DNC, CrowdStrike, FBI and DOJ Missed Initial DNC Email Export Activity By Several Days

March 22, 2023



On July 13, 2018, SCO Mueller (the Special Counsel's office under Robert Mueller) published the Netyksho indictment. The indictment alleged that Russians had hacked into an Exchange server at the DNC (Democratic National Committee) "between, on or about May 25, 2016 and June 1, 2016."

On March 22, 2019, SCO Mueller sent a report to William Barr containing numerous allegations of Russian interference in the 2016 US General Election with much mirroring the indictment's allegations, this is the report that people typically refer to as "The Mueller Report".

On April 10, 2019, an analyst going by the name of "Forensicator" published an analysis of the DNC emails hosted by WikiLeaks and showed that some of the DNC's emails were being acquired as early as May 23, 2016, something that SCO Mueller had apparently overlooked.

On April 19, 2019, a redacted version of the Mueller report was disclosed to the public by the US Department of Justice.

Regarding the acquisition of DNC emails, the report had this to say:

In October 2019, I published an article highlighting the fact that Luis Miranda's emails were exported on May 23, 2016, two days prior to the Exchange server hacking time frame cited in SCO Mueller's Netyksho indictment and the subsequent "Mueller Report".

Why Were Miranda's Mails Missed By Mueller?

We have known for several years now that SCO Mueller missed the start of activity by two or more days.

(The above image comes from Forensicator's analysis of the DNC emails.)

However, some mailboxes appear to have been accessed even earlier than May 23rd, 2016.

We have known, for example, that Jeremy Brinster's emails may have been acquired even earlier (possibly as far back as May 19th).



Emails Exported On May 21, 2016

When WikiLeaks first published their DNC emails, it was not the complete set, in fact, there were emails they had mislaid.

These were subsequently added after the initial release and then announced on November 6, 2016 [or early hours of November 7 if you're in the UK].

This set of additional emails was analyzed by Twitter user Tralfamadorenik and it was noted that these late additions included a batch of emails from Jeremy Brinster that ran from April 20, 2016 through to May 21, 2016, indicating that this batch was acquired on May 21, 2016.

Here we see the missing emails span the date range 2016-04-20 thru 2016-05-21 (an almost exact 30 day range). This suggests that there was an email acquisition of Brinster's emails on May 21 (a new discovery). pic.twitter.com/LTdYM8zRHI

— Tralfamadorenik (@tralfamadorenik) December 13, 2021

Therefore, evidence indicates that the Mueller special counsel missed at least four days of prior activity relating to the acquisition of the DNC emails that were later published by WikiLeaks.

Further details on the 30 day retention (and exceptions to this) as well as other observations can be found here (wh1sks), here (McIntyre) and here (Forensicator).




In summary, the evidence points to the existence of a significant gap in the Special Counsel's investigation into the DNC email breach. Specifically, there appear to be at least four days of activity relating to the acquisition of DNC emails that were not accounted for.

With the evidence relating to Miranda's mailbox, determining an earlier date of export is trivial (it's recorded in the last-modified timestamps of the EML files that WikiLeaks had hosted.)

Despite the presence of easily discoverable evidence, it remains unclear how this activity was missed by the DNC-CrowdStrike-FBI-DOJ pipeline.

Responsibility for email exports between May 21-23, 2016, remains a mystery (and the identity of those responsible for exporting emails on May 25, 2016 is alleged but unproven). The existence of this unexplained activity suggests that there may have been a deliberate attempt to cover up crucial information about the initial acquisition of the DNC emails.


WikiLeaks has apparently struggled to maintain access to the original evidence and their collection of DNC emails has been inaccessible since November 2022. Until this is resolved, the full collection of the DNC's emails can be downloaded here.


If there are any concerns or issues regarding accuracy that anyone would like to speak with me about, please feel free to contact me on: tim.leonard@protonmail.com