Rep. Debbie Wasserman Schultz, the former head of the Democratic National Committee, did not tell the DNC’s own officers about a breach on its servers for more than a month after learning about it, according to then-DNC officer Donna Brazile.
Wasserman Schultz alerted the officers of the breach only when The Washington Post was about to make the revelations public, Brazile writes in an excerpt of the book Politico ran Thursday. The DNC instead enlisted the law firm of Perkins Coie to make major decisions, including how to handle the breach of its servers that led to an embarrassing email dump.
The timing suggests the DNC’s unusual and significant choice to have the private law firm CrowdStrike conduct the investigation into the breach, rather than turn the evidence over to law enforcement, was made without consulting DNC officers.
“She told [officers] about the hacking only minutes before the Washington Post broke the news,” Brazile wrote.
A June 14, 2016, article by the Post quoted “committee officials and security experts who responded to the breach” and said “DNC leaders were tipped to the hack in late April.”
“Chief executive Amy Dacey got a call from her operations chief saying that their information technology team had noticed some unusual network activity,” WaPo reported. Dacey enlisted a lawyer from Perkins Coie, who “called in” the private security firm CrowdStrike “to handle the DNC breach.”
Perkins Coie is the same law firm that paid for the Trump dossier using the DNC’s funds. DNC officials including Wasserman Schultz claim they had no idea that their organization had indirectly funded the infamous document.
Brazile’s report on the timing of DNC officials learning about the breach raises questions about why Wasserman Schultz was not engaged in immediate high-level discussions with the DNC’s officers about the breach, which she has characterized as “an all-out assault on American democracy” carried out by a foreign government.
Former President Barack Obama’s Homeland Security Secretary Jeh Johnson testified in June 2017 before Congress that the DNC declined help from his agency after the email system was hacked.
“The response I got was, the FBI had spoken to them. They don’t want our help. They have CrowdStrike, the cyber security firm,” Johnson said. “I recall very clearly that I was not pleased that we were not in there helping them patch this vulnerability.”
Wasserman Schultz strongly disputed Johnson’s testimony.
“He’s wrong in every respect,” she said. She claimed she had never been informed of the FBI’s offer and said the FBI was the one who did not loop in high-level officials, saying it did not “do anything other than lob a phone call into our tech support through our main switchboard.”
“How is it that the FBI or DHS or any federal agency that was concerned about a foreign enemy state intruding on the networks of one of the two major political parties did not think it important enough to go higher than a tech support staffer?” she asked. “It is astounding and outrageous.”
Regardless of any proactive attempts by the FBI, the DNC retained CrowdStrike to perform the investigation and evidence-gathering that would normally be done by law enforcement, instead of bringing it to the FBI after the DNC learned of it in April.
The decision not to loop in the FBI was major, in part because there are potential chain-of-custody issues when law enforcement do not do the work directly. And CrowdStrike can’t work hand-in-hand with prosecutors the way the FBI can. Even CrowdStrike’s CEO said, as paraphrased by the Post, that it is “extremely difficult for a civilian organization to protect itself from a skilled and determined state such as Russia.”
“Within 24 hours, CrowdStrike had installed software on the DNC’s computers so that it could analyze data that could indicate who had gained access, when and how,” the Post reported — all before, according to Brazile, the DNC’s own officers were informed of the breach by staff or by the Perkins Coie law firm.
In the Post’s June 2016 article Wasserman Schultz characterized the decision-making around the breach as “we,” saying “When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”