From long ago retired McGovern
Independent forensic investigations demonstrated two years ago that the DNC emails were not hacked over the Internet, but had been copied onto an external storage device — probably a thumb drive.
From the article he sited as evidence (also on CN)
Over the last few weeks, we ran three tests to determine how quickly data could be exfiltrated from the U.S. across the Atlantic to Europe.
–First, we used a 100 megabits-per-second (mbps) line to pull data from a one-gigabyte file to Amsterdam. The peak transfer speed was .8 MBps.
–Second, we used a commercial DSL (Digital Subscriber Line) to send the same one-gigabyte file to a commercial DSL in Amsterdam. The peak transfer speed was 1.8 MBps.
–Third, we pushed the same one-gigabyte file from a data center in New Jersey to a data center in the UK. The peak transfer speed was 12 MBps.
None of these attempts achieve anything close to the average rate of 22.7 megabytes per second evident in the July 5, 2016 download/copy associated with the DNC. In fact, this happens to be the speed typical of a transfer to a USB-2 external storage device. We do not think this pure coincidence; rather, it is additional evidence of a local download.
From the Mueller Report
The hackers used Mimikatz, a hacking tool used once an intruder is already in a target network, to collect credentials, and two other kinds of malware: X-Agent for taking screenshots and logging keystrokes, and X-Tunnel used to exfiltrate massive amounts of data from the network to servers controlled by the GRU. Mueller’s report found that Unit 26165 used several “middle servers” to act as a buffer between the hacked networks and the GRU’s main operations. Those servers, Mueller said, were hosted in Arizona — likely as a way to obfuscate where the attackers were located but also to avoid suspicion or detection.