President Donald Trump addressed the ongoing cyber hacks of the U.S. government for the first time on Saturday, seeking to turn blame away from Moscow while downplaying their gravity.
In a bizarre outburst on Twitter, he contradicted his top diplomat, Secretary of State Mike Pompeo, who on Friday pinned the breaches that have afflicted at least five major federal agencies “clearly” on Russia, and the president even floated the possibility that the true culprit “may be China (it may!)”
Trump’s aversion to calling out the Kremlin for its malign activities in cyberspace and his deference to Russian President Vladimir Putin has become a hallmark of his presidency. He has repeatedly trusted the word of Putin over the assessments of his own intelligence community, including its conclusion that Russia waged a campaign to interfere in the 2016 presidential election – a verdict he believes calls into question the legitimacy of his victory four years ago.
His tweets on Saturday raise fresh concerns that he will seek to shrug off what may turn out to be a cyber hack of unprecedented scale, and that Russia will not be held to account.
“The Cyber Hack is far greater in the Fake News Media than in actuality,” Trump tweeted, despite a federal alert in recent days that called the widespread cyber espionage campaign “a grave risk to” government agencies and the private sector.
“I have been fully briefed and everything is well under control,” he said, while agencies are scrambling to investigate and contain a series of major breaches at agencies including the State, Treasury, Energy, Homeland Security and Commerce departments – an effort that is likely to take months.
He also speculated, with no evidence, that the hacks may also have included “a hit on our ridiculous voting machines during the election, which is now obvious that I won big.” Twitter flagged that assertion, saying that “multiple sources called this election differently.” There is no evidence that November’s election was undermined by significant or widespread fraud, despite Trump’s insistence otherwise.
Trump had, until Saturday, studiously avoided the topic, reluctant to address publicly an issue that has bedeviled him since he took office: Russia’s hacking of U.S. targets. He broke his silence only after he was criticized publicly by lawmakers from both parties for an apparent unwillingness to confront Putin.
White House officials had drafted a statement to be released Friday accusing Moscow of carrying out the cyber intrusions in a months-long campaign, but they were blocked from doing so, said a senior administration official, who like others spoke on the condition of anonymity because of the matter’s sensitivity.
But Pompeo, in an interview on “The Mark Levin Show,” had no qualms about speaking out. “This was a very significant effort,” he said, “and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”
Pompeo did not specify which branch of the Russian government carried out the campaign, but U.S. officials have privately said they believe it is the foreign intelligence service, the SVR, a successor agency to the KGB. None have suggested that China played any role.
Moscow has denied any involvement in the intrusions. Federal agencies were first revealed to have been hacked last weekend.
Pompeo said he could not say much more as the investigations were ongoing. “But suffice it to say, there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems, and it now appears systems of private companies and companies and governments across the world as well,” he told Levin, a syndicated radio talk show host.
His remarks come as government agencies and affected companies race to figure out the scope of the breaches, how the Russians carried them off without being detected for months and how to prevent future compromises.
The president is intent on turning the conversation to China and its coercive activities in the technology and economic spheres and its human rights abuses, a second official said. He has directed advisers to look for ways in the waning days of his administration to confront Beijing over those issues, the official said.
Russia’s SVR waged a widespread cyber espionage campaign in 2014-2015 that ensnared the State Department, Pentagon Joint Chiefs of Staff and White House unclassified email networks, among other targets.
The Obama administration saw that campaign, as disturbing as it was, as classic espionage of the sort that states routinely engage in against each other, rather than as a disruptive attack, and so did not retaliate, said Michael Daniel, who was President Barack Obama’s White House cyber coordinator. Officials were not aware of the thousands of other victims in the private sector and other countries at the time, he said. The administration never publicly accused Russia of perpetrating the hacks.
This time, the context is different. There is widespread publicity around the breaches, which could turn out to be unprecedented in scale. The nature of the compromises, involving corruption of software commonly used by thousands of large organizations around the globe, is alarming. And the public is much more attuned to Russia’s malign activity in cyberspace, in the wake of its 2016 election interference.
Thus far, there is no sign that the intrusions have resulted in disruption or destruction, and the SVR is known mostly for conducting espionage. That doesn’t mean, however, the activity is not a precursor to something beyond spying, some analysts said.
In any case, Pompeo’s “attribution is a very important step,” said Tom Bossert, who was Trump’s homeland security adviser until April 2018. “The United States can now direct its focus and unite the world against this outrage.”
He said the Russian government is holding American networks at risk. “We must impose a cost on the Russians,” he said. “Until we start defending digital infrastructure as if commercial and government operations depended on it, we will remain rudderless.”
Microsoft, a major software and cloud provider, alerted several federal agencies last weekend to the fact that they were breached, its president Brad Smith told The Washington Post in an interview this week.
Smith said so far the company has notified a little more than 40 customers who were breached, and that 80 percent of them were in the United States. The others were in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates.
Britain so far has seen only a small number of victims, all in the private sector.
A major avenue for breaching victims’ networks was an update for computer software made by a Texas-based company called SolarWinds. The firm said about 18,000 customers that received the patch, for network management software called Orion, were potentially exposed. The Russians covertly added malware to the update, which installed a backdoor on computers that the hackers could use to enter a victim’s system at will.
But the intruders were selective in choosing who to compromise. Not everyone who downloaded the patch was seen as an attractive target, Microsoft said.
The SolarWinds update was not the only path into victims’ networks, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said in an alert this week. “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” the agency said.
Microsoft is itself a SolarWinds customer and acknowledged in a statement this week it had found SolarWinds malware “in our environment,” which it isolated and removed.
In his interview with The Post, Smith said none of Microsoft’s customers had been breached through the software giant. “I think we can give you a blanket answer that affirmatively states, no, we are not aware of any customers being attacked through Microsoft’s cloud services or any of our other services, for that matter, by this hacker.”
He said: “Lots of people have been hacked and a lot of the people that have been hacked happen to be Microsoft customers and Microsoft cloud customers. But that doesn’t mean they were hacked or attacked through the Microsoft cloud.”