CrowdStrike & The DNC's Phantom Intruder (OPINION)

By Adam Carter --- April 25th, 2016

This article deals with circumstantial evidence, so some elements of it are speculative. I have deviated from my usual strict 'hard-evidence' policy because I felt I owed an explanation to those kind enough to follow and support me as to why I sometimes say Crowdstrike could have been behind the Guccifer 2.0 persona.

Questions about CrowdStrike plague me.

For those that don't recall what happened - a brief recap of what happened between 12th and 14th of June:

June 12th
Assange mentions leaks concerning Hillary's use of a private mail server during her time as Secretary of State. To be clear, Assange stated that, although WikiLeaks had already published emails from Hillary Clinton’s private server (originally released by the State Department as non-searchable pdfs), it also had “emails related to Hillary Clinton which are pending publication”.

June 14th
WAPO article is published covering CrowdStrike/DNC claims that, back in April, an intruder was detected on the DNC's network. CrowdStrike cannot identify the intruder they detected, nor specify how the intruder got in (they guess it could be via a ‘phishing’ email).

Nevertheless, CrowdStrike publicly blame ‘Russian intelligence’ based on similarities to historical hack ‘profiles’ distributed on infosec industry lists. CrowdStrike provide no evidence to support most of the claims made. However, they claim they knew, somehow, that there had been some sort of issue relating to the DNC network. All they can confirm is that a "Trump Opposition Research" document was stolen.

Doesn't that seem a bit odd?

Crowdstrike detected a file being accessed but have no clues as to identity of the intruder that accessed it, they can't correlate connection times, etc. All they have is a file name and a bunch of claims backed by no evidence. It's surprising they can't be more specfic about who they kicked off the network considering that, back in April, they claimed to have installed software that could: "analyze data that could indicate who had gained access, when and how."



Crowdstrike: Covert Spies Behind Public Lies? A Theory

I have an alternate theory about what could be behind the timing of the story being provided to WAPO, the specious claims made in it and the apparent opacity with which Crowdstrike operated and it doesn't defy logic or reason.

It would even explain the necessity of lying about their activities at the time but it would require the acceptance of a premise that Crowdstrike are sometimes deceitful.

It is feasible that Crowdstrike may have been back on the DNC's network specifically as a response to the panic that Assange's announcement will have caused for the Clinton Campaign (and by extension, the DNC's leadership). By claiming they were investigating and clearing out unidentified hackers just prior to Assange's announcement, they make it look like their presence was not a reaction to it AND justify the leaks themselves being dated as late as May 2016.

It would seem far more logical that they'd be there, just prior to the article on the 14th, to try to figure out who WikiLeaks’ leaker was and try to gain control over the situation. To me, this would make sense of CrowdStrike's involvement, the DNC's sudden announcements at that time and the unwillingness of the DNC to accept the FBI's offers to help investigate the malware/hacking incidents.

Going public in the Washington Post about "Russian hackers" in such a noisy way could easily have been the result of a story being manufactured to cover up a leak investigation into the source of the Clinton-related leaks.

Of course, from the perspective of hindsight, CrowdStrike and the DNC conceding publicly that they were undertaking an investigation to find an "insider threat"-type leaker might have caused law enforcement to take a closer look at the DNC itself when investigating the motive behind Seth Rich's murder a month later on 10th July.

Crowdstrike had presence, the knowledge/skills/etc, they were not being transparent at all and their intruder detection claims seem highly suspect.

Even though Warren Flood's (an IT worker with longstanding links to the DNC and the Obama White House) name is in the metadata on the rigged documents - Crowdstrike seem like a much better fit for managing the G2 operation overall (the layers of misdirection, how comprehensive the operation was technically, the strategic use of fallacy & other characteristics suggests the involvement of someone with expertise in counter-intelligence, such as Crowdstrike have on their executive board).

Was Crowdstrike being active on the DNC's network and claims made just after Assange's interview, all just coincidental timing?

Was Shawn Henry naming a file one day (with an implausible tale about detecting an intruder due to a specific file being accessed) and Guccifer 2.0 publishing that same file as his first document 2 days later (creating a perception of being immediately validated) just a coincidence too?

For me personally, things seem a little too convenient and the timing makes the emergence of Guccifer 2.0 seem coordinated/orchestrated.

Unfortunately, it is unlikely we will stumble upon a single compelling piece of evidence to support the premise of Crowdstrike being behind Guccifer 2.0.

However, through records requests and further research by journalists there does remain the possibility that evidence could emerge putting Crowdstrike's claims into disrepute (showing Crowdstrike to have been at the DNC with ulterior/undisclosed motives) - Based on an array of circumstantial evidence (some of which I've outlined here), I personally expect to see something of this nature emerge eventually.