Trump mentioned the ‘Crowdstrike’ conspiracy during his call with Ukraine. Here’s what that means
Right after President Donald Trump asked the president of Ukraine "do us a favor," Trump made an unexplained reference to a computer server.
"I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike," Trump said during his July 25 call with Volodymyr Zelensky. "I guess you have one of your wealthy people. The server, they say Ukraine has it. There are a lot of things that went on, the whole situation."
That call is now driving a congressional impeachment inquiry of Trump.
According to a readout of the call published by the White House on Sept. 25, Trump asked Ukraine to investigate former Vice President Joe Biden and his family’s dealings in Ukraine. A whistleblower’s complaint has said those events represent Trump’s attempts to use foreign countries to influence the 2020 election.
But what is Trump’s reference to Crowdstrike all about — and what are the facts?
PolitiFact went back into our fact-checking files to provide context about Crowdstrike. In essence, Trump is rehashing a conspiracy theory about the 2016 election and has suggested that former Democratic presidential nominee Hillary Clinton’s missing emails have somehow wound up in Ukraine.
Crowdstrike is an American cybersecurity firm that aims to safeguard its clients from cyberattacks. In May 2016, the Democratic National Committee hired Crowdstrike after it began to suspect that its servers had been breached.
The firm found that two groups of Russian hackers had infiltrated DNC servers for about a year, giving them access to emails and opposition research about Trump. Crowdstrike then kicked the hackers off the servers.
Then, a Romanian hacker named Guccifer 2.0 claimed credit for the cyberattack and leaked DNC emails to the American press. WikiLeaks also claimed it had emails from Clinton, with Guccifer being its source.
The cyberattack and related leaks added to the nationwide firestorm over Clinton’s use of email.
Clinton had previously drawn criticism for conducting State Department business on a private email server as secretary of state, and about 33,000 emails were deleted after she received a subpoena for Benghazi-related communications in March 2015. (The FBI found no evidence that the emails were deleted deliberately to avoid the subpoena, but more on this later.)
That controversy served as the fuel for Trump’s belief that, despite Crowdstrike and the FBI’s investigation of the DNC hack, Clinton’s campaign was hiding something. (We should note that Clinton’s email server and the DNC servers were two entirely different sets of computers.)
"With regards to our investigation of the DNC hack in 2016, we provided all forensic evidence and analysis to the FBI," said Ilina Cashiola, director of public relations at Crowdstrike, in a statement sent to PolitiFact. "As we’ve stated before, we stand by our findings and conclusions that have been fully supported by the U.S. Intelligence community."
In October 2016, the intelligence community released a statement saying it was confident that Russia was behind the DNC hack. That conclusion was reached partially with the help of Crowdstrike’s audit of the DNC servers.
Still, Trump has repeatedly questioned the intelligence community’s findings, even going so far as to suggest that there’s a missing DNC server that the FBI did not analyze. And therein lies the fodder for the Crowdstrike conspiracy theory.
During a press conference with Zelensky on Sept. 25, Trump addressed his Crowdstrike reference head-on.
After a reporter asked him if he believes that "the emails from Hillary Clinton" are in Ukraine, Trump said, "I think they could be."
"I think that one of the great crimes committed is Hillary Clinton deleting 33,000 emails after Congress sends her a subpoena. Think of that," Trump said.
Around the same time, Crowdstrike started trending on Twitter. And the reason why has to do with a conspiracy theory that claims the firm hid a server of Clinton’s emails from the intelligence community’s investigation. But we found no evidence that Crowdstrike ever worked on issues around Clinton’s private email server. (Again, Crowdstrike was involved in the DNC hacking case, which is altogether different from the Clinton emails.)
In one way or another, this falsehood has been pushed by Trump and his allies for the past few years. In June 2017, the president tweeted his doubts about the investigation of the DNC breach.
A month later, Trump re-upped the claim, saying that John Podesta, Clinton’s campaign chair, refused to give the CIA and FBI access to the DNC’s servers. We rated that claim False.
But Trump pressed on, bringing up the conspiracy again in a July 2018 press conference with Russia President Vladimir Putin.
"Why was the FBI told to leave the office of the Democratic National Committee? I've been wondering that, I've been asking that for months and months and I've been tweeting it out and calling it out on social media," he said. "Where is the server? I want to know where is the server and what is the server saying?"
In a fact-check of those comments, we wrote that the DNC servers were never missing — the FBI just did not directly review the hacked hardware, leaving the property under the control of its owners. In his March 2017 testimony to the House Intelligence Committee, former FBI Director James Comey confirmed this, saying that, instead, the agency accessed a review of the system conducted by Crowdstrike.
"We got the forensics from the pros that they hired which — again, best practice is always to get access to the machines themselves, but this, my folks tell me, was an appropriate substitute," Comey said during his testimony.
We previously found no evidence that investigating the server copy would have prevented the FBI from tracking down the hackers. The DNC was slow to react to the FBI’s early warnings about a potential hack, but it eventually complied with its investigation.
Still, the fact that the FBI did not physically inspect the DNC servers gave life to a conspiracy claiming that Crowdstrike hid one from investigators to obscure Clinton’s emails. And the fact that Clinton’s campaign did delete 33,000 emails in spring 2015 gave rise to the false belief that the missing server contained them — even though those emails were deleted from Clinton’s private server.
The July call is one of many references Trump has made to Crowdstrike. In 2017, Trump told the Associated Press that a "very rich Ukrainian" owned the company.
In fact, the firm is owned by Crowdstrike Holdings, Inc., which is based in Sunnyvale, Calif. The company was co-founded by CEO George Kurtz, CTO Dmitri Alperovitch and Gregg Marston (now retired) in 2011. Conspiracists claim Alperovitch is Ukrainian, when in reality he’s an American citizen who was born in Russia.
Still, Trump seemed to re-up the baseless conspiracy about Crowdstrike on Fox News in June. Around the same time, search interest in the term "Crowdstrike" spiked on Google.
"Take a look at Ukraine," Trump told Sean Hannity. "How come the FBI didn't take the server from the DNC? Just think about that one, Sean."
Setting aside the fact that there is no missing server, the conspiracy has roots in some fringe beliefs that Ukraine coordinated the DNC hack to frame the Russians. That conspiracy grew on internet sites like Reddit and 4chan, and has slowly trickled into the mainstream over the past few years. It’s been amplified by conservative and Russian media outlets, social media and even the criminal trial of Roger Stone, a former Trump adviser.
The theory itself is bunk. The U.S. intelligence community has reaffirmed the role that Russia played in meddling in the 2016 election, as outlined in former special prosecutor Robert Mueller’s report — particularly when it came to the DNC hack.
But after Trump re-upped it during his press conference with Zelensky, the conspiracy re-entered the mainstream. We found a variety of claims and conspiracies on social media linking Ukraine and Crowdstrike to the nonexistent missing DNC server or Clinton’s emails. Some had been shared hundreds of times.
"The reference to Crowdstrike, mark my words, is momentous," one Facebook user wrote on Sept. 25.