On a July 25th call with his Ukrainian counterpart, U.S. President Donald Trump made peculiar reference to a cybersecurity firm, CrowdStrike, that has been the subject of fantastic musings by conspiracy theorists. The theorizing kicked into overdrive after the White House on Wednesday released a declassified recap of the conversation, which has provoked a whistleblower complaint and an impeachment inquiry.
CrowdStrike, whose name readers of this newsletter may already recognize, is the digital forensics firm that investigated breaches at the Democratic National Committee in the lead-up to the 2016 U.S. presidential election. Why did its name surface on the call? It’s not entirely clear. But the mention begins to make some sense if one entertains fringe beliefs, fantasies, and paranoid speculation.
Here’s what Trump said to Ukrainian President Volodymyr Zelensky:
I would like you to do us a favor, though, because our country has been through a lot and Ukraine knows a lot about it. I would like you to find out what happened with this whole situation with Ukraine, they say CrowdStrike … I guess you have one of your wealthy people … The server, they say Ukraine has it. There are a lot of things that went on, the whole situation. I think you’re surrounding yourself with some of the same people. I would like to have the Attorney General call you or your people and I would like to get to the bottom of it.
Ultimately, the president seems to be alluding to an idea that alt-right commentators and pro-Russia sympathizers have pushed for years: that CrowdStrike was wrong about Russia hacking the DNC—and, moreover, that CrowdStrike intentionally blamed Russia for political reasons. CrowdStrike’s findings have, of course, been repeatedly affirmed by the intelligence community, the Justice Department, members of Congress, and the office of Robert Mueller. Last year the government indicted a dozen Russian intelligence officers for their role in the hacking plot.
The conspiracy theorists object. They say that the FBI should not trust CrowdStrike. (CrowdStrike provided the bureau with digital images of the DNC’s hacked systems, as is common in this line of work.) They say CrowdStrike’s findings are suspect because the company has ties to Google, whose former chairman and CEO, Eric Schmidt, supported the election of Hillary Clinton. (CrowdStrike is backed a private equity firm, CapitalG, owned by Google’s parent company, Alphabet.) They say CrowdStrike is owned by a Ukrainian billionaire. (A cofounder of the Calif.-based company was born in Moscow and moved to America as a teenager.) And they say CrowdStrike is under the influence of Viktor Pinchuk, a Ukrainian oligarch. (Pinchuk funds a think tank, the Atlantic Council, where the aforementioned CrowdStrike cofounder is a senior fellow.)
These straw-grasping claims and distortions of fact are fuel for the fire of disinformation. Further, the notion that there is some missing “server,” and that the server might exist somewhere—like in Ukraine—has no basis in reality. The DNC’s network consisted of many servers and computers which either had be put out to pasture, rebooted, or rebuilt to rid them of malware and intruders. As the DNC explained in a 2018 lawsuit filed against the Russian government, it had to “decommission more than 140 servers, remove and reinstall all software, including the operating systems, for more than 180 computers, and rebuild at least 11 servers” as a result of the hacking.
CrowdStrike is mostly keeping quiet amid the storm, saying only that it stands by its findings. “With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI,” a CrowdStrike spokesperson wrote in an email to Fortune. “As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US Intelligence community.”
Robert Hackett | @rhhackett | firstname.lastname@example.org
Uncle Sam wants you. NPR dug into America’s campaign of cyber operations focused on disrupting the self-identified Islamic State, or ISIS, in unprecedented detail. Operation Glowing Symphony, as the missions were known, involved hacking into the terror group’s propaganda-pumping media operation, which were handled by just 10 core accounts. Neil (last name not disclosed), a marine reservist who helped devise the takeover strategy, recalls pitching the idea: “I felt like I was in It’s Always Sunny in Philadelphia, when he’s doing the mystery investigation for Pepe Silvia. Pictures on the wall and red yarn everywhere and nobody was understanding me.”
An eye for an eye. As tensions heat up in the Middle East, particularly between Saudi Arabia and Iran, cyberstrikes have arisen as one of the most appealing courses of action for U.S. President Donald Trump. Reluctant to become further embroiled in the situation, the U.S. is weighing an appropriate, retaliatory response to the destruction of Saudi oil fields, the New York Times reports. The trick lies in responding strongly, so the strike acts as a deterrent, but not so strongly that it provokes an even bigger offensive action.
Rain on the Thames. A vulnerability in a London-based “cloud” management system called OnApp that’s used by thousands of cloud-hosting services allows hackers to gain full control of these machines, Vice Motherboard reports. In order to run amok, all a hacker needs to do is rent a single server from one of the providers. The company has released patches but not all customers have applied them.
In the clink. Andrei Tyurin, 36, has pleaded guilty to stealing data on more than 80 million clients of J.P. Morgan and other institutions. Tyurin reaped hundreds of millions of dollars from his hacking exploits, which also targeted Fidelity, E-Trade, and Down Jones.
Has the pee tape been hiding in plain sight the whole time?
Share today’s Cyber Saturday with a friend: http://fortune.com/newsletter/cybersaturday/
Looking for previous Data Sheets? Click here.
Hero or zero? Last week we ran an excerpt from Edward Snowden’s new autobiography. This week we’re highlighting a blog post by Matthew Green, a cryptography professor at Johns Hopkins University, that assesses the potential impact Snowden’s leaks had on the security of the Internet at large. Green concludes that web security has improved greatly since the NSA whistleblower took state spying secrets public—how much one might attribute that progress to Snowden is a matter of debate. “If nothing else, we owe Snowden for helping us to understand how high the stakes might be,” Green says.
Edward Snowden recently released his memoirs. In some parts of the Internet, this has rekindled an ancient debate: namely, was it all worth it? Did Snowden’s leaks make us better off, or did Snowden just embarass us and set back U.S. security by decades? Most of the arguments are so familiar that they’re boring at this point. But no matter how many times I read them, I still feel that there’s something important missing.
Facebook Takes Down Pro-Trump Pages Run by Ukrainians by Natasha Bach
Google Says It’s Cutting Back on Audio Data Collection on Google Home Speakers by Lisa Marie Segarra
To Protect Against Cyber Attacks, Companies Need to Address Data Manipulation. Here’s How by Peter J. Beshar and Ari Mahairas
ONE MORE THING
“Searchable Log of All Communication and Knowledge.” When two companies come together, what happens to their respective Slack channels? Well, Slack has a feature that allows these chat rooms to be easily integrated in the event of a merger. This precise situation has caused tremendous angst at the offices of New York Magazine, a publication recently acquired by Vox. “Imagine if Coca-Cola and Pepsi each made all of their internal discussions accessible to the other’s workforce at once,” writes Brian Feldman for the New York blog Intelligencer.
This is why I conduct all of my meetings in person wearing a mask while using voice-modulating equipment and a Men In Black neuralyzer.