re: So the DNC Server is Clearly Not Important to the Investigation

quote:

---

The “server” Trump is obsessed with is actually 140 servers, most of them cloud-based, which the DNC was forced to decommission in June of 2016 while trying to rid its network of the Russian GRU officers working to help Trump win the election, according to the figures in the DNC’s civil lawsuit against Russia and the Trump campaign. Another 180 desktop and laptop computers were also swapped out as the DNC raced to get the organization back on its feet and free of Putin’s surveillance.

But despite Trump’s repeated feverish claims to the contrary, no machines are actually missing.

It’s true that the FBI doesn’t have the DNC’s computer hardware. Agents didn’t sweep into DNC headquarters, load up all the equipment and leave Democrats standing stunned beside empty desks and dangling cables. There’s a reason for that, and it has nothing to do with a deep state conspiracy to frame Putin.


Trump and his allies are capitalizing on a basic misapprehension of how computer intrusion investigations work. Investigating a virtual crime isn’t a like investigating a murder. The Russians didn’t leave DNA evidence on the server racks and fingerprints on the keyboards. All the evidence of their comings and goings was on the computer hard drives, and in memory, and in the ephemeral network transmissions to and from the GRU’s command-and-control servers.

When cyber investigators respond to an incident, they capture that evidence in a process called “imaging.” They make an exact byte-for-byte copy of the hard drives. They do the same for the machine’s memory, capturing evidence that would otherwise be lost at the next reboot, and they monitor and store the traffic passing through the victim’s network. This has been standard procedure in computer intrusion investigations for decades. The images, not the computer’s hardware, provide the evidence.

Both the DNC and the security firm Crowdstrike, hired to respond to the breach, have said repeatedly over the years that they gave the FBI a copy of all the DNC images back in 2016. The DNC reiterated that Monday in a statement to the Daily Beast.

“The FBI was given images of servers, forensic copies, as well as a host of other forensic information we collected from our systems,” said Adrienne Watson, the DNC’s deputy communications director. “We were in close contact and worked cooperatively with the FBI and were always responsive to their requests. Any suggestion that they were denied access to what they wanted for their investigation is completely incorrect.”

---

quote:

---

In some versions of the servergate conspiracy theory now espoused by Trump, nothing less than physical possession of the hardware will suffice, because Crowdstrike, a respected security firm helmed by a former senior FBI agent, might be part of the deep state’s efforts to frame Putin. White scoffs at that notion, noting that National Republican Congressional Committee is one of Crowdstrike’s customers.

“I’ve done incident response for defense contractors and healthcare groups, this is all standard practice,” said White. “It’s completely defensible in terms of best practices and what was going on.”

---