How the Obama Administration and U.S. Intelligence Responded to Russian Active Measures in 2016
The article examines how the Obama Administration and the U.S. intelligence community responded to Russia’s interference campaign targeting the 2016 American presidential election. It is the fifth article in the series “Russian Intelligence, Active Measures, and the 2016 U.S. Presidential Election.” While it is not necessary to read previous entries, it is recommended.
The first article provides definitions for the concepts “Active Measures” and “Disinformation” and provides a history past Russian interference efforts.
The second article provides a description of Russian hacking and cyber warfare efforts in the lead up the the 2016 U.S Presidential Election.
The third article describes how Russia’s Foreign and Military Intelligence agencies breached the Democratic National Committee.
The fourth article describes the role Wikileaks played in amplifying Russian Active Measures and the response of the Clinton and Trump campaigns.
This article is an excerpt from my book, While We Slept: Vladimir Putin, Donald Trump, and the Corruption of American Democracy, available here.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
According to The Wall Street Journal investigative reporter Shane Harris, in 2015 American intelligence agencies intercepted Russian government officials discussing Trump “associates” months before he officially announced his candidacy for President.
The content of some of these conversations included meetings outside of the US between Russian government officials and Trump aides and advisors. There was no mention of who these individuals were or whether they were connected to Trump’s upcoming Presidential campaign.
By late 2015, British and other European intelligence agencies began passing “quite sensitive” reports to their US counterparts of contacts between Trump advisors and Russian agents.
The first members of the Obama administration to raise an alarm that Russia might interfere in the 2016 election were the Russia hands Victoria Nuland and Celeste Wallander, the assistant secretary for European and Eurasian affairs and the senior director for Russia and Eurasia on the National Security Council, respectively.
As early as March and April of 2016, Nuland raised alarms that Putin might attempt to make the US election appear illegitimate as “payback” for US support of the Maidan Revolution in Ukraine and to delegitimize democratic elections in the eyes of Russians citizens. Despite Nuland and Wallander’s fears, Obama’s intelligence chiefs remained skeptical.
By that point, the SVR and GRU were already burrowed deep within the DNC’s networks and had exfiltrated the contents of John Podesta’s inbox.
By the spring of 2016, European intelligence agencies warned their US counterparts that Russian money might be flowing into the 2016 election.
One of the earliest oblique public acknowledgements of the threat came on May 18th, 2016.
At an event held at the Bipartisan Policy Center in Washington, DC, the Director of National Intelligence James Clapper stated that the US intelligence community had seen indications that hackers had targeted campaign computers, but he declined to elaborate further.
After the event, Clapper released a public statement. “We are aware that campaign’s and related organizations and individuals are targeted by actors with a variety of motivations — from philosophical differences to espionage — from defacements to intrusions. We defer to FBI for specific incidents.”
According to Obama’s homeland security and counterterrorism advisor Lisa Monaco, It wasn’t until Guccifer 2.0 started leaking stolen materials online on June 15th that the Russian threat to the election “crystallized” in the mind of the Obama administration.
From almost the very beginning, Administration officials had technical attribution that the Russians were behind the attacks.
The first Situation Room meetings focusing on Russian interference started taking place in July. At that time, the overriding fear in the Obama White House was the potential for Russian hackers to attack America’s physical election infrastructure.
Beginning on June 23rd, GRU hackers targeted the Illinois Board of Elections. By exploiting a vulnerability in the State Board of Elections website, the GRU gained access to, and extracted data from, a database that contained information on millions of registered Illinois voters.
Once inside, GRU hackers had the ability to delete and alter voter information, though there is no evidence that they did so.
Later that same month, the FBI warned election officials in Arizona that Russians hackers had gained access to their voter registration database.
The GRU ultimately targeted election systems in all 50 states.
Arizona authorities took the relevant systems offline between June 28th and July 8th.
Four days later, on July 12th, Illinois election IT staff noticed “spikes” in the data flow across the voter registration database server, indicating rapid and repeated queries on the application status page of the Illinois paperless voter registration website. Following this discovery, Illinois officials took the system offline.
Later in July, the FBI opened an investigation into the Illinois breach and discovered that the GRU had stolen the records of up to 500,000 Illinois voters, including names, birthdates, home addresses and partial social security numbers.
Certain members of the Obama administration began to believe that the Russians were sending them a message: they could edit the vote tallies if they wished to.
In late July, CIA sources from deep within the Kremlin provided the agency with intelligence that Vladimir Putin had personally authorized an operation aimed against the 2016 US Presidential election. Two separate CIA sources reported that Putin had articulated that the purpose of the operation was to harm Clinton and help elect Donald Trump.
This information led to the Russian operation becoming the overriding concern of CIA Director John Brennan, who sequestered himself in his office for two days to analyze all of the available intelligence on the matter.
In early August, Brennan contacted White House chief of staff Denis McDonough and asked to see President Obama.
After speaking with McDonough and then-deputy national security advisor Avril Haines, Brennan then dispatched a courier to deliver an “eyes only” intelligence summary for Obama, McDonough, Haines and National Security Advisor Susan Rice.
The next day Brennan arrived at the Oval Office for a noon meeting with Obama, McDonough, Haines and Rice. The participants were shocked and startled by the information Brennan communicated to them.
Gravely concerned, Obama ordered Brennan to procure more information as quickly as he could and to utilize the full intelligence apparatus of the United States in dealing with the Russian threat.
Brennan proceeded to lay out a plan in which he would arrange to brief the appropriate Congressional leaders, establish a multi-agency fusion-cell involving both the FBI and NSA to focus on the issue.
Brennan also emphasized the importance of secrecy so as to avoid compromising the CIA’s sources in the Kremlin. This was taken so seriously that no information related to Russian interference was included in any of the President’s Daily Briefs as its highly limited circulation was still considered too broad.
On August 4th, Brennan had a regularly scheduled call with his counterpart in Russian intelligence Alexander Bortnikov, head of the FSB. While the call was supposed to be about the Syrian Civil War, Brennan issued a warning over the Russian interference campaign.
“I told Mr. Bortnikov,” Brennan later testified, “that if Russia had such a campaign underway, it would be certain to backfire. I said that all Americans, regardless of political affiliation or whom they might support in the election, cherished their ability to elect their own leaders without outside interference or disruption. I said American voters would be outraged by any Russian attempts to interfere in the election.”
Bortnikov twice denied Russia’s involvement but told Brennan that he would inform Putin of his comments. Brennan left the conversation believing he was the first American official to bring the matter up to the Russians in an official capacity.
Meanwhile, debate raged within the Obama White House as to how to respond to the unprecedented situation.
In July, Celeste Wallander and Michael Daniel, Special Assistant to the President and Cyber Security Coordinator on the National Security Council, brought together an interagency committee to develop potential countermeasure options against Russia.
The options that were considered ranged from additional sanctions, retaliatory leaks and revelations, public and private messages and cyber disruption operations.
Victoria Nuland urged reciprocal measures be deployed that would impose steep costs on Putin personally by leaking embarrassing information on the Russian leader related to his vast secret wealth. However, Nuland was ordered to stand down by Secretary of State John Kerry.
By August, the US intelligence community came to the conclusion that the Russian cyber intruders had the capacity to edit actual vote tallies.
Late in the month, Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff Michael Daniels concluded that the Russians had attempted to penetrate the voting systems of all 50 states.
While the intelligence community would later assess that the Russians wouldn’t have been able to change enough votes to actually determine the result of the election, there were still serious fears that the Russians could discredit the results of the election in the eyes of the American electorate, particularly among the supporters of the conspiracy infatuated Trump.
Obama feared that if he retaliated against Putin he might set off an escalatory tit-for-tat that could actually lead to the very outcome he most fervently wished to avoid by provoking the Russians to attempt to meddle with the votes.
There were also fears that retaliation might threaten to reveal the carefully placed and precious sources that had provided them with key details of the Russian operation.
The administration’s thinking was fundamentally shaped by the almost universal expectation that Hillary Clinton would win the election.
It is important here to emphasize just how implausible a Trump presidency seemed to many at the time, particularly among those in power in Washington, DC. Many thought the response to the Russian activities could be safely handed over to an incoming Clinton administration.
In late July, discussions took place within the CIA and NSA about potential retaliatory measures that could be deployed against the Russians.
Three days after the Democratic Convention, Robert Joyce, the head of Tailored Access Operations (TAO), the National Security Agency’s cyber-warfare intelligence-gathering unit, gave a highly unusual interview to ABC News. The outlet reported that NSA hackers were likely targeting Russian government-linked hacking teams.
Joyce informed ABC that the NSA had the technical capabilities and legal authority to “hack back” against adversary hacking groups.
“In terms of the foreign intelligence mission, one of the things we have to do is try to understand who did a breach, who is responsible for a breach,” Joyce told ABC. “So we will use the NSA’s authorities to pursue foreign intelligence to try to get back into that collection, to understand who did it and get the attribution. That’s hard work, but that’s one of the responsibilities we have.”
Unbeknownst to him at the time, Joyce’s comments may have inspired one of the more remarkable leaks in the history of the internet.
On August 13th, a mysterious hacker group calling themselves the Shadow Brokers after characters from the sci-fi video game Mass Effect, used the account @shadowbrokers to tweet a link to the file sharing site pastebin.
Upon clicking the link you were greeted with the following message: !!! Attention government sponsors of cyber warfare and those who profit from it !!! How much you pay for enemies cyber weapons?
The Shadow Brokers hacked the NSA’s Tailored Access Operations unit, also known as the Equation Group, and stole its most secret, dangerous and coveted hacking tools.
After providing a sample of these tools, the Shadow Brokers offered to sell the rest to the highest bidder, writing the following message:
We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group cyber weapons. You see pictures. We give you some Equation Group files, you see. This is good proof, no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.
The NSA, long considered the most formidable cyber warriors on the planet, had been hacked and whoever was responsible was now threatening to sell its most dangerous cyber weapons to the highest bidder.
Given the timing of their appearance and their obvious sophistication, Russian state actors emerged early on as one of the chief suspects behind the Shadow Brokers.
On August 16th, the infamous NSA leaker Edward Snowden tweeted, “circumstantial evidence and conventional wisdom indicates Russian responsibility.”
He further claimed that the leak “is likely a warning that someone can prove responsibility for any attacks that originated from this malware server.”
Snowden concluded that someone appeared to be “sending a message that an escalation in the attribution game could get messy fast.”
The identity of who was behind the Shadow Brokers remains a mystery to this day, with some cyber security experts speculating that the threat had come from a disgruntled individual within the NSA itself.
Regardless of who was behind the hack, a shot had been fired across the NSA’s bow at a critical moment when the United States was under sustained cyber assault.
Despite this looming threat, NSA Director Admiral Michael Rogers advocated a muscular cyber response to Russian actions but was overruled by the Pentagon. Officials in the White House worried that attacking the Russians might lead to escalation and could indicate to the American public that they were not confident in the integrity of the voting system.
Meanwhile, the decentralized, state-based manner in which America’s election infrastructure was organized was making a unified national response to the Russian cyber campaign impossible.
Parochial distrust of officials in Washington and hyper-partisanship were also proving implacable.
Secretary of Homeland Security Jeh Johnson convened election officials from all fifty states on an August 15th conference call and floated the idea of designating electoral infrastructure as “critical infrastructure,” which would allow States to voluntarily opt in for better information sharing and easier access to federal resources.
The response was largely negative, with certain individuals even suggesting it was an attempt at a federal take over.
The Republican secretary of state in Georgia, Brian Kemp, accused Johnson of making a politically calculated move and attempted to persuade his counterparts to refuse any help from Washington. Kemp rejected the idea that Russia was interfering with the election in the first place.
Partisanship and distrust were becoming an insurmountable obstacle, infecting views on national security.
Throughout August and into September, John Brennan began briefing select individuals in the Congress about the Russian campaign.
Due to the sensitivity of the intelligence, he began by meeting with lawmakers one-on-one. House Minority Leader Nancy Pelosi was briefed on August 11th, followed by the Ranking member of the House Intelligence Committee Adam Schiff on the 17th and the Senate Majority Leader Harry Reid on the 25th.
When Brennan briefed several high-level Congressional Republicans he, like Jeh Johnson, was faced with partisan challenges almost immediately. While Paul Ryan took the briefing seriously, Adam Schiff’s Republican colleague on the House Intelligence Committee Devin Nunes of California seemed unconcerned and even dismissive.
“You’re trying to screw the Republican candidate,” Senate Majority Leader Mitch McConnell complained to Brennan during his briefing.
Shocked by McConnel’s partisan rejection of the CIA’s analysis, Brennan grew angry and the CIA Director and Senate Majority Leader began shouting at one another.
A day earlier, on September 5th, Obama confronted Putin directly at a meeting of the G20 in Hangzhou, China. With only their interpreters present, Obama told Putin “to cut it out,” and warned of “serious consequences” if they did not.
After being told by Obama that they knew what the Russians were up to, Putin indignantly responded by demanding proof and accusing the Americans of meddling in Russia’s internal affairs.
At a press conference later that day Obama obliquely referred to the exchange and issued a subtle threat.
“We’re moving into a new era here where a number of countries have significant capacities,” Obama said in reference to developments in cyber warfare. “Frankly, we’ve got more capacity than anybody both offensively and defensively.”
On September 8th, President Obama dispatched Lisa Monaco, James Comey and Jeh Johnson to brief the 12 senior Republican and Democratic lawmakers, some of whom like McConnell and Nunes had already been briefed by Brennan. The meeting took place in a secure, underground conference room.
After providing further details on the Russian interference campaign, the Obama administration officials brought up the idea of issuing a bipartisan statement in the hopes that it would inspire state election officials to take utilize the Department of Homeland Security’s cybersecurity services.
While the Democrats were enthusiastic about issuing a joint statement, the Republicans in the room refused, arguing that publicizing the information would amplify the impact of the Russian operation.
“You security people should be careful you’re not getting used,” Mitch McConnell protested.
Lisa Monaco interpreted the statement as McConnell suggesting that the intelligence about Russia was being exaggerated for political purposes.
McConnell went further, casting doubt on the intelligence itself and dismissing the Obama administration’s fears as being overblown.
Finally, McConnell threatened to publicly treat any statement issued on the matter of Russian political interference in the election as a political act. The Obama administration officials left the meeting distrubed by the partisanship they had witnessed.
In the second week of September, Obama invited the four highest ranking officials in Congress, Nancy Pelosi, Paul Ryan, Harry Reid and Mitch McConnell to the Oval Office. At the meeting, Obama requested that they issue a joint statement regarding the threat from Russia and encouraging states to take advantage of Department of Homeland Security resources.
McConnell refused, stating that elections were a state issue. Exasperated, Obama admonished McConnell that foreign electoral interference shouldn’t be a partisan issue but McConnell was unmoved.
After the meeting, Ryan drafted a statement that mentioned Russia by name. McConnell, however, refused to sign and sat on the statement for weeks, insisting that Russia not be named in the statement and that it say that the federal government wouldn’t be seizing control of state election infrastructure through the critical infrastructure designation.
Losing patience, California Democrats Diane Feinstein and Adam Schiff released a statement on September 22nd announcing that they had “concluded that Russian intelligence agencies are making a serious and concerted effort to influence the U.S. election” and that the “effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes of the election.”
When the joint statement that had been discussed weeks earlier was finally released on September 28th, it contained no mention of Russia.
In the relentless news maelstrom of the campaign and the politically balkanized media atmosphere, the statement came and went without attracting much attention.
At some point in September, Jim Comey offered to write an op-ed in which he would mention the Russian involvement in the release of the DNC emails as well as its intrusions into voting infrastructure, but was turned down by the White House.
As independent media reports began referencing Russian hacking operations against the election, however, the conversation in the White House turned towards considering the release of a public declaration about the Russian campaign.
Though Comey had earlier offered to write an op-ed, he cautioned that a public declaration might play into the Russians hands by raising doubts about the integrity of the election.
Jeh Johnson, on the other hand, argued that it would be an unforgivable scandal if, given what they knew, they said nothing and Trump won.
Eventually it was decided that Jeh Johnson and James Clapper would issue a joint statement. The document they ultimately produced stated that the DNC hack had been ordered by individuals at the highest levels of the Russian government. It also highlighted the fact that state electoral infrastructure had been proved and scanned, though didn’t explicitly link these activities to the Russian government.
The statement also claimed it would be “extremely difficult” for even nation state actors to alter the results of the election, which Johnson privately felt was misleading as in fact by altering the results a few important districts in swing states the Russians could in fact change the result of an election.
Those aware of the upcoming joint Department of Homeland Security and Office of the National Director of Intelligence statement fully expected it to be a big deal and attract significant media attention.
The statement was released at 3pm on October 7th. Unbeknownst to its authors and the Obama administration, October 7th was destined to become one of the most eventful and infamous days in American political history.
The news that the US intelligence community assessed that Russian government was behind the hacking of the DNC would, remarkably, barely make a ripple.
The next article will explore the momentous events of October 7th, 2016, and Trump’s stunning suprise upset victory in the election.