When the alleged DNC hack was first detected by the DNC's Information Technology (IT) Department's personnel on April 29, 2016, fewer than 7,000 of the stolen emails were written or received prior to that date. Between April 29, 2016 and May 5, 2016, approximately 5,800 emails were written or received by DNC personnel and would be among the emails delivered covertly to Wikileaks. Between Crowdstrike's first day on the job of "monitoring" the alleged Russian hackers while they stole all of the DNC's private information, May 5, 2016, and May 25, 2016, 16,000 more emails were pilfered. The emails were stolen while Crowdstrike just watched it happen.
As stated in Part 4 of this series about the DNC hack, the Crowdstrike's response was not performed in compliance with the Best Practices of Cybersecurity. The reputation of the DNC was damaged as a result of the failure of Crowdstrike to contain the hack, thus denying the hackers access to any more critical DNC information, while preserving forensic evidence for law enforcement. As a result of Crowdstrike failing to contain the hack, persons unknown were able to steal the approximately 27, 500 DNC emails and covertly transfer them to Wikileaks, while posting confidential information about donors to the DNC on Web sites like Gawker.
There is an interesting alternative theory to explain why the responders to a hack of this magnitude, when everything in the File Server is deemed "compromised," would be satisfied to just sit back and monitor the actions of the hackers for 36 days between May 5, 2016 and June 10, 2016. Now, at first I wondered if there was some kind of a predetermined deadline that everything about the response engagement at DNC had to be concluded by June 12, 2016. I ruled that out because the only major event of that weekend was the alleged mass shooting at the Pulse nightclub in Orlando, Florida. Nothing else of importance, like a holiday, was set for that weekend. Why Crowdstrike ;picked that weekend is unknown to this writer, but after all that time of just "monitoring" the hackers while they looted the DNC network, I have to wonder just what the rush was. Regardless of the reason, Crowdstrike ended the alleged hack by the end of June 12, 2016, and, with DNC executives such as Amy Dacey and Debbie Wasserman-Schultz, arranged for Ellen Nakashima of the Washington Post to be given and exclusive on the story on June 13, 2016.
There is a rule that governs this theory. It is a rule based on material reality. "No one can steal anything that does not exist."
To exist, an email has to be either written on site by an employee, and sent elsewhere, or an email has to be received by an employee and stored on the File server, or on the email server. The majority of the stolen emails, approximately 75% of them, were stolen between the dates of May 5, 2016 and May 25, 2016. Julian Assange of Wikileaks was presented with the emails between the dates of May 25, 2016, the date of the last email added to the server, and June 12, 2016, the date Julian Assange appeared on London's ITV and tried to tell the world about the emails, only to be thwarted by the interviewer.
These emails came into existence on different days, and at different times on those days, between May 5, 2016 and June 12, 2016, while Crowdstrike could watch the emails being written and stolen, or being received by a DNC employee and then stolen. Again, none of these emails could be stolen until they existed; meaning when the emails were written or received. When written or received, an email starts to EXIST. With their Falcon Overwatch software, its agents embedded throughout the DNC network, the Crowdstrike technicians could have watched the emails being created. Crowdstrike was temporarily part of the network, and behind the firewall, with unlimited access to all parts of the network. There wasn't much that would evade the attention of the several Crowdstrike personnel monitoring the network.
For anyone with total access to the DNC network to steal the 27,500 emails, they would have to wait until at least May 25, 2016 to steal all of them. By now, at least some of you know where this theory is going. I'm going to express the theory in the form of this question: "Did Crowdstrike wait 36 days before containing the hack so that all 27,500 emails, especially the incriminating ones about the DNC hosing Old Man Sanders, would be available to be stolen and given to Wikileaks?"
Those of you who did not anticipate that this article was going in that direction, I advise you to re-read Part 4 and then re-read this Part 5 before giving up. The question is completely reasonable and perfectly flows from all the known facts. That does not make it true, but it sure makes it reasonable.
The question needs to be answered. Do I think it will be answered?
No.
Do I thing the question needs asked?
Yes.