Secretary of State Mike Pompeo became the first member of the Trump administration to accuse Russia of cyberattacks against American federal agencies on Friday, days after both Democratic and Republican lawmakers attributed the attacks to the Kremlin.
“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” he said on the Mark Levin Show, a conservative talk radio show.
“We’re still unpacking precisely what it is, and I’m sure some of it will remain classified,” Pompeo said. “But suffice it to say, there was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems and, it now appears, the systems of private companies and governments across the world, as well.”
As first reported by Reuters on Sunday, hackers breached systems within the US departments of Homeland Security, State, Commerce, Energy, and Treasury. It has since been discovered that the attacks, conducted by hacking a network management software operated by SolarWinds, also affected thousands of smaller entities, including a county government in Arizona.
As Vox’s Alex Ward has reported, the cyberattacks may date back to March, and allowed access to the part of the Energy Department that oversees America’s nuclear arsenal. Citing cybersecurity experts, Ward described it as “one of the largest and most brazen hacks in American history,” and potentially part of a larger global espionage effort.
President Donald Trump has been slow to speak publicly about the hack. In his interview Friday, Pompeo claimed that this is strategic.
“I saw this in my time running the world’s premier espionage service at the CIA. There are many things that you’d very much love to say, ‘Boy, I’m going to call that out,’ but a wiser course of action to protect the American people is to calmly go about your business and defend freedom,” he said.
Saturday, however, Trump suggested on Twitter that the information Pompeo shared might not be correct, writing, “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”
The president also claimed, “The Cyber Hack is far greater in the Fake News Media than in actuality,” and that the hack could be evidence of vote manipulation during the November election. In reality, however, cybersecurity experts have stressed the hack is of grave concern, and election experts have found no evidence of fraud amid numerous recounts.
The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of….
— Donald J. Trump (@realDonaldTrump) December 19, 2020
….discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo
— Donald J. Trump (@realDonaldTrump) December 19, 2020
Ahead of his tweets, lawmakers of both parties were critical of Trump’s lack of response. Sen. Mitt Romney (R-UT) said on Thursday that it was “stunning” that the White House had not yet responded.
And Sen. Mark Warner (D-VA) said in a statement Friday that “it is extremely troubling that the President does not appear to be acknowledging, much less acting upon, the gravity of this situation.”
As the federal government works to understand what damage may have been done due to the breach, it has been reported that the US will shutter two consulates in Russia. The move was reportedly decided upon shortly before information emerged about the cyberattacks — the decision was shared with lawmakers in a memo dated December 10.
The memo cites staffing issues as the reason for suspending their operations, as reported by CNN.
The State Department “intends to take these steps in response to ongoing staffing challenges for the U.S. Mission in Russia in the wake of the 2017 Russian-imposed personnel cap on the U.S. Mission and the resultant impasse with Russia over diplomatic visas,” according to the notice.
After the US consulate in Vladivostok is closed, and operations are suspended at the Yekaterinburg consulate, the US embassy in Moscow will be the last remaining US outpost in that country. What actions the US will take in direct response to the breach remains to be seen.
Biden has promised retaliation — but first the US may have to rebuild its networks
In the wake of the attacks, many cybersecurity experts say that the US must rebuild its networks.
But destroying the compromised networks and rebuilding them could take months, experts told the Associated Press, because doing so would require identifying every single system that may have been hacked.
“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” Bruce Schneier, a cybersecurity expert based at Harvard, told the AP.
And the fallout could take years to fully clean up, wrote Thomas Bossert, Trump’s former homeland security adviser, in a New York Times op-ed on Wednesday.
“It will take years to know for certain which networks the Russians control and which ones they just occupy,” Bossert wrote.
At least 18,000 organizations were infected with malware that targeted the SolarWinds software. In addition to the US agencies affected, large companies, businesses, and organizations — including Microsoft and Cisco Systems — were also hit.
And on Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) suggested there could be further damage to the US’s information security. Saying SolarWinds software was not the only method by which hackers entered organizations, CISA described the sustained attacks as “a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
Later on Thursday, President-elect Joe Biden said that he will retaliate against those responsible, although he did not specify whether he meant individual actors or the Russian government as a whole.
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.”