After Trump Spent Four Years Inviting Russia to Hack the US, Russia Allegedly Did Just That

Yesterday, Reuters revealed that the same vulnerability used to steal FireEye’s Red Team tools was also used to spy on Treasury and Commerce’s National Telecommunications and Information Administration, which administers the Internet. Then WaPo revealed that Russia’s APT 29 hacking group is believed to be behind the compromise. Multiple outlets — including FireEye itself — revealed that the hack had used a vulnerability in SolarWinds IT monitoring software identified in the spring. FireEye explains the hack has targeted, “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” (presumably reflecting what they’ve seen in their clients as they respond to their own compromise). And CISA issued an emergency directive aiming to stem the damage in agencies beyond just Treasury and NTIA (among SolarWinds’ other US government clients are DOJ and two nuclear labs, as well as Booz Allen, which might as well be US government). Later today, Reuters confirmed that DHS had also been targeted. State, NIH, and parts of the Pentagon have also been targeted.

Let me make clear before I start that thus far, this is nation-state spying, without the kind of sabotage we’ve seen from Russia in the past (if it is indeed Russia). Russia would do what they did with this vulnerability with or without Trump in office (indeed, I have a suspicion their overt hacks of the US will go up under President Biden, mostly because Trump didn’t need any help damaging the US government). While the full scope of the victims is not yet known, it’s quite clear that hackers targeted a slew of entities, governmental and not, with this campaign. So having Trump in office in no way created this campaign nor chose the target.

Nevertheless, it is the case that the President of the United States, as a policy matter, has gone to great lengths to make it easier for Russia to minimize the costs of hacking the US.

Almost four years ago, Mike Flynn called up the Russian Ambassador and asked him not to box the Trump Administration in in the wake of President Obama’s effort to hold Russia accountable for interfering in our elections, in part by hacking multiple participants in it, from both parties. Vladimir Putin complied with Flynn’s request, taking no steps in response. Not only did Sergey Kislyak make sure Flynn knew that his request had played a key role in Putin’s decision, but he told Flynn that the Trump Administration and Russia were on the same side, targeted by sanctions aiming to incur a cost for Russia’s actions. “I just wanted to tell you that we found that these actions have targeted not only against Russia, but also against the president elect.”

Well before Kislyak had suggested to the 30-year intelligence veteran that Russia and Trump were on the same side against establishment America, Flynn had already taken steps to hide his actions, perhaps because some Transition members, like Marshall Billingslea, objected to the pre-inauguration outreach to Russia.

When the whole thing got leaked to the public, Flynn lied even to the Vice President-Elect about his outreach.

But Trump appears to have been in on the secret. “The boss is aware” of Kislyak’s earlier requests of the Administration, Flynn told Kislyak on December 31, 2016. Indeed, Flynn made the first call that he would later lie about from Mar-a-Lago, while Flynn, “worked all day with trump from Mara lago,” as KT McFarland bragged in real time.

When the FBI interviewed Flynn about those calls a month later, he lied about the requests he had made of Russia. But he appears to have told a remarkable truth about one thing. “With regard to the scope of the Russians who were expelled,” from the US in retaliation for interfering in a US election, the FBI agents who interviewed him wrote, “FLYNN said he did not understand it. FLYNN stated he could understand one [diplomat expelled as a persona non-grata], but not thirty-five.” General Flynn, a thirty year veteran, thought an appropriate response to a systematic assault on American democracy was to kick out one suspected spy.

Months later (though this would not be revealed until years later), the newly installed President would make it clear he agreed with his short-lived National Security Advisor. In his first face-to-face meeting with representatives from Russia as President on May 10, 2017, President Trump told Foreign Minister Sergey Lavrov that he was unconcerned about Russian interference in the election that had made him President, because the US had historically done the same in other countries. Trump’s officials would take efforts to hide the most embarrassing aspects of that meeting (including that Trump shared highly sensitive Israeli intelligence with the Russians), first by altering the MemCon of the meeting and then having Trump’s new National Security Advisor, HR McMaster, give, “a misleading account of what happened during TRUMP’s meeting with LAVROV.” And Russia would have known that Trump and McMaster were lying.

Before Trump would tell Russia, to their face, that he didn’t much mind that Russia had hacked American democracy, he started dismantling the United State’s ability to prevent further hacks. That started with an effort to prevent the FBI from investigating why Flynn had reached out to Russia to undermine sanctions and (as a sentencing memo approved by Bill Barr’s DOJ would later explain) who ordered him to do so. The day Trump learned the FBI had interviewed Flynn, he asked FBI Director James Comey for loyalty. Then, after Trump fired Flynn — ostensibly for lying to the Vice President — he then privately asked the FBI Director to, “let[] this thing go, to let[] Flynn go.” After Comey testified publicly to Congress about the investigation, Trump fired him.

A long line of people would follow Comey out the door, many of them experts on Russia or counterintelligence or cybersecurity. Trump invented reasons in most cases (reasons that, as with Comey, sharply conflicted with his own views about Hillary Clinton). The obvious real reason had to do with retaliation for investigating him. But in those firings and resignations, Trump got rid of numerous people who had long fought Russian organized crime (like Andrew McCabe and Bruce Ohr), and counterintelligence experts like Peter Strzok. Before and after his impeachment, he got rid of other Russian experts like Marie Yovanovitch and Alexander Vindman. Even those who left of their own accord, like Fiona Hill, were demonized for their true testimony under subpoena.

The most remarkable moment came in July 2018, shortly after the Mueller team indicted Russia’s hackers for their attack on our democracy, when Trump met Putin in Helsinki.

Days before the meeting — though possibly after he had been warned the indictment was coming — Trump announced that he and Putin were talking about cybersecurity cooperation.

Then at the actual summit, with Putin displaying Trump like a soggy trophy, Trump sided with Putin’s denials over the US intelligence community in part because of conspiracy theories about the DNC server.

My people came to me, Dan Coats, came to me and some others, they said they think it’s Russia. I have President Putin. He just said it’s not Russia.

I will say this: I don’t see any reason why it would be. But I really do want to see the server but I have confidence in both parties.

I really believe that this will probably go on for a while, but I don’t think it can go on without finding out what happened to the server. What happened to the servers of the Pakistani gentleman that worked on the DNC?

Where are those servers? They’re missing. Where are they? What happened to Hillary Clinton’s emails? 33,000 emails gone, just gone. I think in Russia they wouldn’t be gone so easily.

I think it’s a disgrace that we can’t get Hillary Clinton’s 33,000 emails.

I have great confidence in my intelligence people, but I will tell you that President Putin was extremely strong and powerful in his denial today and what he did is an incredible offer.

He offered to have the people working on the case come and work with their investigators, with respect to the 12 people. I think that’s an incredible offer. Okay? Thank you.

That is, after a lengthy meeting with Putin, Trump simply decided — perhaps because he had to decide — that Russia had not attacked the US at all. His solution, per Putin’s suggestion, was to send people who had been investigating Russian crimes to Russia, something that has gotten people killed in the past.

Meanwhile, Trump started dismantling the cybersecurity defenses built up during the Obama Administration. The first day John Bolton started as Trump’s third National Security Advisor, experienced cybersecurity guy Tom Bossert was fired as Homeland Security czar.

President Donald Trump’s homeland security adviser, Tom Bossert, was fired Tuesday as the president’s new national security adviser, John Bolton, consolidates power in the White House.

On Monday night, Bossert was socializing with current and former U.S. Intelligence officials at a conference in Sea Island, Georgia, and a source close to him told NBC News that the adviser was unaware of any intention at the White House to seek his resignation, and that he had no plans to quit.

“New team,” the source said, without further explanation.

Bossert was called in to Bolton’s office early Tuesday morning and told that he was being fired, according to a source with direct knowledge.

Trump’s associates may have figured out that Bossert had provided key details about the events at Mar a Lago in December 2016; he also appears to have provided emails to Mueller’s team that helped them to get those of others like Jared Kushner and Steve Bannon.

Rob Joyce, a top NSA expert, was moved back to the Agency a few months after Bossert left. So even as Bolton was downgrading the pandemic expertise within NSC, he was also eliminating top cybersecurity talent.

That was done because Bolton is a power hungry asshole. But Trump continued eliminating cybersecurity expertise (even beyond that ensuring secure elections) in a fit of pique after the election. At a time when this hack would have already started, Trump fired the head of CISA, Chris Krebs, along with a deputy because they refused to back his conspiracy theories about the election. Politico reported that, in Krebs’ absence, “There is ‘massive frustration with CISA on a sluggish response to agency breaches.'”

Cybersecurity was one area where Trump’s team really was every bit the match of Obama’s — if not better. But Trump fired or removed key people one after another.

Similarly, also in a fit of pique, Trump put one after another unqualified flunky in charge of the entire Intelligence Community, first Twitter troll Ric Grenell and then resume fluffer John Ratcliffe. He did so, in substantial part, because they would ensure that Congress would not get briefed on threats from Russia. He also did so to ensure documents that purportedly undermined the case that he had been elected with Russian help would be released to the public. Under the two men, the government released documents that might have revealed key details about sources and methods to the Russians, both on how they collected on the Russian Embassy and on how quickly the CIA picked up certain pieces of intelligence in summer 2016.

Finally, things have come full circle. After Flynn blew up a perfectly good plea agreement (I’ll show in a few days he still would have been better off with that) largely in the service of making unsubstantiated claims of abuse refuted even by Barr’s DOJ along the way, Barr needed to help him out of the legal pickle and jail time his shitty defense attorney Sidney Powell got him into. As part of that effort, the Attorney General of the United States moved to dismiss the prosecution based off a claim (one that conflicted with a filing submitted by his own DOJ months earlier) that Flynn did nothing wrong by calling up Russia to undermine sanctions imposed, in part, to punish them for a hack. The case was so weak, the team trying to invent excuses for why Flynn shouldn’t be prosecuted for lying to hide his attempts to undermine sanctions on Russia altered documents. And that still didn’t work.

And so, along with a Thanksgiving turkey, Trump pardoned Mike Flynn, his first act of lame duck clemency, for Flynn’s service in protecting Trump from accountability for, himself, undermining those sanctions. Trump came into office telling Russia not to worry about hacking the United States. Trump told them explicitly, to their face, not to worry about hacking the United States. And in pardoning Mike Flynn, Trump made it clear that Russia should not worry — about Trump at least — about hacking the Untied States.

We will presumably get more certainty in days ahead about whether Russia did this hack, as well as the many key targets of it. The real question, however, will be whether Trump will be held accountable for inviting it to happen.

Update: The NYT describes analysis pointing out that Trump continues to sow conspiracy theories about voter fraud while remaining silent about getting pwned by his buddy Putin.

Analysts said it was hard to know which was worse: that the federal government was blindsided again by Russian intelligence agencies, or that when it was evident what was happening, White House officials said nothing.

But this much is clear: While President Trump was complaining about the hack that wasn’t — the supposed manipulation of votes in an election he had clearly and fairly lost — he was silent on the fact that Russians were hacking the building next door to him: the United States Treasury.

Updated with link to Politico and expanded list of targets.

Update: Richard Blumenthal, after attending a classified briefing on this compromise, has repeatedly attributed it to Russia.

Mike Pompeo has similarly stated, as fact, that Russia did it.

32 replies
  1. Joseph Andrews says:

    Ms. Wheeler wrote this:

    “Rob Joyce, a top NSA expert, was moved back to the Agency a few months after Bossert left. So even as Bolton was downgrading the pandemic expertise within NSC, he was also eliminating top cybersecurity talent.”

    I suspect I read her work, and admire her work…about as much as the next guy (or gal). I very much admire her tenaciousness and hope that very tenaciousness does not blind her (or her readers) to an occasional fact/interpretation from the other side of things.

    Don’t get me wrong…I’m not on the other side of things.

    Back to the point I’m trying to make: I click on the link provided…and the first paragraph of the wapost article is this:

    “The top White House official responsible for leading the U.S. response in the event of a deadly pandemic has left the administration, and the global health security team he oversaw has been disbanded under a reorganization by national security adviser John Bolton.”

    My God. I wish I could put that in bold and in italics and make the font size giant. Ms. Wheeler knew…I don’t think the unwashed (and I’m in that category here) knew this. I’m no fan of Bolton…and this is simply gigantic/enormous/ginormous.

    I so treasure looking at emptywheel. I’m coming to believe that it was the free press that was a primary force behind Biden’s victory.

    One more thing: reading Talking Points Memo informed me of something that probably the well-informed readers here already knew: the Flynn/Trump attorney (correctly) pilloried here (Sidney Powell) wrote for J. Kushner’s tabloid? Writing wingnut trash?

    Heaven help us.

  2. dude says:

    …” And in pardoning Mike Flynn, Trump made it clear that Russia should not worry — about Trump at least — about hacking the Untied States”

    …….yes, and it feels like the Untied States. We’re coming apart. Hacked to pieces.

    • Chris.EL says:

      Still don’t know if it is feasible; so many things are coming to light now, such as this great post by Dr. Wheeler (PhD?, Juris Doctor?) (personally, I have only a bachelor of science, so I’m a Ms., but I digress…).

      I’d like to see Trump impeached for the purpose of rendering him ineligible for any other public office.

      Trump is, after all, a lame duck prez, and a tricky ducky.

      • Peterr says:

        From the “About” page in the menu bar at the top: “Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship.”

    • donald root says:

      i do not know the exact definition of treason, but i wonder at what point trump’s inaction to the hacking qualifies for it.

      • Rayne says:

        18 U.S. Code § 2381 – Treason

        Whoever, owing allegiance to the United States, levies war against them or adheres to their enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer death, or shall be imprisoned not less than five years and fined under this title but not less than $10,000; and shall be incapable of holding any office under the United States.

        Since we are not in a declared state of war, treason is not likely to fit as a definition. If there were more than one person engaged cooperatively or collaboratively — in collusion, one might say — Trump’s actions or inaction might fit seditious conspiracy.

        18 U.S. Code § 2384 – Seditious conspiracy

        If two or more persons in any State or Territory, or in any place subject to the jurisdiction of the United States, conspire to overthrow, put down, or to destroy by force the Government of the United States, or to levy war against them, or to oppose by force the authority thereof, or by force to prevent, hinder, or delay the execution of any law of the United States, or by force to seize, take, or possess any property of the United States contrary to the authority thereof, they shall each be fined under this title or imprisoned not more than twenty years, or both.

        But without investigation to prove two or more parties in collusion, one might reasonably think Trump engaged in 18 U.S. Code § 2387 – Activities affecting armed forces generally. I’ll leave the link since it’s much longer than treason or seditious conspiracy.

        Congress needs to call John Bolton to testify, or the next attorney general needs to subpoena him to find out how and why certain activities were knocked off under his term as National Security Adviser including the pandemic response team because the lack of such a team affected armed forces generally.

        Ditto that fucking useless moron Robert O’Brien, the current National Security Adviser, who is flaking off on vacation right now, blowing off COVID restrictions overseas in order to shuttle his wife around Europe and the Mediterranean while the U.S. is in the middle of a national security crisis. What was his role in the firing of Chris Krebs as DHS director of Cybersecurity and Infrastructure Security Agency (CISA)?

  3. Molly Pitcher says:

    Sorry about the OT: Trump just tweeted that Barr is leaving and Rosenstein is taking over as acting AG before Christmas

    • Peterr says:

      Barr’s letter ends with “As discussed, I will spend the next week wrapping up a few remaining matters important to the Administration and depart on December 23rd.”

      I think those may be a couple of the few remaining matters, along with Manafort’s pardon.

  4. gmoke says:

    If memory serves, a few years ago someone, probably the Chinese, hacked a whole big bunch of personnel information from the US government. Looks like US cybersecurity has been a sieve for a long, long time.

    It’s been my suspicion from the very beginning that one of Trmp’s tasks in office was to destroy completely USA anti-espionage capacity. Seems like he’s pretty much done that, at least from my perch here on the edges of the infosphere so distant from the centers of power.

    • Roger says:

      It was the GAO, they share a building with USACE (Corps of Engineers) where I contracted. The Chinese spent about 6 months inside the system. Thousands of government employees and contractors received free access to a ID monitoring service.

  5. Rugger9 says:

    Let’s also recall how deferential DJT has been to Vlad the entire term, only missing the bootlicking (which may have gone on in the private meetings) in his relentless pursuit of Vlad’s approval. With DJT one must always follow the money and it seems Putin has him on a leash named Deutsche Bank.

    This is why secure networks must have minimal crosslinks, or perhaps blockchain it all.

    • Xboxershorts says:

      I hope and pray that the Helsinki translator will be called in front of the House (and hopefully, the Senate) to testify under oath.

  6. Thomasa says:

    Thank you Dr. Wheeler for painting the big picture for me to see. I spent this morning chasing bits and bytes and errant DNS servers, etc. all of which I find fascinating. But I did not understand Trump’s (et. al’s) project of dismantling the organization responsible for watching for and combating these intriguing exploits. I have a hard time with the idea that this was done in a four-year fit of pique. He’s not smart enough to understand which people to fire. Someone else pointed the way. Who?

    • Ginevra diBenci says:

      In the post, Dr. Wheeler clarifies that “power hungry asshole” John Bolton (who is, as you say, smarter than DJT) made a number of these personnel moves. Those like Chris Krebs who made the mistake of speaking truth to the public, and getting noticed for it, probably drew the gnattish attention of POTUS himself. Based on his PR campaign subsequent to being fired, I’m guessing Krebs expected what what was coming and prepared for it. I’m not mad at him.

  7. Mitch Neher says:

    Ms. Wheeler wrote, “We will presumably get more certainty in days ahead about whether Russia did this hack, as well as the many key targets of it.”

    And if FinCEN was one of the targets of the hack, then . . . well, The Russians could always point the finger at The Iranians, just like The Republicans do/have done/will continue-to-do.

  8. Eureka says:

    Meanwhile, I’ve wondered the last week if we’d hear that the hack of the European Medicines Agency (announced on the 9th) is related to this (whatever “this” is, as it sprawls in scope). It would fit pictures big (RU’s espionage targets) and focused [more goal-oriented targeting of vaccines research; labs/universities (which can include hospitals); hospitals; cold supply chains…].

    But I haven’t heard more on that EMA story; it left off with the Dutch and EU authorities investigating…

    AFP thread w/three articles:
    #BREAKING EU medicines agency says suffers cyberattack
    10:46 AM · Dec 9, 2020

    10:12 AM · Dec 10, 2020

Comments are closed.