President Obama (White House photo)
WASHINGTON – When President Trump asked why the Obama administration didn’t do anything to stop Russian hacking in the lead-up to the 2016 election, he bluntly raised a question many of the key players behind the “collusion illusion” would rather Americans just plain forgot or never learned.
Not only did the largest hacks of government databases and infrastructure take place on Barack Obama’s watch, but even the nation’s top intelligence and national security officials were themselves hacked – in some cases even by rank amateurs – in one case, by a teenager.
Everyone, of course, remembers how Secretary of State Hillary Clinton’s insecure, protocol-breaking private email server was compromised. But she was hardly alone among top Obama officials – like CIA Director John Brennan, who was hacked by a 15-year-old kid from the United Kingdom. And, of course, while the federal government was warning the private sector to take cybersecurity seriously, the U.S. Office of Personnel management suffered the biggest hack in history in which the personal data of some 21.5 million employees, military service people and former federal government staffers was compromised.
If indeed Russia actually conducted dirty cyber tricks, as alleged, it happened on Obama’s watch. It happened before the election. Obama’s national security officials watched it and did nothing.
Interestingly, there is no special counsel investigating that kind of “collusion” by omission. There are no congressional hearings on it. And there is no media concern.
In fact, the Obama’s eight years represented a hacking nightmare, a cybersecurity scandal and some of the loudest anti-Trump voices were not only responsible, but victims because of their own negligence for violating their own rules and protocols.
Let’s review what received little media attention in the U.S. at the time or since.
In September 2016, U.S. authorities arrested two North Carolina members of the “Crackas With Attitude” group involved in hacking CIA Director Brennan’s personal email account and leaking sensitive files including a top-secret application for a security clearance, as well as other senior officials at the Department of Homeland Security and the FBI. The hackers leaked the personal details of 31,000 government agents belonging to nearly 20,000 FBI agents; 9,000 Department of Homeland Security officers and some Department of Justice staffers. The attacks took place in October 2015. “In some instances, members of the conspiracy uploaded private information that they obtained from victims’ personal accounts to public websites, made harassing phone calls to victims and their families and defaced victims’ social media accounts,” the government announced at the time. According to the FBI officials, between October 2015 to February 2016, the hacking group used social engineering in order to trick the victims into revealing their account number, password and other details.
In January 2016, a hackers associated with the same group accessed personal email and phone accounts belonging to the director of National Intelligence, James Clapper. The group also broke into the AOL email of the FBI Deputy Director Mark Giuliano. They also broke into Clapper’s and his wife’s emails, home phone and internet connection. While in control of Clapper’s FIOS connection, they said they redirected all calls to his number to the Free the Palestine movement.
How did the CIA director, the director of National Intelligence, officials of DHS and the 31,000 FBI agents get hacked?
It gets worse. For CIA Director Brennan, who recently called President Trump’s meeting with Russian leader Vladimir Putin “treasonous,” it was the second time his personal email account was hacked. The first time was by a 15-year-old British hacker, a story that received virtually no media coverage in the U.S. The teenager, Kane Gamble, was sentenced to serve two years at a youth detention center. UK authorities arrested him in early 2016, and he pleaded guilty to 10 hacking charges in October 2017. In addition to sentencing the now-18-year-old to two years in prison, the judge also ordered his computers to be seized. Kane also impersonated his victims and called internet and phone providers’ customer support hotlines to get confidential info and to reset their targets’ passwords. Kane stole 40 attachments from Brennan’s email, some of which were published by Wikileaks.
When the CIA director and his boss, the director of National Intelligence, along with 21,000 FBI agents are hacked, one of them by a 15-year-old boy, it makes you wonder how much credibility the intelligence community has in their certainty about Russia leaking hacked documents from Hillary Clinton and the Democratic National Committee. As President Trump tweeted: “Julian Assange said ‘a 14 year old could have hacked Podesta’ – why was DNC so careless?”
Office of Personnel Management Director Katherine Archuleta resigned in July 2015, a day after revealing the largest government data breach in American history. She got the job directing all human resources management for the federal government – from recruitment, hiring, development and support – after serving in Obama’s re-election campaign in 2008. The attack has been attributed to the Chinese government. But, once again, there were no consequences – other than Archuleta’s resignation. Ironically, the next year she got a job partnering with nation pollsters to assess the views and opinions of Latino voters through her company – Latina Data Project.
“This erodes confidence going forward that the federal government will be able to protect federal employees,” said Democratic Sen. Barbara Mikulski of Maryland after the devastating attack. The National Treasury Employees Union, which has sued over the breach, said the government’s offer of three years of fraud monitoring was woefully inadequate.
The union “continues to be outraged that so many of our members have had their personal information compromised due to these breaches,” union president Colleen Kelley said. “We will continue to pursue our lawsuit to provide lifetime credit monitoring and identity theft protection.”
An OPM statement noted that for anyone who underwent a background investigation in 2000 or later, “it is highly likely that the individual is impacted by this cyber breach.”
Indeed, it gets worse still. Even Barack Obama’s Twitter account and campaign emails were hacked in 2013 by an outfit that called itself the Syrian Electronic Army.
His organization, Obama for America, downplayed the damage, saying “Only the links within our tweets had been hacked. At no point did they have access to the twitter handle,” an official said. The group decided to beef up security as a result – going to Google’s two-step authentication.
Only after Obama had left office did NBC News break the story of China’s cyber spies accessing the private emails of “many” top Obama administration officials. The email grab – first codenamed “Dancing Panda” by U.S. officials, and then “Legion Amethyst” –- was detected in April 2010, according to a top secret NSA briefing from 2014. The hack was so widespread, it forced Google to acknowledge that the private Gmail accounts of some American officials had been comprised in 2011, and the recent NSA briefing made it clear that several email accounts from various providers were also compromised. The attacks began around the same time Hillary Clinton’s private email server was compromised.
In August 2015, the news broke that China successfully broke into more federal government databases. Just days after the reported spear-phishing attack on the Pentagon’s joint staff email system, which exposed some 4,000 civilian and military employees and was attributed to Russia, NBC News reported that a separate set of Chinese hack attacks targeted the personal emails of “all top national security and trade officials.” These attacks – among the more than 600 hacks attributed by officials to hackers working for the Chinese government – sought personal email info from top administration officials and began in 2010.
“The U.S. government has proven itself incompetent when it comes to protecting its data,” said Evan Greer of advocacy group Fight for the Future. “Information sharing bills like Cisa would make us even more vulnerable by dramatically expanding the amount of private data the U.S. government keeps in its databases and the number of government and law enforcement agencies who would house that data.”
There were other successful cyberattacks during Obama’s eight years – including the White House, the U.S. Postal Service, the State Department, the FDIC and even the National Oceanic and Atmospheric Association.
A pattern of downplaying cyberattacks developed through most of the Obama years. So, it shouldn’t be a surprise that, once again, in the fall of 2016, when the intelligence agencies detected what they claim was Russian hacking connected to the presidential election, that the administration said nothing and did nothing. Both Democrats and Republicans took issue with Jeh Johnson, the former secretary of DHS, when he explained: “One of the candidates, as you recall, was predicting that the election was going to be ‘rigged’ in some way. We were concerned that by making the statement we might, in and of itself, be challenging the integrity of the election process itself.”
Of course, Jeh Johnson knows something about hacking. Not only was it his job to protect Americans from cyberattacks during his time directing DHS. He was also another victim of that 15-year-old kid from England.