Part of the problem is ambiguity in the word “exfiltration.” Try as one may, some of the testimony remains opaque. Henry: "We did not have concrete evidence that the data was exfiltrated from the DNC, but we have indicators that it was exfiltrated." ? /TyePqd6b5P
Henry is asked when "the Russians" exfiltrated the data from DNC. Interesting admission in Crowdstrike CEO Shaun Henry's testimony. Inadvertently highlighting the tenuous underpinning for CrowdStrike’s “belief” that Russia hacked the DNC emails, Henry added: “There are other nation-states that collect this type of intelligence for sure, but the - what we would call the tactics and techniques were consistent with what we’d seen associated with the Russian state.” In answer to a follow-up query on this line of questioning, Henry delivered this classic: “Sir, I was just trying to be factually accurate, that we didn’t see the data leave, but we believe it left, based on what we saw.” We said that the data left based on the circumstantial evidence. Henry: “We didn’t have a sensor in place that saw data leave. Stewart: And circumstantial is less sure than the other evidence you’ve indicated. Henry: There is circumstantial evidence that that data was exfiltrated off the network.
Stewart: But you have a much lower degree of confidence that this data actually left than you do, for example, that the Russians were the ones who breached the security? There’s circumstantial evidence … but no evidence that they were actually exfiltrated. Henry: There’s not evidence that they were actually exfiltrated. What about the emails that everyone is so, you know, knowledgeable of? Were there also indicators that they were prepared but not evidence that they actually were exfiltrated? But in this case, it appears it was set up to be exfiltrated, but we just don’t have the evidence that says it actually left. … There are times when we can see data exfiltrated, and we can say conclusively. Henry: Counsel just reminded me that, as it relates to the DNC, we have indicators that data was exfiltrated from the DNC, but we have no indicators that it was exfiltrated (sic). Schiff: Do you know the date on which the Russians exfiltrated the data from the DNC? … when would that have been? The dialogue is not a paragon of clarity but if read carefully, even cyber neophytes can understand: The following excerpts from Henry’s testimony speak for themselves. Henry retired in 2012 and took a senior position at CrowdStrike, the cyber security firm hired by the DNC and the Clinton campaign to investigate the cyber intrusions that occurred before the 2016 presidential election. 5, 2017 from Shawn Henry, a protege of former FBI Director Robert Mueller (from 2001 to 2012), for whom Henry served as head of the Bureau’s cyber crime investigations unit. The until-now-buried, closed-door testimony came on Dec. House Intelligence Committee documents released Thursday reveal that the committee was told two and half years ago that the FBI had no concrete evidence that Russia hacked Democratic National Committee computers to filch the DNC emails published by WikiLeaks in July 2016. A pseudonymous blogger known as “The Forensicator” and a public letter by a group known as Veteran Intelligence Professionals for Sanity (VIPS), an organization composed of former intelligence agents.Īfter publication, vanden Heuvel wrote, the magazine learned that the letter was controversial within VIPS.For two and a half years the House Intelligence Committee knew CrowdStrike didn’t have the goods on Russia. Lawrence’s article presented evidence from two major sources. And, even if the data had showed that a USB drive was used at one point, there would be no reason to believe that it wasn’t used to transport the documents from one Russian system to another. That claim was based on metadata showing that the documents had, at one point, been copied at a speed of about 23 megabytes-per-second, a rate faster than home internet services allow.īut experts note that commercial internet services used by businesses can reach speeds more than five times as fast as 23 megabytes-per-second. Therefore, Lawrence reasoned, it would only be possible for the files to be downloaded directly from a DNC terminal to a USB drive, suggesting that the emails were taken by an internal leaker instead of hackers.
Lawrence claimed that it would be impossible for a remote hacker - including one in Russia - to have downloaded leaked DNC documents at the high speeds implied by metadata contained in the files.
0 kommentar(er)
