'Pull any of this'?
Tell us more about this mythical server you believe is hidden away in Ukraine......
Meanwhile in the real world....
The “server” Trump is obsessed with is actually 140 servers, most of them cloud-based, which the DNC was forced to decommission in June 2016 while trying to
rid its network of the Russian GRU officers working to help Trump win the election, according to the figures in the DNC’s civil lawsuit against Russia and the Trump campaign. Another 180 desktop and laptop computers were also swapped out as the DNC raced to get the organization back on its feet and free of Putin’s surveillance.
But despite Trump’s repeated feverish claims to the contrary, no machines are actually missing.
It’s true that the FBI doesn’t have the DNC’s computer hardware. Agents didn’t sweep into DNC headquarters, load up all the equipment and leave Democrats standing stunned beside empty desks and dangling cables. There’s a reason for that, and it has nothing to do with a deep state conspiracy to frame Putin.
Trump and his allies are capitalizing on a basic misapprehension of how computer intrusion investigations work. Investigating a virtual crime isn’t a like investigating a murder. The Russians didn’t leave DNA evidence on the server racks and fingerprints on the keyboards. All the evidence of their comings and goings was on the computer hard drives, and in memory, and in the ephemeral network transmissions to and from the GRU’s command-and-control servers.
When cyber investigators respond to an incident, they capture that evidence in a process called “imaging.” They make an exact byte-for-byte copy of the hard drives. They do the same for the machine’s memory, capturing evidence that would otherwise be lost at the next reboot, and they monitor and store the traffic passing through the victim’s network. This has been standard procedure in computer intrusion investigations for decades. The images, not the computer’s hardware, provide the evidence.
Both the DNC and the security firm
Crowdstrike, hired to respond to the breach, have said repeatedly over the years that they gave the FBI a copy of all the DNC images back in 2016. The DNC reiterated that Monday in a statement to the Daily Beast.
“The FBI was given images of servers, forensic copies, as well as a host of other forensic information we collected from our systems,” said Adrienne Watson, the DNC’s deputy communications director. “We were in close contact and worked cooperatively with the FBI and were always responsive to their requests. Any suggestion that they were denied access to what they wanted for their investigation is completely incorrect.”
It’s also consistent with the Department of Justice’s
electronic evidence manual, which recommends capturing images when practical even when the FBI is executing a search warrant against a uncooperative suspect. When the computers belong to a cooperating victim, seizing the machines is pretty much out of the question, said James Harris, a former FBI cybercrime agent who worked on a 2009 breach at Google that’s been linked to the Chinese government.
“In most cases you don’t even ask, you just assume you’re going to make forensic copies,” said Harris, now vice president of engineering at PFP Cyber. “For example when the Google breach happened back in 2009, agents were sent out with express instructions that you image what they allow you to image, because they’re the victim, you don’t have a search warrant, and you don’t want to disrupt their business.”
There’s a final bit of evidence that the FBI got what it wanted from the DNC, and it was filed in the U.S. District Court in Washington, D.C. last Friday: 29-pages of inside details showing exactly how and when the GRU’s hackers moved through the DNC’s network on their mission to help Trump.
Trump’s ‘Missing DNC Server’ Is Neither Missing Nor a Server
