Donald Trump’s first press conference in 5 months and 15 days was a wild ride of question deflection, confusing legal statements about blind trusts, and name calling (BuzzFeed is a pile of garbage, apparently), but the President-elect eventually, briefly talked about Russia’s breach of the Democratic National Committee.
And although Trump finally admitted that Russia was the culprit, maybe due to finally meeting with U.S. intelligence officials, his statements exposed a major flaw in his thinking about the cyber security of government agencies.
When Trump was asked if he accepted that Vladimir Putin was behind the hacks of the DNC and Republican National Committee, Trump stated that it was performed by Russia, but he turned the admission into a diversion towards China saying:
“As far as hacking, I think it was Russia. But I think we also get hacked by other countries and other people. And I I can say that you know when — when we lost 22 million names and everything else that was hacked recently, they didn’t make a big deal out of that. That was something that was extraordinary. That was probably China.”
The hack he’s referring to happened in April 2015 when Chinese hackers breached the U.S. Office of Personnel Management, stealing the personal information of 22 million people. What we know about the hack now suggests that it originated in a hack on a government subcontractor back in 2013, which allowed the attackers to use employee credentials to steal the information. The Department of Homeland security beefed up the cyber-protection of U.S. agencies with a program called EINSTEIN3 in response. It was kind of a big deal.
And after blowing past the implications of Russia’s hack of the DNC and attempt at hacking the RNC, Trump suggested that the DNC was hacked because it wasn’t as secure as the RNC.
“And I have to say this also, the Democratic National Committee was totally open to be hacked. They did a very poor job. They could’ve had hacking defense, which we had.”
The email hack of the DNC by Russia involved making a domain name similar to the one used by the DNC, and using it to trick people into entering their passwords into the wrong site. It’s a hack that takes advantage of human nature and mistyping of domain names. Similar tactics were used against the RNC, but on old domains and they were far less aggressive — which makes Trump’s next statement about the hack pretty misleading.
“And I will give Reince Priebus credit, because when Reince saw what was happening in the world and with this country, he went out and went to various firms and ordered a very, very strong hacking defense. And they tried to hack the Republican National Committee and they were unable to break through. We have to do that for our country. It’s very important.”
While Trump is trying to make it sound like the DNC was less prepared than the RNC, the FBI says that the attack on the RNC was significantly less aggressive than the attack on the DNC. And since it’s been reported that the hackers seemed to only be going after email accounts that the RNC was no longer using, it was not necessarily the strength of the RNC’s “hacking defense” that saved them.
But Trump is certainly right about one thing – it is very important that foreign powers can’t hack into our election systems and our government. Let’s just hope his plan to assemble the “greatest computer minds anywhere in the world” to form a hacking defense works. He is going to have to figure out who they are first, though.