One late morning in May 2016, the leaders of the Democratic National Committee huddled around a packed conference table and stared at Robert Johnston. The former Marine Corps captain gave his briefing with unemotional military precision, but what he said was so unnerving that a high-level DNC official curled up in a ball on her conference room chair as if watching a horror movie. At 30, Johnston was already an accomplished digital detective who had just left the military’s elite Cyber Command, where he had helped stanch a Russian hack on the US military’s top leadership. Now, working for a private cybersecurity company, he had to brief the DNC — while it was in the middle of a white-knuckle presidential campaign — about what he’d found in the organization’s computer networks. Their reaction was “pure shock,” Johnston recalled. “It was their worst day.”
Although the broad outlines of the DNC hack are now well-known, its details have remained mysterious, sparking sharp and persistent questions. How did the DNC miss the hack? Why did a private security consultant, rather than the FBI, examine its servers? And how did the DNC find Johnston’s firm, CrowdStrike, in the first place?
Johnston’s account — told here for the first time, and substantiated in interviews with 15 sources at the FBI, the DNC, and the Defense Department — resolves some of those questions while adding new information about the hack itself.
A political outsider who got the job essentially at random — the DNC literally called up CrowdStrike’s sales desk — Johnston was the lead investigator who determined the nature and scope of the hack, one he described less as a stealth burglary than as a brazen ransacking.