Two years have passed since Russia’s interference in the 2016 election came to light, but President Trump and his administration have still failed to offer a convincing plan for how they’d react if such a widespread campaign happened again.
So says my colleague Greg Miller, who has spent this year piecing together a narrative history of Moscow’s interference in the 2016 election and its fallout. His new book, “The Apprentice: Trump, Russia and the Subversion of American Democracy,” drew from interviews with hundreds of current and former government officials and troves of documents related to the Kremlin’s unprecedented effort to disrupt U.S. politics. It comes out Oct. 2.
“We really don’t have any sense from this White House about how it would respond, what it would do,” Miller told me in a conversation about his book. “And that’s largely because Trump himself is such a wild card.”
An excerpt from the book published yesterday describes how the first alarm bells about Russian election interference sounded in mid-2016 and they came from inside the “Russia House,” a tightly secured CIA unit formally known as the Mission Center for Europe and Eurasia. "By early August, " Greg writes, "the sense of alarm had become so acute that CIA Director John Brennan called White House Chief of Staff Denis McDonough. 'I need to get in to see the president,' Brennan said, with unusual urgency in his voice."
Brennan’s request for a meeting with President Barack Obama came just weeks after WikiLeaks dumped nearly 20,000 emails stolen from Democratic Party computers and then-candidate Donald Trump called on Russia’s spy agencies to hack Hillary Clinton. "But his call to the White House was driven by something else — extraordinary intelligence that had surfaced in late July and reached deep inside the Kremlin, showing that Putin was himself directing an 'active measures' operation aimed not only at disrupting the U.S. presidential race but electing Trump."
I sat down with Greg to talk about what he learned in the course of his reporting, and whether we're any better prepared today. Here’s our conversation, edited for length and clarity.
How prepared was the intelligence community in the summer of 2016 to identify Moscow's hacking and disinformation campaigns?
Greg: I think they were fairly well-equipped and positioned to see hacking operations, and there’s lots of evidence that they did detect the hacking itself. In a weird way, this is not unlike 9/11. And some really experienced and respected intelligence officials have made that comparison. Obviously not in terms of the devastation and bodies lost, but in the failure of intelligence analysts and experts to imagine the potential of a threat, to imagine the full magnitude of a foreign threat. That was clear here — the inability to see how something like this could be weaponized. Not only taking stolen material and dumping it online, but doing it at a moment to achieve maximum impact in the middle of an American election as part of an active measure operation, augmented by an entire Russia social-media campaign. And that’s where I think the U.S. was far less prepared to detect it and see it and respond to what was happening.
You write that some months passed before it became the consensus view of the full intelligence community that Russia was trying not just to disrupt U.S. politics but get Trump elected. What happened in that intervening time that convinced the rest of the intelligence community to support this finding?
What happens is, Brennan sequesters himself in his office and he’s poring over this raw stuff for days on end. And he comes out of that really shaken, really convinced that there is something bigger happening here than anybody has appreciated at that point. So the first thing he does is calls the White House and says I need to see Obama and races to the White House to give them a readout of what he’s learned. But the next thing he does is sets up a task force with people from the FBI and the NSA. Some of them began driving to work out at CIA on its campus and they spend the next six weeks or longer trying to pull everything in from their agencies and assemble this into a more compelling, authoritative, comprehensive case that they can take not only to the White House but to Congress.
But there are setbacks all along the way and a lot of them are political. Some of the more frustrating moments that I think readers will encounter in the book describe Brennan’s efforts to convince members of Congress to tell them what’s happening — Russia’s in the middle of our election, Russia’s trying to hurt us and Russia’s trying to help one candidate in particular. And how some of those members he’s talking to, particularly Devin Nunes and Mitch McConnell, reject that.
We’ve had a long time to ponder how the Obama administration has responded. Did your reporting give you any new insights about that — are you any more convinced that they got it right or wrong?
We wrote a lengthy story last year on Obama’s struggle to respond in real time to this. And there was this quote in there from a senior administration official saying “I feel like we sort of choked,” and that quote got a lot of attention. But it wasn’t an outlier. I think there were a lot of people who were part of that process who felt in the aftermath like that was true.
It’s hard to look back on that period and the decisions that Obama made without feeling like, man, they probably wish they could do that differently.
Has the Trump administration learned any lessons from its predecessor?
It’s so schizophrenic. It was only recently that Trump convened a National Security Council meeting on Russia and threats to American elections. That’s amazing. Two years into his term, and even then it was by all accounts an exercise for appearances’ sake. He takes part in this meeting for 45 minutes and then leaves to go off to a golf course.
There are people in the Trump administration and numerous federal agencies who are very worried about this threat, who take it seriously and are trying to do lots of things that are necessary to safeguard American democracy. But they can’t come close to having the impact that they could if they had a president who had their back, who was equally convinced, who was marshaling resources and calling attention to the issue.
The midterms are around the corner and the intelligence community says Russia is still trying to interfere in U.S. politics. What has changed about how they’re dealing with the threat?
There’s a ton more awareness about this for the public and the government. At same time, I’m not convinced there’s any semblance of a thought-through game plan. If this happens again, if it starts to achieve some sort of impact in an election here or an election there or more broadly, what will the government do this time? We really don’t have any sense from this White House about how it would respond, what it would do. And that’s largely because Trump himself is such a wild card.
You talked to a lot of current administration officials about this for this book. How do they feel?
Initially, there was a lot of denial and disbelief. I don’t think anybody at this stage of this administration inside the CIA or the FBI or anywhere else is any longer surprised that they work for a president who could undermine them at any moment, doubts them, casts aspersions on them constantly. So I think there’s weirdly some sort of acceptance of it. I think that they’re dismayed and they’re deeply worried about how this ends, about what happens next.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: Sen. Ron Wyden (D-Ore.) on Wednesday said his office found that “at least one major technology company” notified a number of senators and Senate staffers “that their personal email accounts were targeted by foreign government hackers.” Moreover, Wyden said, cybersecurity staff from the Senate Office of the Sergeant at Arms “apparently refused” to provide assistance to the senators and staffers that had been targeted by those attacks because they took aim at personal accounts.
As my colleague Karoun Demirjian reports, Wyden didn't say which company made the discoveries, “nor did he give more details about what type of attempted hacking or other targeting had transpired. But the letter doubles as an appeal for support for legislation that Wyden is writing to expand the protection mandate of the Senate sergeant-at-arms to cover personal devices and accounts.”
“This approach must change to keep up with changing world realities,” Wyden said in a letter to Senate Majority Leader Mitch McConnell (R-Ky.), Senate Minority Leader Chuck Schumer (D-N.Y.), Senate Rules and Administration Committee Chairman Roy Blunt (R-Mo.) and Sen. Amy Klobuchar (D-Minn.), the committee's ranking Democrat. Wyden also said he was introducing legislation to allow the Office of the Sergeant at Arms to provide assistance to senators and staffers for their personal devices and accounts. He asked McConnell, Schumer, Blunt and Klobuchar to support the legislation.
“The November election grows ever closer, Russia continues its attacks on our democracy, and the Senate simply does not have the luxury of further delays,” Wyden said. Additionally, he enclosed a letter he received in April from Michael S. Rogers, then director of the National Security Agency, in which Rogers said senior government officials' personal devices and accounts “remain prime targets for exploitation.”
PATCHED: Sen. Kamala Harris (D-Calif.) and six other Democratic lawmakers warned that misusing facial recognition could turn the technology into a tool for discrimination. “While facial recognition technology offers great potential to help law enforcement solve crimes and catch criminals, it can also be used in ways that threaten civil rights and civil liberties,” Harris, Sen. Cory Booker (N.J.) and Rep. Cedric Richmond (La.), the chairman of the Congressional Black Caucus, wrote to FBI Director Christopher Wray in a letter dated Sept. 17.
Harris, Booker and Richmond questioned Wray about the accuracy of the FBI's Next Generation Identification-Interstate Photo System, a database of mug shots that allows law enforcement agencies to conduct searches using facial recognition technology. “We are also eager to ensure that the FBI responds to the latest research, particularly research that confirms that face recognition technology underperforms when analyzing the faces of women and African Americans,” the lawmakers said.
In a letter to the U.S. Equal Employment Opportunity Commission, Harris as well as Sens. Patty Murray (Wash.) and Elizabeth Warren (Mass.) said they worried that facial recognition tools could result in discrimination in the workplace or during the recruitment of job candidates. The senators asked the EEOC to come up with guidelines for employers on using facial recognition in a fair manner and examine how the technology could run afoul of anti-discrimination legislation.
Harris and three of her Democratic colleagues also expressed concerns in a letter to the Federal Trade Commission that facial recognition could amplify racial discrimination and other biases against consumers. “Consider, for example, a situation in which an African American female in a retail store is misidentified as a shoplifter by a biased facial recognition technology and is falsely arrested based on this information,” Harris, Booker, Wyden and Sen. Richard Blumenthal (Conn.) said in a Sept. 17 letter to the FTC.
PWNED: Facebook is establishing a “War Room” at the company's headquarters to help protect elections from online misinformation efforts. “More than 300 people across the company are working on the initiative, but the War Room will house a team of about 20 focused on rooting out disinformation, monitoring false news and deleting fake accounts that may be trying to influence voters before elections in the United States, Brazil and other countries,” the New York Times's Sheera Frenkel and Mike Isaac reported Wednesday. “‘We see this as probably the biggest companywide reorientation since our shift from desktops to mobile phones,’ said Samidh Chakrabarti, who leads Facebook’s elections and civic engagement team. The company, he added, ‘has mobilized to make this happen.’”
As part of those efforts to protect elections, Chakrabarti told the Times that the company will rely on software that helps monitor information in real time as it travels on Facebook. “These dashboards resemble a set of line and bar graphs, with statistics that provide a view into how activity on the platform is changing,” Frenkel and Isaac wrote. “They allow employees to zero in on, say, a specific false news story in wide circulation or a spike in automated accounts being created in a particular geographic area.”
— Bob Lord, chief information security officer at the Democratic National Committee, told Forbes's Thomas Brewster that the DNC is recommending Democrats — from campaigns to state-level organizations — use iPhones instead of Android devices. “Lord, who was previously in the same role at tech giant Yahoo, told Forbes that one key reason for choosing iPhones over Androids was that Apple provided patches for security weaknesses quicker than Google's myriad device manufacturers,” Brewster reported on Wednesday. “That wasn't just Lord's opinion; that's what he heard when he asked for feedback from various Democratic organizations on their smartphone security.”
— More cybersecurity news from the public sector:
— “Hackers are illegally generating Monero, Bitcoin and other cryptocurrencies by exploiting a software flaw that was leaked from the U.S. government, according to new research, raising questions about the security of one of the fastest-growing corners of financial markets,” Bloomberg News's Alyza Sebenius reported. “Detected cases of illicit cryptocurrency mining — the digital equivalent of minting money — have surged 459 percent in 2018 compared to last year, Cyber Threat Alliance said in a report released Wednesday.”
— More cybersecurity news from the private sector:
— “Hardware retailer Newegg suffered a month-long data breach that exposed users’ credit card information to the same hackers who targeted British Airways and Ticketmaster UK earlier this year,” the Verge's Shannon Liao reported Wednesday. “The exact scope of the attack is still unknown as the company just discovered the breach yesterday and began taking action. Newegg sees about 50 million monthly visitors and has a business valued at $2.65 billion.”
- Detect '18 conference in National Harbor, Md., through tomorrow.
- ShellCon 2018 conference in San Pedro, Calif., tomorrow through Saturday.
Trump: “I'm disappointed in the attorney general for many reasons”
Chevy Chase: “I'm proud to be who I am”
Late-night laughs: GOP stands by Kavanaugh