Stand up for facts and support PolitiFact.
Now is your chance to go on the record as supporting trusted, factual information by joining PolitiFact’s Truth Squad. Contributions or gifts to PolitiFact, which is part of the 501(c)(3) nonprofit Poynter Institute, are tax deductible.
I would like to contribute
Right after President Donald Trump asked the president of Ukraine "do us a favor," Trump made an unexplained reference to a computer server.
"I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike," Trump said during his July 25 call with Volodymyr Zelensky. "I guess you have one of your wealthy people. The server, they say Ukraine has it. There are a lot of things that went on, the whole situation."
That call is now driving a congressional impeachment inquiry of Trump.
According to a readout of the call published by the White House on Sept. 25, Trump asked Ukraine to investigate former Vice President Joe Biden and his family’s dealings in Ukraine. A whistleblower’s complaint has said those events represent Trump’s attempts to use foreign countries to influence the 2020 election.
But what is Trump’s reference to Crowdstrike all about — and what are the facts?
PolitiFact went back into our fact-checking files to provide context about Crowdstrike. In essence, Trump is rehashing a conspiracy theory about the 2016 election and has suggested that former Democratic presidential nominee Hillary Clinton’s missing emails have somehow wound up in Ukraine.
Crowdstrike is an American cybersecurity firm that aims to safeguard its clients from cyberattacks. In May 2016, the Democratic National Committee hired Crowdstrike after it began to suspect that its servers had been breached.
The firm found that two groups of Russian hackers had infiltrated DNC servers for about a year, giving them access to emails and opposition research about Trump. Crowdstrike then kicked the hackers off the servers.
Then, a Romanian hacker named Guccifer 2.0 claimed credit for the cyberattack and leaked DNC emails to the American press. WikiLeaks also claimed it had emails from Clinton, with Guccifer being its source.
The cyberattack and related leaks added to the nationwide firestorm over Clinton’s use of email.
Clinton had previously drawn criticism for conducting State Department business on a private email server as secretary of state, and about 33,000 emails were deleted after she received a subpoena for Benghazi-related communications in March 2015. (The FBI found no evidence that the emails were deleted deliberately to avoid the subpoena, but more on this later.)
That controversy served as the fuel for Trump’s belief that, despite Crowdstrike and the FBI’s investigation of the DNC hack, Clinton’s campaign was hiding something. (We should note that Clinton’s email server and the DNC servers were two entirely different sets of computers.)
"With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI," said Ilina Cashiola, director of public relations at Crowdstrike, in a statement sent to PolitiFact. "As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the U.S. Intelligence community."
In October 2016, the intelligence community released a statement saying it was confident that Russia was behind the DNC hack. That conclusion was reached partially with the help of Crowdstrike’s audit of the DNC servers.
Still, Trump has repeatedly questioned the intelligence community’s findings, even going so far as to suggest that there’s a missing DNC server that the FBI did not analyze. And therein lies the fodder for the Crowdstrike conspiracy theory.
During a press conference with Zelensky on Sept. 25, Trump addressed his Crowdstrike reference head-on.
After a reporter asked him if he believes that "the emails from Hillary Clinton" are in Ukraine, Trump said, "I think they could be."
"I think that one of the great crimes committed is Hillary Clinton deleting 33,000 emails after Congress sends her a subpoena. Think of that," Trump said.
Around the same time, Crowdstrike started trending on Twitter. And the reason why has to do with a conspiracy theory that claims the firm hid a server of Clinton’s emails from the intelligence community’s investigation. But we found no evidence that Crowdstrike ever worked on issues around Clinton’s private email server. (Again, Crowdstrike was involved in the DNC hacking case, which is altogether different from the Clinton emails.)
In one way or another, this falsehood has been pushed by Trump and his allies for the past few years. In June 2017, the president tweeted his doubts about the investigation of the DNC breach.
A month later, Trump re-upped the claim, saying that John Podesta, Clinton’s campaign chair, refused to give the CIA and FBI access to the DNC’s servers. We rated that claim False.
But Trump pressed on, bringing up the conspiracy again in a July 2018 press conference with Russia President Vladimir Putin.
"Why was the FBI told to leave the office of the Democratic National Committee? I've been wondering that, I've been asking that for months and months and I've been tweeting it out and calling it out on social media," he said. "Where is the server? I want to know where is the server and what is the server saying?"
In a fact-check of those comments, we wrote that the DNC servers were never missing — the FBI just did not directly review the hacked hardware, leaving the property under the control of its owners. In his March 2017 testimony to the House Intelligence Committee, former FBI Director James Comey confirmed this, saying that, instead, the agency accessed a review of the system conducted by Crowdstrike.
"We got the forensics from the pros that they hired which — again, best practice is always to get access to the machines themselves, but this, my folks tell me, was an appropriate substitute," Comey said during his testimony.
We previously found no evidence that investigating the server copy would have prevented the FBI from tracking down the hackers. The DNC was slow to react to the FBI’s early warnings about a potential hack, but it eventually complied with its investigation.
Still, the fact that the FBI did not physically inspect the DNC servers gave life to a conspiracy claiming that Crowdstrike hid one from investigators to obscure Clinton’s emails. And the fact that Clinton’s campaign did delete 33,000 emails in spring 2015 gave rise to the false belief that the missing server contained them — even though those emails were deleted from Clinton’s private server.
The July call is one of many references Trump has made to Crowdstrike. In 2017, Trump told the Associated Press that a "very rich Ukrainian" owned the company.
In fact, the firm is owned by Crowdstrike Holdings, Inc., which is based in Sunnyvale, Calif. The company was co-founded by CEO George Kurtz, CTO Dmitri Alperovitch and Gregg Marston (now retired) in 2011. Conspiracists claim Alperovitch is Ukrainian, when in reality he’s an American citizen who was born in Russia.
Still, Trump seemed to re-up the baseless conspiracy about Crowdstrike on Fox News in June. Around the same time, search interest in the term "Crowdstrike" spiked on Google.
"Take a look at Ukraine," Trump told Sean Hannity. "How come the FBI didn't take the server from the DNC? Just think about that one, Sean."
Setting aside the fact that there is no missing server, the conspiracy has roots in some fringe beliefs that Ukraine coordinated the DNC hack to frame the Russians. That conspiracy grew on internet sites like Reddit and 4chan, and has slowly trickled into the mainstream over the past few years. It’s been amplified by conservative and Russian media outlets, social media and even the criminal trial of Roger Stone, a former Trump adviser.
The theory itself is bunk. The U.S. intelligence community has reaffirmed the role that Russia played in meddling in the 2016 election, as outlined in former special prosecutor Robert Mueller’s report — particularly when it came to the DNC hack.
But after Trump re-upped it during his press conference with Zelensky, the conspiracy re-entered the mainstream. We found a variety of claims and conspiracies on social media linking Ukraine and Crowdstrike to the nonexistent missing DNC server or Clinton’s emails. Some had been shared hundreds of times.
"The reference to Crowdstrike, mark my words, is momentous," one Facebook user wrote on Sept. 25.
Associated Press, "Transcript of AP interview with Trump," April 23, 2017
BuzzFeed News, "A Nonsense QAnon Conspiracy Theory Ended Up In Donald Trump’s Call To the Ukrainian President — And The Impeachment Investigation," Sept. 26, 2019’
Crowdstrike’s about page, accessed Sept. 26, 2019
C-SPAN, "President Trump Meeting with Ukrainian President," Sept. 26, 2019
The Daily Beast, "The Truth About Trump’s Insane Ukraine ‘Server’ Conspiracy," Sept. 25, 2019
Facebook post, Sept. 25, 2019
Fox News, "Trump tells Fox News DOJ looking into whether his phone calls were monitored," June 19, 2019
Memo from The White House, Sept. 25, 2019
The New York Times, "D.N.C. Says Russian Hackers Penetrated Its Files, Including Dossier on Donald Trump," June 14, 2016
The New York Times, "How CrowdStrike Became Part of Trump’s Ukraine Call," Sept. 25, 2019
PolitiFact, "Donald Trump's 'missing' server comments get all of the details wrong," July 16, 2018
PolitiFact, "Donald Trump says Hillary Clinton deleted 33,000 emails after getting a subpoena," Oct. 9, 2016
PolitiFact, "How would an impeachment inquiry against Donald Trump work?" Sept. 24, 2019
PolitiFact, "The Mueller report: What you need to know," April 18, 2019
PolitiFact, "PolitiFact Sheet: Hillary Clinton’s email controversy," July 19, 2016
PolitiFact, "Read the declassified whistleblower complaint on Ukraine, Biden and Trump," Sept. 26, 2019
PolitiFact, "The Russia investigation and Donald Trump: a timeline from on-the-record sources (updated)" July 16, 2016
PolitiFact, "What we know about Russia's role in the DNC email leak," July 31, 2016
Statement from the Department Of Homeland Security and the Office of the Director of National Intelligence on Election Security, Oct. 7, 2016
Statement from Ilina Cashiola, director of public relations at Crowdstrike, Sept. 27, 2019
Techcrunch, "Security Company CrowdStrike Scores $100M Led By Google Capital," July 13, 2015
Trends24, accessed Sept. 26, 2019
Tweet from Donald Trump, June 22, 2017
The Washington Post, "Full transcript: FBI Director James Comey testifies on Russian interference in 2016 election," March 20, 2017
The Washington Post, "In call to Ukraine’s president, Trump revived a favorite conspiracy theory about the DNC hack," Sept. 25, 2019
The White House, "President Obama Announces More Key Administration Posts," April 13, 2016