Comey: DNC denied FBI's requests for access to hacked servers
http://thehill.com/policy/national-security/313555-comey-fbi...
Who forgot to adjust their clock for leap half year?
I already had to vouch for it, but I doubt this will survive another 10 minutes of the flagging / downvote brigade.
January 4 was about two months after the election, not “during the most frantic moments of the election.”
One should ask why the victims would refrain from providing law enforcement with access to evidence related to a crime that is later blamed as the reason they lost the election.
https://www.linkedin.com/pulse/crowdstrike-needs-address-har...
They simply just made up facts to suit some story. Complete with James Bond like names - "Fancy Bear" and such. They seem pretty biased against Russia for whatever reason. It would be nice there was some other evidence for the "Russia hacked out elections" story. Otherwise what started as a great propaganda campaign will be running out of steam soon. Or maybe it already has.
“This is normal practice,” says Matt Tait, founder and CEO of Capital Alpha Security. “In cases like this, the onus for digital forensics is on the third-party contracted by the company that's calling in the incident response team, in this case CrowdStrike.”
It’s part of a long-standing division of labor between private firms and law enforcement, in which incident response firms handle the initial analysis and network cleanup, leaving broader legal questions to law enforcement. That division of labor saves time, but it also protects companies from what could potentially be seen as an invasion of privacy. Turning over a company’s entire network to a law enforcement agency can be an awkward proposition, particularly before the nature of the compromise is clear.
That’s particularly true for the DNC, since the FBI was actively investigating Hillary Clinton for mishandling classified information at the time — and it’s clear the agency had no reservations about searching for evidence of those crimes in unrelated cases. Similar awkwardness is common at corporate breaches, and the result has given incident response firms like CrowdStrike a persistent business as intermediaries between companies and law enforcement.
...
Once incident response has been conducted, the crucial evidence can be handed over directly to officials without politically tricky questions of broader access. We don’t know exactly what CrowdStrike handed over (the company declined to comment), but that data can range from full disk images to an edited digest of suspicious files and logged connections. If CrowdStrike did image the server, any subsequent analysis would simply be confirming that the firm hadn’t screwed up.
Law enforcement groups sometimes do double-check that data, but it’s unlikely to change the attribution itself. Even if CrowdStrike wanted to skew the results toward a particular party, the FBI would be able to check their work against data pulled directly from the network. “The IC would certainly be able to check the malware and associated technical data recovered from the DNC network themselves,” says Tait. “The FBI may be reliant on CrowdStrike to find malware on the DNC network, but they are not beholden to CrowdStrike's analysis.”
...
There’s also reason to think CrowdStrike is simply better at this kind of ground-level forensics than the FBI. The bureau has long struggled to retain cybersecurity talent, losing a steady stream of agents to more lucrative positions at a long list of private-sector security companies. That list includes CrowdStrike itself: the company’s services branch is run by Shawn Henry, an FBI lifer who many credit with the bureau’s recent focus on cybersecurity. The result is a persistent brain drain, and a valid reason for the FBI to focus its energy on the higher-level problems of attribution. If the FBI had decided to duplicate CrowdStrike’s work, it’s not clear they could have done a better job."
https://www.theverge.com/2017/1/5/14178806/fbi-dnc-hack-serv...
Time to move on.
