New Details in Mueller Indictment Confirm No One Was Ready
The attacks on the Democratic Party and the Hillary Clinton campaign in the 2016 election were not the first cases in which an adversarial foreign government had breached the private communications of a major presidential campaign. In 2008, the campaigns of both major party candidates, Barack Obama and John McCain, were hacked by the Chinese government using phishing emails to gain access. Those hacks largely focused on gathering intelligence in order to understand the internal positions of the campaigns and their most senior advisors.
One of the key takeaways from the timeline unveiled in the recent indictment of 12 Russian military intelligence agents is that, between 2008 and 2016, neither politicians, nor the media, and not even cyber security professionals adapted to the mounting evidence that tactics had changed and adversaries were ready to weaponize information.
The first major news of Russian hacking in the 2016 elections came on June 14, 2016 with a Washington Post exclusive report that laid out how Russian government hackers from two different spy agencies had penetrated the Democratic National Committee’s systems. According to that report, the DNC had been tipped to the hack in late April and “expelled” the hackers the second weekend in June “in a major computer cleanup campaign.” That article, however, advanced a major misconception: The attack was casually described as “an example of Russia’s interest in the U.S. political system and its desire to understand the policies, strengths and weaknesses of a potential future president — much as American spies gather similar information on foreign candidates and leaders.”
July’s indictment of 12 Russian nationals confirms some of the same facts the Post reported in 2016, but with new and important details. For example, we now know that one of the hacking groups gained access on April 18th of that year and that thousands of emails were stolen specifically “between on or about May 25, 2016 and June 1, 2016.” That timeline confirms that for more than a month, everyone involved in helping with the response to the hack must have shared the same misconception the Post presented, that this was simply a case of information gathering. Two years later, in a follow-up article after the recent indictments, the same reporter put the blame on the intelligence community, claiming that “weaponizing information — was the innovation, one that U.S. spy agencies did not see coming until too late.” No one had.
It’s easy to cast blame, but the truth is that after years of cyber-attacks all around the world, with many targeting our own government, everyone — including the press and those dealing with the hack — should have been better prepared. Consider some of the evidence:
Since 2007, it had been reported that Russia was using cyber-attacks against countries that had previously been occupied under the Soviet Union, including Estonia, Georgia, Ukraine, and Lithuania, and by 2014, a propaganda news agency dedicated to promoting bias and disinformation was launched. In Ukraine in 2014, a cyber-attack knocked out the country’s election commission just three days before a presidential election, and in 2015, that country’s electrical grid was attacked, leading to a blackout that affected hundreds of thousands of people. That same year, Chinese hackers gathered the records of more than 21 million American federal workers in a breach of the Office of Personnel Management (OPM).
The Sony Pictures hack in 2014 in particular was a well-publicized warning that adversaries were weaponizing stolen information. To be fair, some reactions did take place along the way. For instance, after the Target hack, U.S. senators considered requiring retailers to encrypt customer data. On the international stage, Estonia led the effort to build a NATO Cooperative Cyber Defence Centre of Excellence, an initiative supported by then-Secretary of State Hillary Clinton. Yet, the timeline laid out in last month’s indictment confirms that the conventional wisdom failed to weigh the cost of keeping servers online for weeks on end after an intrusion had been discovered, seemingly prioritizing the gathering of information on the intrusion rather than denying attackers access to sensitive information. That cannot happen again.
The president’s refusal to acknowledge the threat that cyber-attacks pose to our country likely ensures that the White House and executive branch are doing little to promote coordination, an exchanges of ideas, and best practices to help every sector of our society, economy, and democracy avoid repeating similar mistakes. Regardless, any organization dealing with our country’s sensitive information needs better options that compartmentalize and encrypt information in advance of attacks, and that establish alternative systems after an attack that don’t require saving compromised networks. Crisis management and crisis communications teams in the aftermath of an attack must also adapt to this new environment.
Some of that may be happening already, but with the rapid pace of technological advancements, even the best encrypted and protected systems today could become vulnerable in the near future. While the indictments rightly focused on the hackers, we must learn from what can be inferred about the response and stay ahead of the next attack. It is certainly coming.
Luis Miranda is a Political Partner with Truman National Security Project, Managing Director of Ambassador Public Affairs in Washington, DC, and served as Communications Director for the Democratic National Committee during the 2016 election cycle. Views expressed are his own.
