Monday, March 19, 2018
"Russian Roulette" - Second Excerpt
In my initial post on Isikoff and Corn's new book, "Russian Roulette," I described it as a recapitulation of facts we already knew but placed in a much clearer light by chronological alignment that enhances context.
Now, as I'm well into the second third of the book I'm appreciating it all the more. It really is a good and helpful read. Interspersed with stuff we know is the odd gem we probably haven't previously heard of because it wasn't made public at the time and for good reason. This excerpt deals with one of those.
It relates to a successful Russian effort to hack the White House in the fall of 2014. Nothing new there. Russia and others routinely try to hack the White House. This hack, however, was different.
For years, US officials had been grappling with Russian cyber intrusions. As far back as 1996, Russian hackers penetrated Defense Department networks and stole documents that, if piled up, would be three times the height of the Washington Monument. In the 2000s, the Chinese were perceived as the biggest cyber threat to the United States - they were stealing data from government databases and American companies practically at will, prompting concerns about a massive theft of USA intellectual property. But the Chinese were noise about it. They left readily identifiable fingerprints. Ledgett, though, had long since become convinced that the Russians were the more sophisticated and stealthy adversary. When it came to cyber intrusions, 'the Chinese would break into your house, smash the windows and steal your cutlery,' he later explained. 'The Russians would pick your lock, reset the alarm, and steal the last five checks in your checkbook so you wouldn't even know they were there.'
This latest Russian assault began as a spearphishing operation aimed at State Department computers. A department employee somewhere opened a spoof email and clicked on an attachment embedded with malware. From there, the malware spread to computers throughout the State Department and US embassies. The department had to shut down its non-classified global network, leaving foreign service officers unable to access their emails. Then the malware jumped to the unclassified network of the White House.
...Once into the networks, the Russian attackers had obtained system administrator privileges and begun writing new code to exfiltrate data. They targeted State Department and National Security Council officials dealing with Russia policy, the war in Syria and the Ukraine crisis, including a previous target of Moscow: Victoria Nuland. They stole a tremendous amount of documents. Obama's private schedule was accessed, downloaded, and beamed back to Moscow.
Holed up in an NSA war room dubbed the 'Battleship,' Ledgett and his colleagues worked around the clock to expel the intruders. But it proved far more difficult than before. When NSA cyber defenders cut the links between the Russians' command and control server and the malware in the networks, the invaders kept coming back, inserting more malware and retrieving more data. 'It was hand-to-hand combat,' Ledgett later observed. 'It was like a fencing match - with thrust and counterthrust.' In past cyber-attacks, the hackers usually fled once discovered. This was different.
At the White House, Daniel, too, was struck by the Russians' new aggressiveness - and their noisiness. 'It was almost like they double-dared us,' he recalled. 'They became even more brazen. They didn't care that we could see them. The Russians had made a strategic decision, and they were sending us a signal.'
As soon as he had learned of the breach, Daniel alerted White House chief of staff Denis McDonough. For the next few weeks, Daniel, McDonough, and Lisa Monaco, Obama's homeland security adviser, met repeatedly to formulate a response. Most of the discussion centered on cyber defense. The White House team concluded there was no way to preserve the existing White House computer network. The cyber experts working on the case could never guarantee that the Russians were completely expelled. The only solution was to burn it down.
That meant turning the system off and replacing it - a project that cost several million dollars. White House staffers lost access to their shared drive folders and the memos and notes they had stored. The full story of this cyber battle would be kept secret.
With all the revelations in recent days about Cambridge Analytica, Facebook, the Russians and the Trump campaign, Robert Mercer and Steve Bannon and that geeky kid from Victoria, BC, Chris Wylie, I expect Corn and Isikoff are busy preparing a second edition of "Russian Roulette."
The game is afoot.