Indicted Clinton lawyer hired CrowdStrike, firm behind Russian hacking claim
The indictment of Michael Sussmann raises new questions about Russiagate’s foundational Russian hacking allegation. That claim originates with CrowdStrike -- a firm hired and overseen by Sussmann.
The indictment of Hillary Clinton lawyer Michael Sussmann for allegedly lying to the FBI sheds new light on the pivotal role of Democratic operatives in the Russiagate affair. The emerging picture shows Sussmann and his Perkins Coie colleague Marc Elias, the chief counsel for Clinton's 2016 campaign, proceeding on parallel, coordinated tracks to solicit and spread disinformation tying Donald Trump to the Kremlin.
In a detailed charging document last month, Special Counsel John Durham accused Sussmann of concealing his work for the Clinton campaign while trying to sell the FBI on the false claim of a secret Trump backchannel to Russia’s Alfa Bank.
But Sussmann's alleged false statement to the FBI in September 2016 wasn't all. Just months before, he helped generate an even more consequential Russia allegation that he also brought to the FBI. In April of that year, Sussmann hired CrowdStrike, the cybersecurity firm that publicly triggered the Russiagate saga by lodging the still unproven claim that Russia was behind the hack of Democratic National Committee emails released by WikiLeaks.
At the time, CrowdStrike was not the only Clinton campaign contractor focusing on Russia. Just days before Sussmann hired CrowdStrike in April, his partner Elias retained the opposition research firm Fusion GPS to dig up dirt on Trump and the Kremlin.
These two Clinton campaign contractors, working directly for two Clinton campaign attorneys, would go on to play highly consequential roles in the ensuing multi-year Russia investigation.
Working secretly for the Clinton campaign, Fusion GPS planted Trump-Russia conspiracy theories in the FBI and US media via its subcontractor, former British spy Christopher Steele. The FBI used the Fusion GPS's now debunked "Steele dossier" for investigative leads and multiple surveillance applications putatively targeting Trump campaign volunteer Carter Page.
CrowdStrike, reporting to Sussmann, also proved critical to the FBI's work. Rather than examine the DNC servers for itself, the FBI relied on CrowdStrike's forensics as mediated by Sussmann.
The FBI's odd relationship with the two Democratic Party contractors gave Sussmann and Elias unprecedented influence over a high-stakes national security scandal that upended U.S. politics and ensnared their political opponents. By hiring CrowdStrike and Fusion GPS, the Perkins Coie lawyers helped define the Trump-Russia narrative and impact the flow of information to the highest reaches of U.S. intelligence agencies.
The established Trump-Russia timeline and the public record, including overlooked sworn testimony, congressional and Justice Department reports, as well as news accounts from the principal recipients of government leaks in the affair, the Washington Post and the New York Times, help to fill in the picture.
'We Need to Tell the American Public'
In late April 20216, after being informed by Graham Wilson, a Perkins Coie colleague, that the DNC server had been breached, Michael Sussmann immediately turned to CrowdStrike. As Sussmann recalled in December 2017 testimony to the House Permanent Select Committee on Intelligence, the cyber firm was hired based on his "recommendation."
Although it is widely believed that CrowdStrike worked for the DNC, the firm in fact was retained by Sussmann and his Clinton campaign law firm. As CrowdStrike CEO Shawn Henry told the House committee, his contract was not with the DNC, but instead "with Michael Sussmann from Perkins Coie."
And it was Sussmann who controlled what the FBI was allowed to see. After bringing CrowdStrike on board, Sussmann pushed aggressively to publicize the firm's conclusion that Russian government hackers had attacked the DNC server, according to a December 2016 account in the New York Times.
"Within a day, CrowdStrike confirmed that the intrusion had originated in Russia," the Times reported, citing Sussmann's recollection. Sussmann and DNC executives had their first formal meeting with senior FBI officials in June 2016, where they encouraged the bureau to publicly endorse CrowdStrike's findings:
Among the early requests at that meeting, according to participants: that the federal government make a quick "attribution" formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.
“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”
But the FBI was not ready to point the finger at Russia. As the Senate Intelligence Committee later reported, "CrowdStrike still had not provided the FBI with forensic images nor an unredacted copy of their [CrowdStrike’s] report."
Instead of waiting for the FBI, the DNC went public with the Russian hacking allegation on its own. On June 14, 2016, the Washington Post broke the news that CrowdStrike was accusing Russian hackers of infiltrating the DNC's computer network and stealing data. Sussmann and Henry were quoted as sources. According to the Times' account, the DNC approached the Post "on Mr. Sussmann’s advice."
'We Just Don’t Have the Evidence'
The Washington Post's June 2016 story, generated by Sussmann, was the opening public salvo in the Russiagate saga.
But it was not until nearly four years later that the public learned that CrowdStrike was not as confident about the Russian hacking allegation that it had publicly lodged. In December 2017 testimony that was declassified only in May 2020, Henry admitted that his firm was akin to a bank examiner who believes the vault has been robbed – but has no proof of how. CrowdStrike, Henry disclosed, "did not have concrete evidence" that alleged Russian hackers removed any data from the DNC servers.
"There's circumstantial evidence, but no evidence that they were actually exfiltrated," Henry told the House Intelligence Committee. "There are times when we can see data exfiltrated, and we can say conclusively. But in this case it appears it was set up to be exfiltrated, but we just don’t have the evidence that says it actually left."
Read in retrospect, public statements from U.S. intelligence officials indicate that they knew of this crucial gap early on, and used qualified language to gloss it over. (For more on this conspicuous pattern, see my July 2019 article “CrowdStrikeOut”, in RealClearInvestigations.)
A joint FBI-DHS report in December 2016 – the first time the US government attempted to present evidence that Russia hacked the DNC – describes the alleged Russian hacking effort as "likely leading to the exfiltration of information" from Democratic Party networks. (Emphasis added.)
The report by Special Counsel Robert Mueller of April 2019, which found no Trump-Russia collusion, likewise stated that Russian intelligence "appears to have compressed and exfiltrated over 70 gigabytes of data" and "appear to have stolen thousands of emails and attachments" from Democratic Party servers. (Emphasis added.)
These qualifiers – "likely" and "appear" – signaled that U.S. intelligence officials lacked concrete evidence for their Russian hacking claims, a major evidentiary hole confirmed by Henry's buried testimony.
CrowdStrike's admission that it lacked evidence of exfiltration was not its first such embarrassment. Just months after it accused Russia of hacking the DNC in June 2016, CrowdStrike was forced to retract a similar accusation that Russia had hacked the Ukrainian military. The firm's debunked Ukrainian allegation was based on it claiming to have identified the same malware in Ukraine that it had found inside the DNC server.
Conflicting Accounts on DNC Server Access
The FBI relied on CrowdStrike's forensics of the DNC servers, but both sides have given conflicting accounts as to why. The FBI claims that the DNC denied it direct access to its computer network, while the DNC claims that the FBI never sought such access. Once again, Sussmann was in the middle of this, and his sworn testimony is at odds with other accounts.
In their December 2017 testimony to the House Intelligence Committee, both Sussmann and CrowdStrike's Henry claimed that the FBI did not try to conduct its own independent investigation of the DNC servers.
"I recall offering, or asking or offering to the FBI to come on premises, and they were not interested in coming on premises at the time," Sussmann said. Instead, he recalled, "we told them they could have access to everything that CrowdStrike was developing in the course of its investigation." Asked directly if the FBI sought access to the DNC servers, Sussmann replied: "No, they did not." He then added: "Excuse me, not to my knowledge."
Henry also told the committee that he was "not aware" of the FBI ever asking for access to the server or being denied it.
In 2017 congressional testimony, however, then-FBI Director James Comey recalled that the FBI made "multiple requests at different levels," to access the DNC servers, but was denied. Asked why FBI access was rejected, Comey replied: "I don’t know for sure." According to Comey, the FBI would have preferred direct access to the server, but "ultimately it was agreed to… [CrowdStrike] would share with us what they saw."
And while Sussmann testified that Perkins Coie offered the FBI "access to everything that CrowdStrike was developing," FBI officials and federal prosecutors tell a different story.
According to the Senate Intelligence Committee, CrowdStrike delivered a draft report to the FBI on Aug. 31, 2016 that an unidentified FBI official described as "heavily redacted." James Trainor, then-assistant director of the FBI's Cyber Division, told the committee that he was "frustrated" with the CrowdStrike report and "doubted its completeness" because "outside counsel" – i.e. Sussmann – "had reviewed it." According to Trainor, the DNC's cooperation was "moderate" overall and "slow and laborious in many respects." Trainor singled out the fact that Perkins Coie – and specifically, Sussmann – "scrubbed" the CrowdStrike information before it was delivered to the FBI, resulting in a "stripped-down version" that was "not optimal."
In court filings during the prosecution of Trump associate Roger Stone, the Justice Department revealed that Sussmann, as the DNC's attorney, submitted three CrowdStrike reports to the FBI in draft, redacted form. According to prosecutor Jessie Liu, the government "does not possess" CrowdStrike's unredacted reports. It instead relied on Sussmann's assurances "that the redacted material concerned steps taken to remediate the attack and to harden the DNC and DCCC systems against future attack," and that "no redacted information concerned the attribution of the attack to Russian actors."
In short, the FBI failed to conduct its own examination of the DNC server, and instead relied on CrowdStrike's forensics. It also allowed Sussmann – now indicted for lying as part of an effort to spread the Russiagate conspiracy theory – to decide what it could and could not see in CrowdStrike's reports on Russian hacking. The government also took Sussmann's word that the redacted information did not concern "the attribution of the attack to Russian actors."
CrowdStrike's reports on the DNC server breach have never been publicly released.
One source, who was able to review some of the redacted CrowdStrike reports and requested anonymity because this person is not authorized to publicly discuss them, said that they were unconvincing. "My impression was that CrowdStrike was trying very, very hard to make a case that this was Russia," the source said. "Their case, to me, was weak."
Although Special Counsel Durham has recently subpoenaed Perkins Coie for documents, there are no indications that CrowdStrike's work for the firm is a focus of his inquiry. A CrowdStrike spokesperson said that the company has not heard from Durham's office.
In response to questions about CrowdStrike, an attorney for Sussmann said: "Mr. Sussmann is not answering questions at this time."
In his 2017 Congressional testimony, Comey acknowledged that the FBI's reliance on Crowdstrike was not optimal. "Our forensics folks would always prefer to get access to the original device or server that’s involved," Comey said. "So, it’s the best evidence." Comey argued, however, that the DNC's contractor was still a suitable replacement. Crowdstrike, he said, is "a highly respected private company."
But the FBI's reliance in such a high-stakes case on a private firm, which itself was hired by the victim of the alleged hack under investigation, was unprecedented. And Crowdstrike's conflicts of interest go beyond Sussmann and the Democratic Party.
Co-founder Dmitri Alperovitch, the public face of Crowdstrike's DNC server work, is a former senior fellow at the Atlantic Council, the pro-NATO think tank that has long promoted a hawkish policy toward Russia. Henry, who previously served as executive assistant director at the FBI under Robert Mueller, has worked since 2015 as an analyst for MSNBC, the partisan cable network that aggressively promoted Trump-Russia conspiracy theories. As I revealed in 2020, House Speaker Nancy Pelosi and her husband Paul Pelosi have invested up to $1 million in Crowdstrike. As of September, the Pelosis' stake in the firm had yielded a reported $717,000 profit.
Henry Struggles, Perkins Coie Intervenes
In addition to exposing a major evidentiary gap regarding alleged Russian hacking, Henry's December 2017 testimony revealed that Sussmann's law firm exerted significant influence over the flow of information in CrowdStrike's handling of it.
Joining Henry at the deposition was Sussmann's Perkins Coie partner, Graham Wilson, who represented the DNC, and David Lashway, who represented CrowdStrike.
Henry's acknowledgment that CrowdStrike did not have "concrete evidence" of exfiltration came only after he was interrupted and prodded by his attorneys to correct an initial answer. After claiming that he knew when Russian hackers exfiltrated data from the DNC, Henry offered a sharp correction: "Counsel just reminded me that, as it relates to the DNC, we have indicators that data was exfiltrated. We do not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated."
In another exchange, Republican Rep. Chris Stewart of Utah pressed Henry to explain why the FBI relied on CrowdStrike. "I don't understand why the FBI wouldn't lead or at least have some role in investigating the evidence," Stewart said. "…Could they [the FBI] conduct their own investigation in a thorough fashion without access to the actual hardware?"
Henry struggled to respond to Stewart's queries, before finally answering: "You're asking me to speculate. I don't know the answer."
At this point, Stewart noted that Henry had been actively consulting with his Perkins Coie attorney. "By the way, you need to pay him [Henry's attorney] well, because he's obviously serving you well today as you guys have your conversations back and forth together," Stewart quipped.
Shortly after that exchange, the attorney present for CrowdStrike, Lashway, stressed that Henry's testimony was subject to Perkins Coie's discretion. Henry was discussing "work that was performed at the behest of counsel, Perkins Coie, Mr. Sussmann's law firm," Lashway said. Accordingly, he added, "we would turn to Perkins Coie, as counsel to the DNC, to ensure that Mr. Henry can actually answer some of these questions."
An 'Extraordinary Coincidence'
The CrowdStrike-Perkins Coie contract, signed in early May 2016, ensured that Sussmann and his firm would oversee the cyber firm's work product, and subject it to the secrecy of attorney-client privilege.
The Perkins Coie-CrowdStrike contract is similar to the arrangement between the firm and another contractor pivotal to the Trump-Russia investigation, Fusion GPS. In their 2019 book, Fusion GPS founders Glenn Simpson and Peter Fritsch wrote that Sussmann's colleague, Marc Elias, "wanted it that way for legal reasons: If Fusion’s communications were with a lawyer, they could be considered privileged and kept confidential."
After being hired in the same month of April, the two firms also lodged their respective Russia-related allegations within days of each other two months later in June. Just six days after CrowdStrike went public with the allegation that Russia had hacked the DNC on June 14, Christopher Steele produced the first report in what come to be known as the Steele dossier.
Over the ensuing months, the two firms and their Democratic clients actively spread their claims to the FBI and media. Steele and Fusion GPS, backed by their Perkins Coie client Elias, shared the fabricated dossier claims with eager FBI agents and credulous journalists, all while hiding that the Clinton campaign and DNC were footing the bill. "Folks involved in funding this lied about it, and with sanctimony, for a year," the New York Times' Maggie Haberman commented when Elias' secret payments to Fusion GPS were revealed in October 2017.
After going public with its Russian hacking allegation in June, CrowdStrike had contact with the FBI "over a hundred times in the course of many months," CEO Henry recalled. This included sharing with the FBI its redacted reports, and providing it with "a couple of actual digital images" of DNC hard drives, out of a total number of "in excess of 10, I think," Henry testified. When Wikileaks released stolen DNC emails on the eve of the Democratic convention in July, senior Clinton campaign officials doggedly promoted CrowdStrike's claim that Russia had hacked them.
In congressional testimony, Fusion GPS founder Glenn Simpson said that it was an "extraordinary coincidence” that the Russian hacking allegation (by fellow Clinton/Perkins Coie contractor CrowdStrike) overlapped with his firm's Trump-Russia collusion hunt (while working for Clinton/Perkins Coie).
Coincidence is one possibility. Another is that the roles of Sussman and Elias behind CrowdStrike and Fusion GPS's highly consequential claims about Russia and the 2016 election could be pillars of the same deception.
Whatever additional scrutiny they may face, it will no longer be as partners at Perkins Coie. Elias, who was also the Democrats' leading election law attorney opposing Trump challenges to the 2020 vote, resigned in August to launch a new firm, taking 13 colleagues with him. Upon his indictment by Durham three weeks later, Sussmann stepped down as well to focus, he said, on his legal defense.
This article was originally published by RealClearInvestigations.
To support Aaron Maté’s independent journalism, subscribe here: