The Justice Department is defending the role played by cybersecurity firm CrowdStrike and by the FBI in determining that Russia hacked Democratic systems in 2016, assuring Congress it got the information it needed to carry out its investigation into Russian interference.

Adam Hickey, the deputy assistant attorney general for the DOJ’s National Security Division, made the comments while appearing on a panel before the House Judiciary Committee on Tuesday to discuss election security for the upcoming 2020 presidential election. President Trump has long said he believes in a conspiracy theory that posits without evidence CrowdStrike is owned by a wealthy Ukrainian and that a missing DNC server is hidden in Ukraine.

“Looking back at the FBI’s activities investigating the 2016 election, it has been reported that the FBI never obtained the original servers from the Democratic National Committee that had allegedly been hacked by Russia, instead relying upon imaged copies,” Arizona Republican Debbie Lesko asked. “First of all, is that correct?”

Hickey replied that federal investigators were able to obtain evidence on Russian interference, noting that “it’s pretty common for us to work with a security vendor in connection with an investigation of a computer intrusion,” a reference to CrowdStrike.





CrowdStrike, a large California-based cybersecurity firm that was co-founded by a Russia-born U.S. citizen and is used by both Republicans and Democrats, examined the DNC’s systems in 2016 and concluded that Russian state actors were responsible for months of cyber intrusions. The DNC did not provide the FBI with access to its servers, but CrowdStrike did provide the bureau with forensic copies.

Former FBI Director James Comey told Congress in early 2017 that “our forensics folks would always prefer to get access to the original device or server that’s involved” and testified a few months later that his FBI investigative team “had gotten the information from the private party [CrowdStrike] that they needed to understand the intrusion.”

The U.S. Intelligence Community and special counsel Robert Mueller agreed with CrowdStrike’s assessment that the Russian government hacked the DNC. The DOJ has argued in court that Mueller’s investigation did not rely solely on CrowdStrike’s determinations but rather uncovered evidence of their own pointing to Russia during the investigation.

Lesko followed up on Tuesday by asking whether CrowdStrike “still has possession of the Clinton servers,” and Hickey said he didn’t know.

The DNC claimed in 2018 court filings that the Russian hack in 2016 led them to “decommission more than 140 servers, remove and reinstall all software, including the operating systems, for more than 180 computers, and rebuild at least 11 servers.” The DNC has now put one of the decommissioned servers on display in its D.C. headquarters alongside one of the filing cabinets from the Watergate break-in. There is no evidence that any of the servers are in Ukraine, as Trump has claimed.

In the July 25 phone call between Trump and Ukrainian President Volodymyr Zelensky that has sparked an impeachment inquiry, Trump asked Zelensky for a “favor," which was to look into CrowdStrike and any possible Ukrainian election interference in 2016, immediately after Zelensky expressed interest in purchasing anti-tank weaponry, known as Javelins, from the U.S. Trump urged Zelensky later in the call to investigate “the other thing,” referring to allegations of corruption related to Joe and Hunter Biden.

“What other countries had shown an interest or tried to interfere in the 2016 election?” Lesko asked on Tuesday.

Hickey replied that “based on what I’ve read, both from what the [Intelligence Community] has put out and also investigations by Congress, what I’ve seen only refers to Russia, that I’m aware of.”