Sep 26, 2019 - World

Breaking down the Trump-Ukraine memo's CrowdStrike conspiracy

screenshot unclassified document of whistleblower complaint

Image: Ukraine memo released by the White House

There are other concerning issues at play in the Ukraine memo released by the White House on Wednesday. But don't overlook the part where President Trump appears to subscribe to an easily debunked conspiracy theory that he doesn't quite remember.

What they're saying: "I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike... I guess you have one of your wealthy people... The server, they say Ukraine has it," read Trump's comments to the Ukrainian president (ellipses from the original document).

CrowdStrike is the American company hired by the Democratic National Committee to investigate and expunge the hackers responsible for the 2016 breach. The firm is at the center of a number of right-wing conspiracy theories because it was the first to publicly release evidence that Russia perpetrated the digital trespass.

President Trump has expressed distrust in the firm by name since at least 2017, when he told AP he "heard it’s owned by a very rich Ukrainian."

  • CrowdStrike is not owned by a very rich Ukrainian. It's a U.S. firm, now publicly traded, built on U.S. venture capital.
  • There is, however, a right-wing conspiracy attempting to show that founder Dmitri Alperovitch, who was a nonresident fellow at the Atlantic Council think tank in 2016, was somehow compromised by Ukrainian businessman and Atlantic Council donor Victor Pinchuk.
  • It's a half-baked theory. In 2015, for example, Pinchuk donated $150,000 to the Trump Foundation.

Whatever "they say," Ukraine does not have the DNC server that Trump frequently claims — incorrectly — the FBI forgot to investigate.

  • There is no single server to hide in Ukraine. With modern computing, what people experience as a single server is actually dozens of different systems. Court documents show that the DNC decommissioned well over 100.
  • The FBI received a digital image of the servers — a complete record of what was on the unwieldy farm of physical computers. Physically obtaining the servers would provide no new information.

It is standard practice for an incident response group like CrowdStrike to handle the initial investigation into who hacked a system while booting hackers from the system.

  • That investigation is well-documented and, even under a new FBI director, is often welcomed by a bureau that would rather spend its resources investigating things only the bureau can investigate than do busy work incident responders can do.

Why it matters: For a president to keep repeating that something so easily explained was amiss in the Russia investigation is profoundly concerning.

  • Take away any evidence CrowdStrike came within a mile of, and there is still more than enough evidence against Russia.
  • Other security firms — competitors, also not owned by Ukraine — independently tied the attacks to Russia.
  • Intelligence agencies have visibility on Russian operations from the inside.

It's time to give this up.

Go deeper