5 Years Later, FBI Still Mum on Mystery CrowdStrike Contract

July 7, 2020 Updated: July 11, 2020

Five years ago, on July 8, 2015, the FBI granted an emergency, yearlong, no-bid contract to the cybersecurity firm CrowdStrike

Beyond its price tag of $150,000, little else is known about the CrowdStrike contract, although it followed two days after the intelligence community inspector general sent the bureau a referral to investigate whether then-presidential candidate Hillary Clinton used an unauthorized private email server to send classified information during her time as secretary of state.

Two days after the CrowdStrike contract, the FBI formally opened the Clinton email investigation, codenamed Midyear Exam. 

CrowdStrike’s involvement with the FBI within days of opening the Clinton email probe would likely go unnoticed had the cybersecurity firm not played a key role in the investigation of the hacking of the Democratic National Committee (DNC) in 2016. The theft and release of tens of thousands of DNC emails that year served as the predicate for the FBI’s investigation of the Trump campaign which eventually morphed into the special counsel’s Russia investigation. 

The FBI would neither confirm nor deny to The Epoch Times if the July 2015 CrowdStrike contract was related to its Clinton-email investigation. The bureau has for years slow-walked requests for information about the contract under the Freedom of Information Act, some of which date back to 2017. Likewise, CrowdStrike neither confirmed nor denied whether that contract was connected to the Clinton email probe. 

“As a matter of corporate policy, CrowdStrike doesn’t comment on customer contracts so we are not able to share further information,” Ilina Cashiola, the director of public relations at CrowdStrike, told The Epoch Times in an email.

The watchdog report on the Clinton email investigation completed by the Department of Justice Inspector General made no mention of CrowdStrike. 

While there is no direct evidence that CrowdStrike’s contract with the FBI involved work on the Clinton email probe, the timing of events as well as the firm’s previous work for the FBI appear to leave that open as a possibility. If CrowdStrike indeed worked on Midyear Exam, questions would inevitably arise about the private firm’s involvement in the origins of the two of the most consequential and politically charged investigations of the 2016 presidential election.

Many questions remain unanswered about CrowdStrike’s involvement in the FBI’s investigation of the DNC hack. The firm has repeatedly declined to explain how the hackers managed to breach the DNC’s email server weeks after the committee engaged CrowdStrike to protect its systems. While the breach happened under the watchful guise of CrowdStrike’s Falcon software, the firm hasn’t explained why it has no evidence that the hackers stole tens of thousands of emails from the DNC’s Microsoft Exchange server in late May of 2016, as alleged by special counsel Robert Mueller.

Both the FBI and CrowdStrike have declined to release the firm’s final report on the analysis of the DNC’s hack. 

It remains unclear if the DNC fully cooperated with the FBI’s investigation. Then-FBI Director James Comey and then-FBI Deputy Director Andrew McCabe told Congress that the DNC declined the FBI’s requests to examine the physical systems.

Meanwhile, representatives from the DNC, its IT contractor, CrowdStrike, and the DNC’s outside law firm, Perkins Coie, all told Congress that the DNC cooperated fully with the FBI’s requests. The DNC created software images of 38 computer systems as part of the investigation and provided 26 of the images to CrowdStrike. The FBI received some or all of those images via CrowdStrike.

The bureau didn’t immediately respond to a request by The Epoch Times to confirm whether the hacked email server was among the images it received.

The Clinton and Trump investigations weren’t the only politically charged cyber-incidents CrowdStrike was involved in during the 2016 election. After Bernie Sanders campaign staffers appeared to have improperly accessed Clinton campaign data in December 2015, the two campaigns hired CrowdStrike to determine what had transpired. 

The Sanders campaign sued the DNC for briefly blocking the Sanders campaign from accessing the VoteBuilder system on which the alleged breach occurred. After a five-week investigation, CrowdStrike determined that four Sanders campaign staffers gained unauthorized access to Clinton campaign data.

The Sanders campaign announced the results of the CrowdStrike inquiry and dropped its lawsuit on April 29, 2016, the same day that the IT contractor, The MIS Department, informed the FBI about the breach of its system.

The next day, the DNC contacted CrowdStrike for help with the hack. The MIS Department discovered the intrusion on April 28, the day prior to the announcement of the results of CrowdStrike’s Sanders-Clinton inquiry.

In testimony before the House Intelligence Committee, CrowdStrike Services President Shawn Henry said the firm’s work with the DNC prior to 2016 involved providing the committee with intelligence. Henry previously worked for the FBI.

The FBI’s Clinton email investigation was rife with abnormalities, including Comey’s unprecedented public exoneration statement on July 5, 2016. The CrowdStrike contract expired two days after that statement.

The DOJ inspector general also found that the intense anti-Trump bias expressed by key FBI officials working on Midyear Exam—including Peter Strzok and Lisa Page—had clouded the outcome of the investigation. Strzok and Page would go on to investigate the Trump campaign in connection to the DNC hack.

Follow Ivan on Twitter: @ivanpentchoukov