FBI And NSA Had Low Confidence That Russia Was Behind The DNC Hack

Authored by Ivan Pentchoukov via The Epoch Times,

The FBI and the National Security Agency, in the heat of the 2016 election, dissented from an intelligence community assessment, which judged that Russia was behind the alleged hack of the Democratic National Committee servers and the subsequent release of stolen emails.

The FBI and NSA instead had “low confidence” in the attribution to Russia, according to a Sept. 12, 2016, Intelligence Community Assessment released to the public for the first time on July 18, 2025, as part of a batch of records declassified by the Office of the Director of National Intelligence.

“FBI and NSA, however, have low confidence in the attribution of the data leaks to Russia,” the assessment states. “They agree that the disclosures appear consistent with what we might expect from Russian influence activities but note that we lack sufficient technical details to correlate the information posted online to Russian state-sponsored actors.”

A memo prepared for President Barack Obama, dated two days after the assessment, blames Russia for the hack and leak and does not mention the dissent by the FBI and NSA, according to the newly released documents.

The revelation is the latest twist in the decade-long controversy over the DNC hack, which lies at the very root of the now-discredited Russia collusion narrative, which ensnared the nascent Trump administration in 2017 and metamorphosed into the special counsel investigation by Robert Mueller. Mueller concluded the investigation with no evidence to support the claim that Russia colluded with then-candidate Donald Trump to influence the election.

The hacking of the DNC was central to the collusion narrative. The FBI’s having low confidence that Russia was behind the breach is significant because the bureau had received, three weeks prior to dissenting with the assessment, the final report on the hack by Crowdstrike, the private cybersecurity firm hired by the DNC to remediate the hack in the spring of 2016. The Crowdstrike reports have never been made public. The company’s then-president, Shawn Henry, told the House Intelligence Committee in late 2017 that his firm had no evidence that files were stolen from the DNC systems.

On Oct. 7, 2016, less than a month after the assessment marked by the FBI and NSA dissent, the United States accused Russia of hacking the DNC and leaking the files with the intent “to interfere with the U.S. election process.” Obama approved the release of the statement, which was made public via a joint release by the Office of the Director of National Intelligence and the Department of Homeland Security.

Oct. 7 was one of the most eventful days of the 2016 presidential cycle. This was the day of the release of the Access Hollywood audio recording of Trump. It was also the day of the release of the first batch of the emails of former Obama counselor John Podesta.

Oct. 7 was also a time when the FBI was still working on obtaining a copy of the DNC server images to conduct a forensic analysis. It is unclear if the FBI had changed its “low confidence” assessment before the release of the public statement accusing Russia.

The newly released documents show that by Dec. 7, 2016, two months after accusing Russia of hacking the DNC, the U.S. intelligence community was still relying on Crowdstrike’s analysis for its assessment.

“The U.S. Intelligence Community has high confidence in its attribution of the intrusions into the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC) networks, based on the forensic evidence identified by a private cyber-firm and the IC’s review and understanding of cyber activities by the Russian Government,” states a memo drafted in preparation for a principals committee meeting.

At the time of the drafting of the memo, the intelligence community had still not reached a consensus on who leaked the DNC emails. The same memo states that “most IC agencies assess with moderate confidence that Russian services probably orchestrated at least some of the disclosures of U.S. political information.”

A day later, on Dec. 8, 2016, the FBI renewed its dissent with the assessment.

“FBI will be drafting a dissent this afternoon. Please remove our seal an [sic] annotations of co-authorship,” states an FBI email to the group preparing the presidential daily brief for Obama. Obama requested the preparation of the brief to be ready for release on Dec. 9, 2016.

An hour after the FBI expressed its intention to dissent from the assessment, an email from a DNI official to more than 110 intelligence community recipients said that the presidential brief would be postponed.

“Based on some new guidance, we are going to push back publication of the PDB. It will not run tomorrow and is not likely to run until next week,” the email from Director PDB/ODNI stated. The acronyms stand for presidential daily brief and the Office of the Director of National Intelligence.

While the briefing memo was postponed, the principals committee meeting took place as scheduled in the Situation Room at the White House on Dec. 9. In attendance were the head of the key Obama administration agencies, including National Security Advisor Susan Rice, Secretary of State John Kerry, Attorney General Loretta Lynch, Department of Homeland Security Secretary Jeh Johnson, and CIA Director John Brennan, among others.

Notably absent from this meeting were the directors of the two dissenting agencies: the FBI Director James Comey and NSA Director Michael Rogers. Instead, attending for the FBI was Deputy Director Andrew McCabe, and for the NSA, Deputy Director Richard Ledgett, according to the Summary of Conclusions for Meeting of the Principals Committee dated Dec. 9, 2016.

The conclusion of the memo from the Principals Committee meeting outlined a list of recommended punitive measures against Russia. The list concludes with a bullet point stating that the principals in the meeting agreed to “publicly release and attribute to Russian intelligence services technical and other information” about the intrusion and a spearphishing campaign.

That directive, set to be actioned by Dec. 19, appears to have resulted in a joint analysis report by the FBI and DHS released to the public on Dec. 29, 2016. This technical review included a mapping of the cyber intrusion, a sample snippet of code, and a set of IP addresses used by the attackers. Wordfence, a cybersecurity firm with millions of clients, analyzed the code snippet and traced it back to a malware provider based in Ukraine.

“The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes,” WordFence CEO Mark Maunder wrote in an analysis of the DHS data.

“The malware sample is old, widely used, and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.”

In the days and weeks after the meeting, emails show officials preparing an intelligence community assessment on Russia’s interference in the 2016 election. Obama ordered the assessment to be read by Jan. 9, 2017, and later moved the deadline up to Jan. 3.

The working plan was to brief Obama and the President-elect Trump on the assessment on Jan. 3–4, brief the Gang of Eight and the intelligence committees in Congress on Jan. 4–6, and to release a version of the assessment to the public on Jan. 6, 2017, the day when Congress was to convene to certify Trump’s election.

One of the fruits of those efforts, a version of the Intelligence Community Assessment dated Jan. 5, states that the FBI had high confidence that Russian President Vladimir Putin had ordered a campaign to meddle with the 2016 election in favor of Trump and that Russian intelligence services hacked the DNC and leaked stolen emails.

It is unclear how the FBI came to change its “low confidence” assessment.

In the years that followed, the FBI’s work on the investigation into Trump was heavily scrutinized by the House Intelligence Committee, the Senate Intelligence Committee, the Office of Inspector General, and special counsel John Durham.

To date, all of the public findings from these investigations include no further evidence for the assertion that Russia was behind the theft and release of the DNC emails. Instead, the inquiries by the House Intelligence Committee, Inspector General Michael Horowitz, and Durham, determined that the evidentiary core of the FBI’s probe consisted of the now-debunked reports by former British intelligence officer Christopher Steele.

Steele was retained by Fusion GPS, which was in turn retained by the Clinton campaign through Perkins Coie, the same law firm that recommended that the DNC hire Crowdstrike to handle the cyber intrusion.

While the FBI was ultimately unable to verify any of the Steele reporting, the dossier played a central role in the bureau’s decision to secure surveillance warrants to monitor Carter Page, a Trump campaign associate. An inspector general inquiry into the bureau’s work on securing the warrants found significant failures among the rank-and-file and supervisors involved.