The Key Question About the Alleged "Russian" Hack and Crowdstrike's Response

The question arises from the following list of known facts, undisputed by any government or media source:

1. From what we already know from Parts 1 through 8 of this series, Crowdstrike claimed Russian hackers from the "Cozy Bear" group of hackers were inside the DNC network for up to one year.

2. FBI Director James Comey had attempted several times during the last half of 2015 to warn the DNC management that their network was likely to be hacked. This happened during the period from around August 2016 to June 12, 2016. This means the hackers were likely in the network for ten months.

3. We know that Crowdstrike started their Incident Response engagement on May 5, 2016 at the offices of the DNC. The final report about the engagement was completed by June 15, 2016.

4. We know that at least 75% of the emails stolen and given to Wikileaks, were created during the period from May 5, 2016 to May 25, 2016.

Given all of the above undisputed facts, this question needs to be answered by someone in authority: Since the alleged Russian hacking group, "Cozy Bear," was inside the DNC network for at least 10 months, why were 75% of the stolen emails concentrated in the time period from May 5, 2016 to May 25, 2016, which coincides with Crowdstrike's access to the DNC network?

Let's see that question again in bigger letters, so it all stands out. Keep in mind, Crowdstrike started their work at the DNC on May 5, 2016.

Since the alleged Russian hacking group, "Cozy Bear" was inside the DNC network for at least 10 months, why were 75% of the stolen emails concentrated in the time period from May 5, 2016 to May 25, 2016, which coincides with Crowdstrike's access to the DNC network?

I have a theory. Does anyone else?


The Problems of Copy-and-Paste/Screencaps

In the previous parts of this series about the alleged Russian hack of the Democratic National Committee, it was assumed that the emails and other documents were exfiltrated out of the network, during Crowdstrike's Incident Response engagement, in large amounts through an electronic transfer of multiple files. It didn't have to happen that way. Individual files could have been taken through the processes of either cutting and pasting the emails and attachments to a Word document, or taking screen capture "snapshots" of the documents. This kind of operation takes only a few seconds, and the copy of the document can be saved right to the perpetrators' file server or other storage device. Such an operation is also much more difficult to detect, either in real time or through the analysis of audit and event logs.

I base this possibility from the Ellen Nakashima article of June 14, 2016 in which Ms. Nakashima referred to the Russian hackers being able to "read" and "monitor" the DNC emails. If the hackers could "read" and "monitor" the emails, it would be no problem at all for them to cut-and-paste or screen capture the emails and the attachments.

With copy-and-paste, the intruder just highlights everything on the email, including headers, right clicks the highlighted areas, and copies the email to a Word file, or a file on a similar Office-type word processing program. This takes a few seconds. Screen captures are also quite fast to take, and can be immediately saved to the hackers' storage server, whether in Russia, or somewhere else in the world. Because such operations are done in real time, and very quickly, it was important for the Crowdstrike technicians to end the hackers' access to the network as quickly as possible. By waiting 36 days or more, Crowdstrike, for whatever reason, made the theft of the DNC emails a guaranteed success with all the possible negative ramifications of the emails being made public through Wikileaks. Granted, the emails being made public had very limited effect on the election, as few voters even read one of them, this theft could have been thwarted by Crowdstrike, but was not.

Again, unless there is a revelation of more information not yet made available to the public, or something else is realized through analysis of the known facts in evidence, we will be moving into the private email system Mrs. Clinton deployed while Secretary of State, with detailed tutorials about the maintenance requirements of highly classified information in the federal communications network. This is one of the more interesting parts of the election campaign, and is a subject rarely discussed in public discourse.

While working on the next computer network that had an impact on the election, the series about the real collusion with Russia--then the Soviet Union--will continue with research about how the United States Government and United States corporations built entire industrial facilities inside Russia to build up that nation's military industrial complex, which is still in operation today, a case of much more serious collusion that was ignored by both government and mainstream media for decades. It is still ignored today.