Cyber Security

Cybersecurity Experts: Trump Profoundly Misunderstands Hacking

US intelligence agencies and the private sector both say Trump's wrong to dismiss Russia

Cyber Security
Photo Illustration: Vocativ
Dec 12, 2016 at 11:50 AM ET

President-elect Donald Trump expresses a profound misunderstanding of foreign government hacking, experts in the field say.

“Unless you catch ‘hackers’ in the act, it is very hard to determine who was doing the hacking. Why wasn’t this brought up before election?” Trump wrote on Twitter Monday morning.

He was apparently responding to yet more news reports that Russian government forces were behind earlier hacks on Democrats, the fallout of which dominated media cycles at the time and hurt Democratic challenger Hillary Clinton, who narrowly lost the electoral college needed to win the presidency, though she still won the popular vote by more than two million. For months, Trump has repeatedly claimed that it is impossible to attribute those attacks to Russia.

But there are several fundamental errors in Trump’s claim Monday, experts say. For one, catching hackers “in the act” isn’t how experts usually attribute a major attack.

“It’s more difficult to catch someone in real time than forensically after an attack,” Khalil Sehnaoui, founder of cybersecurity firm Krypton Security, told Vocativ. “But determining who did it is not impossible and in most cases people get caught.”

Instead, experts often spend months meticulously compiling reports over exactly what a hacker did, how they did it, and what such a hack might have accomplished.

In June, the cybersecurity firm CrowdStrike, hired by the Democratic National Committee after Democrats noticed something might be amiss with their systems, first announced that they believed at least two distinct Russian government-related groups were the culprits. The Director of National Intelligence and Department of Homeland Security eventually concurred, with a joint statement saying it was “confident” that the “Russian Government” was behind the attacks. That assessment, however, only came months later, on Oct. 7.

But Trump’s implication that Russia wasn’t actually behind the DNC hack because they weren’t caught in the act is false also because CrowdStrike’s Chief Technology Officer, Dmitri Alperovitch, has said that they did, in fact, watch those attacks in real time in May before securing the DNC’s systems.

As a candidate, Trump routinely made gaffes widely seen as ridiculous in the industry. In one presidential debate against Clinton, he expressed his still-standing dismissal of attribution, saying that it was just as likely that the Democrats were hacked by “somebody sitting on their bed who weighs 400 pounds.” The “400 pound hacker” remains a recurring joke within the information security industry.

But even as president-elect, he seems unwilling to listen to experts who know more about the subject. Speaking on Fox and Friends Sunday, he confirmed media reports that he rarely attends daily intelligence briefings. Instead, he said, he attends sporadically, adding “I’m, like, a smart person.”

Many of the most powerful elected officials in D.C. agree that the concern over Russia tipping the U.S. election is worth a major investigation. Most Democrats on the powerful Senate Intelligence Committee have asked President Obama to at least partially declassify the intelligence community’s findings on the subject. Senators John McCain (R-Ariz) and Lindsey Graham (R-S.C.) have called for an investigation, and Obama himself has ordered a review.

Even Vice President-elect Mike Pence admitted in October there was “evidence” Russia was behind the hacks.

It would be particularly dangerous for the U.S. if its president doesn’t believe in attributing cyberattacks, Jake Laperruque, a fellow at the Open Technology Institute, a think tank that focuses on the intersection of technology and policy, told Vocativ.

“If Trump’s policy is that we cannot attribute cyber attacks to foreign adversaries, it will be difficult for the U.S. to properly retaliate against and deter cyberattacks from foreign adversaries,” Laperruque said.

“How can we level blame and sanctions the next time North Korea launches a cyberattack if the President says attribution is impossible?”