Trump and “the Server”
POTUS believes, and is propagating, a conspiracy theory.
One of the disturbing elements of the current impeachment saga is the fact that the President of the United States appears to be guided by a debunked (and, indeed, nonsensical) conspiracy theory about a piece of computer hardware. Or, he is deliberating spreading lies that he knows to be untrue–which is just as bad.
I tend to think he actually believes this nonsense because if conspiracy theories about Ukrainian interference in the 2016 elections were true it would remover the taint of Russia’s interference on his behalf (and would further undercut the Mueller Report).
Ok, so what am I talking about here? During the 2016 campaign the DNC computer systems were hacked. The DNC hired a consulting firm, Crowdstrike, to investigate the hack, which eventually included the FBI. As is standard practice, the DNC provided the FBI with copies of the needed data from their system. They did turn over the hardware.
It should be noted that the investigation lead to formal charges being filed against Russian nationals connected to the Russia intelligence services. All credible information links these hacks to the Russians.
Nevertheless, there is a conspiracy theory in some right-wing circles (propagated by sites like Breitbart and the Daily Caller, among others) that Ukraine framed Russia and somehow the evidence of this is one “the server” which was whisked away to hid in Ukraine (for reasons I have never seen explained).
The most important subscribed to this theory is Donald J. Trump and one of the things that he has asked Ukraine to do relates to this mythical server.
From the now infamous July 25 call, Trump says the following to Zelensky
I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike… I guess you have one of your wealthy people… The server, they say Ukraine has it. There are a lot of things that went on, the whole situation.
This is all nonsense. First, it should be a tell that a person really has nothing concrete when the basis for a claim is “they say…”. Trump frequently relies on this rhetorical device.
Second, “I guess one of your wealthy people” is nonsense based on the notion that one of the co-founders of Crowdstrike is Ukrainian. He isn’t, but the notion that he is is central to the theory. In fact, he is of Russia birth and a US citizen. This part of Trump’s theory is simply not true.
Third, the notion that “Ukraine has it” (the server) is nonsensical. Not only was there no single server (there were actually more than 140*), it makes zero sense that anyone would have taken an item that had damning evidence on it out of the country for safekeeping. For one thing, trying to move an object internationally would have increased the chances of it being found by authorities, but more importantly, if this alleged singular server was that damning a piece of evidence, why not just destroy it? Pound to pieces with a sledgehammer, melt it in a foundry, blow it up with c4, sink it in one of the Great Lakes. There is no reason, save for the perverse logic of conspiracy theories, to spirit the thing to Ukraine.
Trump shared a more detailed version of this tale on Fox & Friends last week:
Donald Trump: (06:02)
It’s very interesting. They have the server, right, from the DNC, Democratic National Committee-
Brian Kilmeade: (06:07)
Who has the server?
Donald Trump: (06:09)
The FBI went in and they told them, “Get out of here. We’re not giving it to you.” They gave the server to CrowdStrike or whatever it’s called, which is a company owned by a very wealthy Ukrainian. And I still want to see that server. The FBI has never gotten that server. That’s a big part of this whole thing. Why did they give it to a Ukrainian company? Why-
This is just nonsense. The FBI did not need the physical server. And had they really wanted it, and for some reason the DNC would not release it, the FBI could have gone to court to obtain access (although since the DNC was hacked, they had every reason to cooperate).
I called up Thomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies to help explain the technical details behind this type of forensic investigation. Rid, who wrote a detailed explanation about why Russia was likely behind the DNC hack for Motherboard in July 2016, told me that “from a forensic point of view, the question of a server at this stage doesn’t make any sense.”
“To really investigate a high profile intrusion like the DNC hack, you have to look beyond the victim network,” Rid said. “You have to look at the infrastructure—the command and control sites that were used to get in that are not going to be on any server … looking at one server is just one isolated piece of infrastructure.”
“To keep it simple, let’s say there’s only one server. CrowdStrike goes in, makes a complete image including a memory dump of everything that was in the memory of the server at the time, including traffic and connections at the time,” Rid said. “You have that image from the machine live in the network including its memory content, versus a server that someone physically carries into the FBI headquarters. It’s unplugged, so there’s no memory content because it’s powered down. That physical piece of hardware is less valuable for an investigation than the onsite image and data extraction from a machine that is up and running. The idea a physical server would add any value doesn’t make any sense.“
People calling to see “the server” simply don’t understand how something like this is investigated.
The Motherboard piece continues:
Lesley Carhart, principal threat hunter at the cybersecurity firm Dragos, told Motherboard that physical servers are rarely seized in forensics investigations.
“For decades, it has been industry-standard forensic and digital evidence handling practice to conduct analysis on forensic images instead of original evidence,” she said. “This decreases the risk of corruption or accidental modification of that evidence.”
I asked Rid if he thought it was suspicious that the DNC did not hand over the actual server to the FBI, and he said “no, not at all.”
Beyond the issue of the server, in regards to the theory that Ukraine, and not Russia, hacked the server, it is worth noting that the Trump Department of Justice indicted 12 Russians for the hack:
The Department of Justice today announced that a grand jury in the District of Columbia returned an indictment presented by the Special Counsel’s Office. The indictment charges twelve Russian nationals for committing federal crimes that were intended to interfere with the 2016 U.S. presidential election. All twelve defendants are members of the GRU, a Russian Federation intelligence agency within the Main Intelligence Directorate of the Russian military. These GRU officers, in their official capacities, engaged in a sustained effort to hack into the computer networks of the Democratic Congressional Campaign Committee, the Democratic National Committee, and the presidential campaign of Hillary Clinton, and released that information on the internet under the names “DCLeaks” and “Guccifer 2.0” and through another entity.
In 2016, officials in Unit 26165 began spearphishing volunteers and employees of the presidential campaign of Hillary Clinton, including the campaign’s chairman. Through that process, officials in this unit were able to steal the usernames and passwords for numerous individuals and use those credentials to steal email content and hack into other computers. They also were able to hack into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) through these spearphishing techniques to steal emails and documents, covertly monitor the computer activity of dozens of employees, and implant hundreds of files of malicious computer code to steal passwords and maintain access to these networks.
And, it should be noted, members of his own administration tried to tell Trump that these theories were nonsense:
Thomas P. Bossert, who served as Mr. Trump’s first homeland security adviser, said he told the president there was no basis to the theory that Ukraine, not Russia, intervened in the 2016 election and did so on behalf of the Democrats.
“It is completely debunked,” Mr. Bossert said of the Ukraine theory on ABC. Speaking with George Stephanopoulos, Mr. Bossert blamed Mr. Giuliani for filling the president’s head with misinformation. “I am deeply frustrated with what he and the legal team is doing and repeating that debunked theory to the president. It sticks in his mind when he hears it over and over again, and for clarity here, George, let me just again repeat that it has no validity.”
Other former aides said separately on Sunday that the president had a particular weakness for conspiracy theories involving Ukraine, which in the past three years has become the focus of far-right media outlets and political figures. Mr. Trump was more willing to listen to outside advisers like Mr. Giuliani than his own national security team.Source: “Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’” The New York Times
I would note that until July, that national security team included Dr. Fiona Hill, who called these speculations about Ukraine to be “fiction” and the product of Russian propaganda efforts.
Indeed, let me end on a quote from last week:
“Thank God, no one is accusing us of interfering in the U.S. elections anymore; now they’re accusing Ukraine.”-Vladimir Putin, President of Russia.
When it comes to this whole Crowdstrike/DNC server business either Trump believes a debunked theory, that he has been told is false, or he is purposefully propagating a lie for political reasons. Neither is defensible.
*According to a report in Wired, “the DNC had to “decommission more than 140 servers, remove and reinstall all software, including the operating systems, for more than 180 computers, and rebuild at least 11 servers.””