Durham ignores Clinton role, and new holes, in Russian hacking allegation
While faulting the FBI, John Durham ignored damning evidence he unearthed about the Clinton campaign's role in the core allegation of Russian hacking -- including potential perjury.
Special Counsel John Durham’s final report faults the FBI for opening the Trump-Russia collusion investigation on baseless grounds and relying on Hillary Clinton-funded material to pursue it, all while ignoring a warning that Clinton was plotting to frame Trump as a Russian asset. Yet Durham does not address the Clinton campaign’s equally central tie to Russiagate’s other foundational allegation: that Russia interfered in the 2016 election by hacking Democratic party servers and releasing the material through Wikileaks to help elect Trump.
Durham’s silence on the Clinton team’s role in generating this unproven claim comes despite his unearthing of evidence that newly calls it into question.
Material obtained by Durham’s team shows that the Clinton campaign and its contractor, the cyber-firm CrowdStrike, stonewalled the FBI’s requests for critical data about the alleged Russian hack. Two key Clinton associates who were integral to the Russian hacking claim also appear to have perjured themselves before Congress.
These overlooked revelations can be pieced together through court documents connected to Durham’s probe, particularly his unsuccessful prosecution of Clinton campaign attorney Michael Sussmann on a separate perjury charge.
In April 2016, Sussmann hired CrowdStrike to investigate the alleged hack of the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC). In mid-June ‒ just as Christopher Steele and Fusion GPS were producing their first Clinton-funded dossier report alleging a Trump-Russia conspiracy ‒ Clinton-funded CrowdStrike came forward to publicly accuse Russia of hacking the Democrats’ computer networks. Sussmann, who worked closely with the firm, lobbied the FBI to endorse the allegation. The FBI initially declined, but reversed course months later despite failing to examine the DNC/DCCC servers. Instead, much like its use of Steele’s dossier for surveillance warrants and investigative leads when it came to collusion, the FBI relied on CrowdStrike’s forensics and redacted reports.
The FBI’s dependence on CrowdStrike – and, indeed, the entire basis for the Russiagate probe ‒ was further called into question when it emerged that the firm’s president had admitted under oath that it “did not have concrete evidence” of Russian hacking. Shawn Henry, a former close FBI colleague of Directors Robert Mueller and James Comey, made the disclosure to Congress in December 2017. Yet his testimony was kept secret throughout the entirety of the FBI’s Comey- and Mueller-overseen Russia probes, and only became public in May 2020.
Exhibits released by Durham in Sussmann’s case expose a new problem for CrowdStrike and its client the Clinton campaign: In recounting their roles in the FBI’s Russian hacking probe in congressional testimony, Sussmann and Henry gave identical false statements.
FBI Officials Contradicted
When they appeared before the House Intelligence Committee in December 2017, both Sussmann and Henry claimed that the FBI did not try to conduct its own independent, onsite investigation of the Democratic Party servers. The pair’s account contradicted FBI officials, including Comey, who have said that they requested access but were denied.
Asked directly if the FBI sought access to the servers, Sussmann replied: “No, they did not.” He then added a caveat: “Excuse me, not to my knowledge.” The FBI, Sussmann added, “would have” had access “if they wanted it ... But it wasn't something that they were interested in at the time.”
CrowdStrike’s Henry also told the committee that he was “not aware” of the FBI ever asking for access to the servers or being denied it. Asked directly if he was ever told that the FBI “required access to the servers,” Henry said: “I have no recollection of them saying that to me or anybody on my team, no.” He also said: “I do not have a recollection of that. I’m not aware.”
Henry and Sussmann’s accounts are not only at direct odds with the FBI, but with their own emails that Durham obtained.
In October 2016, these emails show, the FBI directly asked Sussmann if the bureau could come onsite to inspect and copy the servers. Sussmann relayed that request to Henry and other CrowdStrike executives – who promptly stonewalled it.
In an October 13, 2016 exchange, Elvis Chan, a special agent in the FBI’s San Francisco office, asked Sussmann if the “DNC/DCCC would be amenable to letting FBI computer forensics personnel onsite to conduct the imaging” of the servers. “In theory, sure,” Sussmann replied, adding that he would “put you directly in touch with CrowdStrike.”
Contradicting what he would tell Congress the following year, Sussmann informed Henry and others at CrowdStrike that the FBI is “asking whether FBI computer forensics personnel can come ‘onsite’ to conduct the imaging.” Sussmann added that he was “connecting CrowdStrike and the Bureau to discuss directly on this email chain.”
In response, CrowdStrike executive Justin Weissert did not address the FBI’s request for onsite access. Weissert instead introduced a new proposal: CrowdStrike would send the FBI a copy of the firm’s imaging of the servers.
“As we just discussed under a separate email thread, CrowdStrike wants to assist with this effort and, given the nature of the past activities and our commitment to supporting our friends at the FBI, we’re going to move ahead with providing the information at no additional expense to anyone,” Weissert wrote.
Rather than remind CrowdStrike that he had asked if FBI cyber experts could come “onsite to conduct the imaging,” Chan accepted the offer and provided a mailing address. “FBI San Francisco greatly appreciates your help,” he wrote.
Given that Sussmann personally received the FBI’s request and relayed it to CrowdStrike, his erroneous recollection is especially suspect.
Asked about their false statements to Congress, Sussmann and Henry did not respond. CrowdStrike also did not respond to a request for comment.
In failing to address this episode, Durham missed an opportunity to press Sussmann and Henry on why they denied the FBI access to the DNC servers – and whether their false statements to Congress amounted to a criminal offense. By contrast, the Mueller team aggressively prosecuted four Trump associates for alleged false statements, including two cases – Roger Stone and Michael Cohen – for perjury before Congress.
(There is no indication that the FBI received CrowdStrike’s images of all of the DNC servers. The Mueller team’s final report stated that “the FBI later received images of DNC servers and copies of relevant traffic logs” — but did not specify how many server images were provided. In his Congressional testimony, Henry recalled that CrowdStrike provided “a couple of actual digital images” of DNC hard drives, out of a total number of “in excess of 10, I think.”)
Clinton team/CrowdStrike Stonewalled FBI’s “Priority Requests”
The Durham materials also reveal that the FBI’s failure to examine the DNC servers was not its only rebuffed request. Emails obtained by Durham show that CrowdStrike and the Clinton campaign ignored what the FBI listed as its number one “Priority Requests”: “Un-redacted copies of CrowdStrike reports” on both the DNC and DCCC “incidents.” That request, also made to Sussmann, came in a September 30, 2016, email from FBI Special Agent E. Adrian Hawkins.
The FBI never got what it wanted. In a May 2019 court filing, the Justice Department disclosed that the U.S. government “does not possess” CrowdStrike's unredacted originals, and that Sussmann only provided “three draft reports” in redacted form.
In Senate testimony, James Trainor, then-assistant director of the FBI's Cyber Division, recalled that he was "frustrated" with the CrowdStrike report he received in late August 2016 and "doubted its completeness" because Sussmann had “scrubbed” it. According to Trainor, the DNC's cooperation in the hacking probe was "moderate" overall and "slow and laborious in many respects.”
CrowdStrike’s redacted reports were provided to the House and Senate Intelligence Committees, but have not been publicly released. The FBI has denied my Freedom of Information Act requests for the CrowdStrike reports, releasing only the documents’ cover pages.
Changing the FBI's Messaging
Other emails released by Durham in Sussmann’s case show that the Clinton lawyer personally reviewed and edited an FBI public statement on the alleged hack of the DNC.
On July 29, 2016 – just one week after WikiLeaks released a trove of embarrassing Democratic Party emails – the FBI drafted a press release on what it called “a possible cyber intrusion involving the DCCC.” Trainor contacted Sussmann for input.
“A draft response is provided below,” Trainor wrote. “Wanted to get your thoughts on this prior to sending out.”
In response, Sussmann took exception with the FBI’s mention of a “possible” hack. This qualifier, he noted, contradicted the Clinton campaign’s messaging on a Russian intrusion.
“The draft you sent says only that the FBI is aware of media reports; it does not say that the FBI is aware of the intrusion that the DCCC reported,” Sussmann wrote. “Indeed, it refers only to a ‘possible’ cyber intrusion and in that way undermines what the DCCC said in its statement (or at least calls into question what the DCCC said).”
Accordingly, Sussmann suggested new language that removed the FBI’s caveat of a “possible” hack. Trainor accepted the Clinton lawyer’s edit. “I am fine with the below suggestions,” he wrote.
The FBI’s failure to obtain both direct access to the DNC servers and unredacted copies of the CrowdStrike reports further calls into question U.S. intelligence officials’ claim that Russia hacked the DNC.
On October 7, 2016, the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence (ODNI) issued a joint statement claiming, for the first time, that the “U.S. Intelligence Community is confident that the Russian Government directed the recent compromises of e-mails” from the Democratic Party. Jeh Johnson, who then served as DHS secretary, later testified that President Obama “approved the statement” and “wanted us to make [it].”
Yet as Durham’s Sussmann-FBI emails confirm, this Obama-approved claim was released one week before CrowdStrike denied the FBI’s request for an “onsite” inspection. This timing means that when the intelligence community made its first public attribution of Russian hacking, it had not only failed to inspect the servers, but had not even received CrowdStrike’s copies of them.
When the FBI and DHS released a more detailed report two months later, the document described the alleged Russian hacking effort as "likely leading to the exfiltration of information" from Democratic Party networks. (Emphasis added.)
The Mueller probe, having also relied on CrowdStrike’s forensics, failed to add any more certainty. Mueller’s final report of April 2019 likewise stated that Russian intelligence "appear to have stolen thousands of emails and attachments" from Democratic Party servers. (Emphasis added.)
Read in retrospect, these qualifiers – "likely" and "appear" ‒ signaled that U.S. intelligence lacked concrete evidence for their Russian hacking claims, given that CrowdStrike and the Clinton campaign had denied the FBI full access to the digital crime scene. The material emerging from Durham’s probe newly confirms this significant evidentiary hole.
Durham’s decision to ignore the FBI’s deference to Clinton-funded CrowdStrike is all the more striking given his criticism of the FBI’s extensive use of Clinton-funded sources in its hunt for collusion.
The FBI, the Durham report notes, relied on a “significant quantity of materials ... that originated with and/or were funded by the Clinton campaign or affiliated persons.” Accordingly, Durham concluded, the FBI should have considered whether the Clinton camp was feeding it false claims as “part of a political effort to smear a political opponent” and exploit “the federal government's law enforcement and intelligence agencies in support” of that goal.
For unexplained reasons, Durham did not apply this critique to the FBI’s reliance on Clinton-funded sources to probe the theft of Democratic Party emails. As a result, seven years to the month after CrowdStrike triggered the Russiagate saga, the U.S. public remains in the dark about whether the Russian hacking allegation was yet one more deception funded by the Clinton campaign and parroted by the FBI.
Published by Real Clear Investigations.
Aaron Mate is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.