dChan
Anonymous ID: 801f6d Oct. 7, 2018, 12:37 p.m. No.3383364   🗄️.is 🔗kun   >>3462

https://medium.com/homefront-rising/dumbstruck-how-crowdstrike-conned-america-on-the-hack-of-the-dnc-ecfa522ff44f

 

Michael Sussman and Crowdstrike

 

More at Link!

 

On April 29, 2016, when the DNC became aware its servers had been penetrated, an emergency meeting was held between the Chairwoman of the DNC, Debbie Wasserman-Schultz, DNC’s Chief Executive, Amy Dacey, the DNC’s Technology Director, Andrew Brown, and Michael Sussman, a lawyer for Perkins Coie, a Washington, DC law firm that represented the DNC. Sussman took control of the meeting, setting out the DNC’s agenda when it came to dealing with the cyber attack on its server. The three most important questions, Sussman declared, were what data was accessed, how was it done, and how can it be stopped?

 

The one question Sussman, a former federal prosecutor who focused on computer crimes, did not ask was, who did it?

 

It took the DNC four days to decide to bring in an outside vendor to investigate the breach of its servers. In the end, it was Sussman who made the call to Shawn Henry at CrowdStrike. The call was made on May 4; by May 5 CrowdStrike had installed its FalconHost software that had triggered the Russian attribution.

 

This wasn’t the first time CrowdStrike had been called in by the DNC. In December 2015 it tapped the company to conduct an audit of the circumstances surrounding a breach of security involving the DNC’s party-administered voter file system — specialized software developed by the company NGP VAN known as VoteBuilder. Over the course of five weeks, CrowdStrike examined administrative logs from the DNC to assess user activity within the VoteBuilder system, and conducted a forensic examination of two other systems belonging to the campaign of Vermont Senator Bernie Sanders. The results of the CrowdStrike investigation were released on April 29, 2016 — the same day the breach of DNC servers was detected.

 

Acting on FalconHost’s May 5 alert, CrowdStrike poured over the data. FalconHost had found indicators — malware, techniques, and patterns of behavior — that suggested two APT’s, Cozy Bear and Fancy Bear, were behind the cyber attack on the DNC. Shawn Henry now deployed CrowdStrike’s Overwatch capabilities to answer the questions Sussman had asked: What data had been compromised, how did this compromise occur, and how could the DNC prevent future compromise?

 

At some point, the decision was made by the DNC and CrowdStrike to go ahead and regain control of the DNC servers. But to CrowdStrike, this wasn’t enough. Sifting through the data collected by Shawn Henry and his Falcon Overwatch team, Dmitri Alperovitch was taken aback by the sheer audacity of what had transpired. Michael Sussman, the DNC legal counsel, agreed. “You have a presidential election underway here and you know that the Russians have hacked into the DNC,” Mr. Sussman told the New York Times. “We need to tell the American public that. And soon.”