The breach occurred under the watchful eyes of the cybersecurity firm CrowdStrike, which the NRCC was paying for "computer support" at the time. CrowdStrike was previously the source of the claims that rogue Russian hackers invaded the Democratic National Committee's (DNC) servers.
While neither the public nor Republican leaders in the House were informed of what happened in the first eight months following the hack, the NRCC did alert the FBI and CrowdStrike.
Emails continued to be stolen from the DNC for at least 20 days after CrowdStrike said it identified Russian malware as the culprit within minutes of beginning its investigation.
— Mark Ames (@MarkAmesExiled) August 24, 2018
Emails belonging to four top NRCC aides were stolen in the April breach. The NRCC did not tell Republican leaders like Speaker Paul Ryan (WI), House Majority Leader Kevin McCarthy (CA) or Majority Whip Steve Scalise (LA). They only learned about the hack after Politico contacted them for comment on the story.
The NRCC had already paid CrowdStrike nearly $80,000 in 2017 prior to the hack, after which they paid the firm another $40,000.
— Deirdre (@DeirinDC) October 30, 2018
The firm did not identify the NRCC hack; an outsourced managed security service provider discovered the breach.
Senior employees at CrowdStrike, including its Chief Technology Officer Dmitri Alperovitch and President Shawn Henry, were no stranger to the perceived Russian threat before starting work at the company. Alperovitch is a senior fellow at the NATO-funded Atlantic Council, which is incredibly hawkish towards Russia, while Henry worked under former FBI director and current special counsel Robert Mueller.
The company was granted access to the DNC's servers, which the FBI has never viewed. CrowdStrike did, however, make RAM and hard drive images of the servers, which were then handed over to the FBI.
The firm's knack for attribution is also in question, as it falsely identified Russia as being behind a hack of Ukraine's artillery systems — a claim that the Ukrainian military itself denied.
One person familiar with the investigation into the NRCC hack said that they believe the hacker to be a foreign operator, but others said they couldn't attribute it to anyone besides a sophisticated actor.
Party officials believe a foreign actor was behind the attack as well, Politico reports.
— Aaron Maté (@aaronjmate) July 21, 2018
The NRCC hired Covington and Burling, a law firm, and Mercury Public Affairs, a public relations company, to help deal with the fallout of the breach. The committee is paying them hundreds of thousands of dollars for the task, according to the outlet.
"The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity," said Ian Prior, vice president at Mercury and a former NRCC operative. "The cybersecurity of the Committee's data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter."
The emails stolen in the breach have not been made public, and there is no indication that the hackers have tried to leverage them against the party or their staffers.