’s Russia?” Alperovitch says he asked the analyst.

Esquire reported:

The analyst said there was no doubt. Falcon had detected malicious software, or malware, that was stealing data and sending it to the same servers that had been used in a 2015 attack on the German Bundestag. The code and techniques used against the DNC resembled those from earlier attacks on the White House and the State Department. The analyst, a former intelligence officer, told Alperovitch that Falcon had identified not one but two Russian intruders: Cozy Bear, a group CrowdStrike’s experts believed was affiliated with the FSB, Russia’s answer to the CIA; and Fancy Bear, which they had linked to the GRU, Russian military intelligence.

Alperovitch then called Shawn Henry, a tall, bald fifty-four-year-old former executive assistant director at the FBI who is now CrowdStrike’s president of services. Henry led a forensics team that retraced the hackers’ steps and pieced together the pathology of the breach. Over the next two weeks, they learned that Cozy Bear had been stealing emails from the DNC for more than a year. Fancy Bear, on the other hand, had been in the network for only a few weeks. Its target was the DNC research department, specifically the material that the committee was compiling on Donald Trump and other Republicans. Meanwhile, a CrowdStrike group called the Overwatch team used Falcon to monitor the hackers, a process known as shoulder-surfing.

According to the Esquire story, Alperovitch was surprised when the DNC, which had contracted CrowdStrike for cybersecurity, wanted to go public about the alleged Russia hack, which took place at around the same time Donald Trump was being accused of having a relationship with Russia.

Esquire documented:

Hacking, like domestic abuse, is a crime that tends to induce shame. Companies such as Yahoo usually publicize their breaches only when the law requires it. For this reason, Alperovitch says, he expected that the DNC, too, would want to keep quiet.

By the time of the hack, however, Donald Trump’s relationship to Russia had become an issue in the election. The DNC wanted to go public. At the committee’s request, Alperovitch and Henry briefed a reporter from The Washington Post about the attack. On June 14, soon after the Post story publicly linked Fancy Bear with the Russian GRU and Cozy Bear with the FSB for the first time, Alperovitch published a detailed blog post about the attacks.

Google financing

CrowdStrike advertises on its website that it is “proud to have received major funding from some of the world’s most prestigious technology providers and investment firms” – most prominently Google Capital, which “led (a) $100M investment in CrowdStrike.”

“It’s extremely gratifying to bring in a high-caliber investor like Google Capital which shares our passion for innovation and sees the opportunity to completely transform the security industry,” CrowdStrike’s co-founder and chief executive officer Kurtz said after the completion of the financing in July 2015. “As we continue to experience hyper-growth, this capital injection will help us firmly establish our SaaS-based endpoint protection platform as the leading solution to address today’s sophisticated attacks and will allow CrowdStrike to further accelerate our domestic and international expansion.”

In November, Google Capital re-branded itself and now goes by the name of CapitalG. It is a venture capital arm of Alphabet Inc.

CapitalG explained: “Founded in 2013 in Mountain View, California, we began as Google Capital, a growth equity investment fund. We changed our name to CapitalG in 2016, after Google created Alphabet to serve as its parent company. Though our name has changed, our goal remains the same: to make return-driven investments in leading companies around the world and help entrepreneurs rapidly grow their businesses.”

CapitalG’s website documents its close links to Google:

“Our Google connection is our key asset. We call on experts from Google’s offices around the world to help our portfolio companies grow… CapitalG works with Google experts to advise on product, engineering, marketing, sales, operations, and other essential areas to help companies scale effectively. The Googlers draw upon knowledge from their day to day roles to offer valuable technical advice—from scaling architecture, to making the transition to the cloud, to mobile development, to cybersecurity, and much more.”

Eric Schmidt, the chairman of Alphabet, which owns CapitalG, has been a staunch and active supporter of Hillary Clinton.

In November, the Wall Street Journal reported on an email released that month claiming Schmidt was “ready to fund, advise recruit talent” for Clinton’s campaign and that he “clearly wants to be head outside advisor.”

The Journal reported:

Mr. Schmidt in April 2014 backed a startup dubbed Timshel that helped develop some of the technology behind Mrs. Clinton’s campaign website, including functions to sign up supporters and accept donations, according to the emails.

Around that time, Mr. Schmidt sent a Clinton campaign official a lengthy memo with advice on running the campaign. He told campaign officials he was “ready to fund, advise recruit talent,” and “clearly wants to be head outside advisor,” according to a 2014 email from Clinton campaign Chairman John Podesta to campaign manager Robby Mook. Mr. Schmidt’s memo to Clinton aide Cheryl Mills is included in the leaked emails.

Schmidt drew up a plan for Clinton’s campaign a year before she announced her White House bid, released emails showed. He sent the memo to top Clinton aide Cheryl Mills, chief of staff to Clinton when she was secretary of state.

The Daily Mail reported:

The Google titan outlined a number of things, including one Clinton definitely listened to – where she should base her campaign headquarters. ‘Its important to have a very large hiring pool (such as Chicago or NYC) from which to choose enthusiastic, smart and low paid permanent employees,’ Schmidt argued.

He also nixed Washington, D.C., as an idea, even though it’s a thriving city for millennials. ‘DC is a poor choice as its full of distractions and interruptions,’ he wrote in the memo, emailed to Mills.

She then passed it along to John Podesta, whose emails were hacked and made public by Wikileaks.

Schmidt was spotted at Clinton’s nixed election night party wearing a “staff” badge.

Meanwhile, Shawn Henry, president of CrowdStrike Services and CSO of the firm, is a retired executive assistant director of the FBI.

“Henry, who served in three FBI field offices and at the bureau’s headquarters, is credited with boosting the FBI’s computer crime and cybersecurity investigative capabilities,” his CrowdStrike bio says.

Last April, CrowdStrike General Counsel and Chief Risk Officer Steven Chabinsky was appointed to President Obama’s White House Commission on Enhancing National Cybersecurity.

A CrowdStrike press release explained:

Under the Commission, Chabinsky and 11 other industry leaders have been directed by the White House to recommend “bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity in today’s digital world.”

President Obama, in an official statement, commended the members for bringing ”a wealth of experience and talent to this important role,” and charged the Commission with “the critically-important task of identifying the steps that our nation must take to ensure our cybersecurity in an increasingly digital world.”

CrowdStrike co-founder Alperovitch, meanwhile, has a bad taste for Russia, according to the Esquire profile:

Alperovitch knows a thing or two about what the Russians call “active measures,” in which propaganda is used to undermine a target country’s political systems. He was born in 1980 in Moscow, in an era when people were afraid to discuss politics even inside their homes. His father, Michael, was a nuclear physicist who barely escaped being sent to Chernobyl as part of a rescue mission in 1986. Many of Michael’s close friends and colleagues died of radiation poisoning within months of flying to the burning power plant. The takeaway for Dmitri was that “life is cheap in the Soviet Union.”

Alperovitch is a nonresident senior fellow of the Cyber Statecraft Initiative at the Atlantic Council.  The Council takes a hawkish approach toward Russia and has released numerous reports and briefs about Russian aggression.

The Council is funded by the Rockefeller Brothers Fund, Inc, the U.S. State Department, and NATO ACT.

Another Council funder is the Ploughshares Fund, which in turn has received financing from billionaire George Soros’ Open Society Foundations.

In an interview with PBS, host Judy Woodruff asked Alpervotich whether he had a conflict of interest in the alleged Russia hacking case since his firm, which was helping to publicize the Russia claims, was employed by the DNC.

Here is a transcript of that section of the interview:

JUDY WOODRUFF: Now, Dmitri Alperovitch, we want to point out and we said earlier, you were — your company was the one that uncovered this in the first place. You were working for the Democratic National Committee. Are you still working — doing work for them?

DMITRI ALPEROVITCH: We’re protecting them going forward. The investigation is closed in terms of what happened there. But certainly, we’ve seen the campaigns, political organizations are continued to be targeted, and they continue to hire us and use our technology to protect themselves.

JUDY WOODRUFF: I ask you that because if there’s a question of conflict of interest, how do you answer that?

DMITRI ALPEROVITCH: Well, this report was not about the DNC. This report was about information we uncovered about what these Russian actors were doing in eastern Ukraine in terms of locating these artillery units of the Ukrainian army and then targeting them. So, what we just did is said that it looks exactly as the same to the evidence we’ve already uncovered from the DNC, linking the two together.

Aaron Klein is Breitbart’s Jerusalem bureau chief and senior investigative reporter. He is a New York Times bestselling author and hosts the popular weekend talk radio program, “Aaron Klein Investigative Radio.” Follow him on Twitter @AaronKleinShow. Follow him on Facebook.

With research by Joshua Klein.

COMMENTS

Please let us know if you're having issues with commenting.