This article is more than 1 year old

Confused why Trump fingered CrowdStrike in that Ukraine call? You're not the only one...

Security biz that probed 2016 DNC hack makes an odd cameo in revealed transcript

A garbled remark by President Donald Trump in a just-released phone-call transcript with the Ukrainian head of state has focused attention on cloudy security shop CrowdStrike.

America's conspiracy-theorist-in-chief name-dropped Silicon Valley's CrowdStrike during a July chat with Ukranian President Volodymyr Zelensky, which was ostensibly to discuss bilateral relations. The call has become a focal point of a whistleblower scandal that has now triggered a House of Representatives impeachment investigation of the President.

An anonymous whistleblower has claimed that over the course of the call, Trump on multiple occasions suggested to Zelensky that US military aid payments could be withheld from the Ukraine unless it agreed to re-open a criminal corruption probe into one of Trump's potential 2020 election opponents: former Vice President Joe Biden – specifically, Biden's son. The Bidens deny any wrongdoing, and there is no evidence of wrongdoing.

So where does CrowdStrike come in? About halfway into the call transcript [PDF], released today under intense political pressure, Trump vaguely references the work CrowdStrike did back in 2016 when it looked into raids carried out by hackers against the Democratic National Committee (DNC) and its email and IT infrastructure.

'DNC hackers' used mobile malware to track Ukrainian artillery – researchers


"I would like you to do us a favor though because our country has been through a lot and Ukraine knows a lot about it," President Trump told Zelensky.

"I would like you to find out what happened with this whole situation with Ukraine, they say CrowdStrike ... I guess you have one of your wealthy people... The server, they say Ukraine has it."

It is not clear exactly what Trump means by "the server" in this incoherent ramble, as the DNC hack involved dozens of computer systems that were not physical machines but rather dozens of virtual machine instances hosted in a cloud data center, all of which were wiped to get rid of the malware the hackers had installed to spy on the committee.

According to the DNC, the FBI took full disk images of all affected machines, including 180 personal computer and 140 servers. CrowdStrike also viewed the images and passed its finding on to the Feds.

The Register pinged CrowdStrike to see if it had any idea why its name popped up, and the security house gave a polite statement more or less indicating they are just as in the dark as the rest of us.

"With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI," the statement reads. "As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the US Intelligence community." ®

Updated to add

The whistleblower's report into the Ukrainian arms-for-probes affair is now out, and alleges the White House tried to cover the whole thing up.

More about


Send us news

Other stories you might like