Trump’s aversion to calling out the Kremlin for its malign activities in cyberspace and his deference to Russian President Vladimir Putin has become a hallmark of his presidency. He has repeatedly trusted the word of Putin over the assessments of his own intelligence community, including its conclusion that Russia waged a sophisticated campaign to interfere in the 2016 presidential election — a verdict Trump believes calls into question the legitimacy of his victory four years ago.
His tweets Saturday raise fresh concerns that he will seek to shrug off what may turn out to be a cyber hack of unprecedented scale, and that Russia will not be held to account. The president has complained to advisers, who believe Russia is culpable, that the intrusions are a fake narrative meant to damage him politically.
“The Cyber Hack is far greater in the Fake News Media than in actuality,” Trump tweeted, despite a federal alert in recent days that called the widespread cyber espionage campaign “a grave risk to” government agencies and the private sector.
“I have been fully briefed and everything is well under control,” he said, while agencies are scrambling to investigate and contain major breaches at agencies including the State, Treasury, Energy, Homeland Security and Commerce departments — an effort that is likely to take months.
He also speculated, with no evidence, that the hacks may also have included “a hit on our ridiculous voting machines during the election, which is now obvious that I won big.” Twitter flagged that assertion, saying that “multiple sources called this election differently.” There is no evidence that November’s election was undermined by significant or widespread fraud, despite Trump’s insistence otherwise.
Trump had, until Saturday, studiously avoided the topic, reluctant to address publicly an issue that has bedeviled him since he took office: Russia’s hacking of U.S. targets. He broke his silence only after he was criticized publicly by lawmakers from both parties for an apparent unwillingness to confront Putin.
White House officials had drafted a statement to be released Friday accusing Moscow of carrying out the cyber intrusions in a months-long campaign, but they were blocked from doing so, said a senior administration official, who like others spoke on the condition of anonymity because of the matter’s sensitivity.
But Pompeo, in an interview on “The Mark Levin Show,” had no qualms about speaking out. “This was a very significant effort,” he said, “and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”
Pompeo did not specify which branch of the Russian government carried out the campaign, but U.S. officials have privately said they believe it is the foreign intelligence service, the SVR, a successor agency to the KGB. None have suggested that China played any role.
Moscow has denied any involvement in the intrusions. Federal agencies were first revealed to have been hacked last weekend.
Pompeo said he could not say much more as the investigations were ongoing. “But suffice it to say, there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems, and it now appears systems of private companies and companies and governments across the world as well,” he told Levin, a syndicated radio talk show host.
His remarks come as government agencies and affected companies race to figure out the scope of the breaches, how the Russians carried them off without being detected for months and how to prevent future compromises.
The president is intent on turning the conversation to China and its coercive activities in the technology and economic spheres and its human rights abuses, a second official said. He has directed advisers to look for ways in the waning days of his administration to confront Beijing over those issues, the official said.
Trump’s comments Saturday reflect a long-running disregard for the facts and his disinterest in what he calls “the cyber,” analysts and former aides said. “Starting with Trump’s very first meeting with Putin to today’s tweets we’ve seen an almost unbreakable pattern of denying the obvious about Russia’s misdeeds while carrying water for the Kremlin,” said Andrew Weiss, a Russia expert and vice president for studies at the Carnegie Endowment for International Peace. “Trump’s comments are totally divorced from reality.”
Gregory F. Treverton, a former chairman of the National Intelligence Council, the government’s senior-most provider of intelligence analysis, said that Trump “behaves so much like a paid Russian agent.”
“If you look at the string of his actions and pronouncements,” Treverton said, “the only consistent interpretation that you can logically draw is that he’s in their thrall.”
The Obama administration saw that campaign, as disturbing as it was, as classic espionage of the sort that states routinely engage in against each other, rather than as a disruptive attack, and so did not retaliate, said Michael Daniel, who was Obama’s White House cyber coordinator. Officials were not aware of the thousands of other victims in the private sector and other countries at the time, he said. The administration never publicly accused Russia of perpetrating the hacks.
This time, the context is different. There is widespread publicity around the breaches, which could turn out to be unprecedented in scale. The nature of the compromises, involving corruption of software commonly used by thousands of large organizations around the globe, is alarming. And the public is much more attuned to Russia’s malign activity in cyberspace, in the wake of its 2016 election interference.
Thus far, there is no sign that the intrusions have resulted in disruption or destruction, and the SVR is known mostly for conducting espionage. That doesn’t mean, however, the activity is not a precursor to something beyond spying, some analysts said.
In any case, Pompeo’s “attribution is a very important step,” said Tom Bossert, who was Trump’s homeland security adviser until April 2018. “The United States can now direct its focus and unite the world against this outrage.”
He said the Russian government is holding American networks at risk. “We must impose a cost on the Russians,” he said. “Until we start defending digital infrastructure as if commercial and government operations depended on it, we will remain rudderless.”
Microsoft, a major software and cloud provider, alerted several federal agencies last weekend to the fact that they were breached, its president Brad Smith told The Washington Post in an interview this past week.
“No one should be shocked that a company like Microsoft would be the first to identify any particular customer that has been breached,” he said.
Smith said so far the company has notified a little more than 40 customers who were breached, and that 80 percent of them were in the United States. The others were in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates.
Britain so far has seen only a small number of victims, all in the private sector.
A major avenue for breaching victims’ networks was an update for computer software made by a Texas-based company called SolarWinds. The firm said about 18,000 customers that received the patch, for network management software called Orion, were potentially exposed. The Russians covertly added malware to the update, which installed a back door on computers that the hackers could use to enter a victim’s system at will.
But the intruders were selective in choosing who to compromise. Not everyone who downloaded the patch was seen as an attractive target, Microsoft said.
The SolarWinds update was not the only path into victims’ networks, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said in an alert this past week. “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” the agency said.
Microsoft is itself a SolarWinds customer and acknowledged in a statement this past week it had found SolarWinds malware “in our environment,” which it isolated and removed.
In his interview with The Post, Smith said none of Microsoft’s customers had been breached through the software giant. “I think we can give you a blanket answer that affirmatively states, no, we are not aware of any customers being attacked through Microsoft’s cloud services or any of our other services, for that matter, by this hacker.”
He said: “Lots of people have been hacked and a lot of the people that have been hacked happen to be Microsoft customers and Microsoft cloud customers. But that doesn’t mean they were hacked or attacked through the Microsoft cloud.”
Smith in a blog post called for the establishment of a global norm forbidding the type of “broad and reckless activity” used against SolarWinds and its customers, which threatened the integrity of the broader software supply chain.
A norm against compromising that supply chain would “kneecap intelligence collection” by western democracies, said Thomas Rid, a cyber espionage expert at Johns Hopkins University. Worse, nondemocratic states would not abide by it, he said. “Some of the most successful western intelligence operations were supply chain compromises,” he said, citing a decades-long operation in which rigged encryption machines allowed U.S. intelligence agencies to spy on dozens of countries undetected.
Daniel, the former White House cyber coordinator, said a broad-based supply chain compromise that affects many different organizations indiscriminately “should probably be frowned upon.” But, he said, to argue that a western spy agency is never going to use the supply chain to spy on an adversary is unrealistic. “For a well-defended adversary,” he said, “it’s something you may want to consider.”
Karen DeYoung contributed to this report.