Why Trump's "Where's the server?" is the wrong question
Photo: Thomas Koehler/Photothek via Getty Images
"Where is the server?" President Trump has repeatedly asked this question — including with Russian president Vladimir Putin today — when discussing the indictment of 12 Russians for hacking the Democratic National Committee and other targets in 2016.
Why it matters: The complaint that the DNC denied the FBI access to its hacked servers is a hallmark of the right's response to the DNC hacking scandal. But people familiar with these kinds of investigations say withholding the server was nothing out of the ordinary.
The backstory: Rather than turn its server over to the FBI, the DNC hired a private security firm, Crowdstrike, to investigate the hacking.
Independent investigations are common: According to the law firm BakerHostetler, well over half of the organizations it advises seek out private investigators to investigate hacks. It’s increasingly common for those investigators to handle the low-level forensic work in place of the FBI.
- Leo Taddeo, former special agent in charge of the cyber division of the FBI’s New York office, told The Hill: "In nine out of 10 cases, we don't need access, we don't ask for access, we don't get access. That's the normal [procedure]. It's extraordinarily rare for the FBI to get access to the victim's infrastructure because we could mess it up," he added. "We usually ask for the logs and images, and 99 out of a hundred times, that's sufficient.”
- Beyond the potential for damage, seizing a server can revictimize an organization after a hack. Losing a server can disrupt or even shut down a business or organization.
- Law enforcement is often happy to let private investigators take on the initial phase of investigative work because it saves time and money.
Another problem with handing over a server: If the FBI mishandles data or, say, leaks it to the press or a political partisan, the organization places itself in jeopardy.
The server is now just a small part of the evidence: One thing clear from the most recent indictment is that the FBI has now amassed significant additional evidence beyond what Crowdstrike could have obtained in its own investigation.
- Any information dealing with activities or data on other servers — including Russian-affiliated servers in the United States and social media accounts, all of the names and individual actions from specific actors — was obtained separately from the DNC server.
- Even if you read dark meaning into the DNC's use of Crowdstrike rather than the FBI, at this point, it doesn't matter: Friday's indictments show that the FBI has now pieced together a factual account that renders the whole argument moot.