There is a way that Crowdstrike could track data packets through the Internet to the destination of the packets, the network of the hacker(s) who stole the document that moved through the Interet while broken into packets. As we saw in Part 6, William Binney, long-time National Security Agency (NSA) official who designed a lot of NSA's systems, informed us that only the NSA can track data packets to their destination. Only the NSA can trace the packets through the Internet because the NSA arranged with the manufacturers of the routers and switches used on the Internet to embed NSA software in those devices that enable the agency to track packets to their destination. If Crowdstrike has a contractor relationship with a United States Government (USG) intelligence and/or law enforcement agency, the contractor might have had access to the NSA database, but most likely through the agency with which Crowdstrike could be a contractor could make the request of NSA to track a document and provide the results to Crowdstrike.
The NSA database is accessed for information through the input of queries into the database. The NSA database is unbelievably huge as it contains the electronic data of everyone in the United States. That's right, you have a file in the NSA database that contains telephone call data, emails, text messages, electronic money transactions, etc. If it is digital communications ("comms") it is in your file with the NSA. A government worker with the right clearance and paper work can type in these queries, and the database system will go "fetch" the appropriate data to respond to a query and display it in, typically, a columnar report.
For example, Demi Lovato, the singer, has an NSA file. If you want to follow her through an international concert tour, you might want to pull up her credit card records if you have access to the NSA database. If you've done it before when tracking Ms. Lovato, while on lunch hour at some spy agency, you could type into the query field:
A similar query might produce the same result, which will be the transactions, including dates and locations where transactions were made, helping to determine --"where in the world is Demi Lovato?"--and just about everything she is doing there, such as dining locations and preferences, hotels, rental cars, reservations for future venues, etc. Yes, this is surveillance, and it can happen to anyone. Most people will hope their records have not been abused, but a whole category of queries, the "About" queries were shut off from FBI contractors because the personal data of US citizens was abused. The Foreign Intelligence Surveillance Act (FISA) was enacted to prevent abuses, but failed for a time in 2016. The abuses were discovered by the NSA's Inspector General and led to the barring of FBI contractors from obtaining the results of "About" queries. So, there is less to worry about now that contractors are shut off from the database.
Anyway, there is reason to suspect that Crowdstrike is a contractor to one or more federal agencies. Fusion GPS is reportedly a contractor of both FBI and CIA and their story will be told in other sections. However, the type of help Crowdstrike would need to track data packets to their destination could only come from the NSA. The NSA would have to track a packet of a document from one router and switch to the other until it arrived where it is intended to go, and provide a report to the federal agency contracting Crowdstrike's cyber security work. In fact, the NSA could tell us all right now just who actually did hack the DNC, if the DNC in fact was hacked by anyone.
Crowdstrike could get this data from the agency contracting their work, and cover the possession of the data by claiming they have software they embed on a decoy document and they track the document after a hacker steals it. This might fall under the category of "parallel construction." An investigator gains access to the NSA database, listens to some phone conversations stored in the subject's NSA file and finds plenty of evidence of bank fraud and embezzlement. Using the information to discover alternative sources to the telephone conversations, the investigator can use those alternative sources to the evidence of the fraud, and cite only that alternative evidence to prove a case, never mentioning the role played by the unlawful search of the telephone conversations. Constructing a case with different evidence discovered by illegally using NSA database evidence is called "parallel construction." This is close to what Crowdstrike would be doing by having some federal investigator get the NSA to track document packets to where the hacker has stored the stolen documents, and tell the client and the media that a packet of the stolen document was tracked by Crowdstrike's own proprietary software embedded in the document.