The Morning Jolt

National Security & Defense

Hackers Strike Again

(Kacper Pempel/Reuters)

On the menu today: The Electoral College gathers today, and the Cleveland Indians will cease to exist under that moniker after 2021. But we will start with the kind of story that won’t get as much attention as, say, what title the First Lady uses, because it is complicated and technical. Sadly, complicated and technical are not synonyms for “inconsequential.”

The Acting Executive Branch Is Inactive

Back in 2015, I quoted an unnamed defense contractor’s assessment of the hack of the U.S. Office of Personnel Management: “The OPM hack was just the start and it won’t be the last.” That hack was widely described as the “cyber Pearl Harbor” and yet . . . most Americans didn’t notice. A bunch of Russian ads on Facebook stirred more Americans to anger than hackers — believed to be affiliated with the Chinese government — stealing personnel data and Social Security numbers for every federal employee.

This morning, we awaken to the sequel:

The Trump administration acknowledged on Sunday that hackers acting on behalf of a foreign government — almost certainly a Russian intelligence agency, according to federal and private experts — broke into a range of key government networks, including in the Treasury and Commerce Departments, and had free access to their email systems.

Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material.

The Washington Post had more details:

Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, according to people familiar with the matter.

The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service, the SVR, and they breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration . . .

SolarWinds products are used by more than 300,000 organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website.

Its clients also include the top 10 U.S. telecommunications companies.

Reuters reported the hack prompted a National Security Council meeting at the White House on Saturday.

Protecting government systems is part of the job of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency — which in fact responded Sunday night by telling all federal civilian agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.

You probably heard that President Trump fired CISA director Christopher Krebs on November 17, after Krebs publicly declared that the election systems were secure and that there was no evidence that Venezuelans or anyone else had gotten into the software and changed votes from Trump to Biden.

There’s been a lot of turnover at CISA since the election. Deputy director Matthew Travis resigned after Krebs’s firing. According to the Wall Street Journal, “Assistant Director Bryan Ware was recently forced out by WH, too — though not due to the election.” CISA’s acting director is Brandon Wales.

Beyond CISA, almost the entire top-level of the Department of Homeland Security is operating in an acting capacity right now, and has done so for many months. DHS has an acting secretary, an acting deputy secretary, an acting chief of staff, an acting general counsel, an acting undersecretary of management, an acting undersecretary for science and technology, an acting undersecretary for intelligence and analysis, an acting director of U.S. Citizenship and Immigration Services, an acting commissioner of U.S. Customs and Border Protection, and an acting director of U.S. Immigration and Customs Enforcement. As of September, at least 15 officials in the executive branch had served in “acting” capacity longer than the time allotted under the Federal Vacancies Reform Act — 210 days. The president doesn’t care about who is in these jobs, and it shows. Apparently, no one around him can get him to care, either.

Russian hackers would have targeted U.S. secure computer systems whether the president had formally nominated those acting officials or not, and whether the Senate had confirmed those DHS officials or not. And this hack appears to have started months ago, on the watch of some of those recently dismissed officials.

But in the Trump administration, we have a more extreme version of the problem of cybersecurity in most administrations: No one whose duties don’t specifically involve cybersecurity cares about the topic until something goes wrong. But the way you prevent something going wrong is to care about it before something goes wrong. The president’s preeminent focus is what is being said about him on cable-news networks and in the New York Times. Everyone under him knows that this is what matters to him. Everything else . . . is way down on the priority list and easily ignored.

On Saturday, the day the National Security Council met to discuss the hack, President Trump insisted he won reelection in a landslide, complained about Attorney General William Barr not telling the public the truth, and asked his Twitter followers which Republican governor was worse: Doug Ducey or Brian Kemp, contending the two governors “fought against me and the Republican Party harder than any Democrat.

There’s an old Arab proverb: “The dog barks, but the caravan moves on.”

This Update Just Handed to Me: The 2020 Election Is Still Over

The votes have been counted and, in some places, recounted. All 50 states have certified their vote counts. The Trump campaign has had its day in court — many days, in many courts, with almost no success. Andy McCarthy notes that in Wisconsin, “Despite telling the country for weeks that this was the most rigged election in history, the campaign didn’t think it was worth calling a single witness. Despite having the opportunity of a hearing before a Trump appointee who was willing to give the campaign ample opportunity to prove its case, the campaign said, ‘Never mind.’” Friday evening, the Supreme Court summarily denied Texas’s motion to file its complaint. The election certification and Electoral College deadlines are not suggestions. The legal challenges to the election results have been exhausted.

The editors of the Wall Street Journal declare, “There’s a time to fight, and a time to concede. Mr. Trump has had his innumerable days in court and lost. He would do far better now to tout his accomplishments in office, which are many, and accept his not so horrible fate as one of 45 former American Presidents.”

Today, the electors will meet and cast their votes. We may have a few rogue electors here and there; last cycle, five Hillary Clinton electors went rogue, and two Donald Trump ones did. The Supreme Court has upheld state penalties against “faithless electors,” and these detestable narcissists should pay a price for violating their oaths.

There are still a few Republicans who think the House should challenge the election results of five states and vote to disqualify the results in Pennsylvania, Georgia, Nevada, Arizona, and Wisconsin. Several House Democrats attempted this in 2016, alleging certain state results should be disqualified because of Russian interference in the election. No senator joined their challenge.

Cleveland Indians’ Farewell Season

This coming season will be the last for baseball’s Cleveland Indians: “A source confirmed to that the club will announce this week its intention to play under the same name and uniforms through 2021, but will drop ‘Indians’ after the upcoming season. A new name has not yet been decided.”

Indians president of baseball operations Chris Antonetti said on Dec. 3 that the club was working through a process that could eventually lead to a name change.

“We wanted to make sure we were thoughtful in connecting with all the different stakeholders, and we’ve been engaged in those conversations over the course of the last several months,” Antonetti said. “I have personally participated in some of those and have been enlightened by some of those. We’ll continue that process and once we’re at a point where we have more information we’ll certainly (share) that.”

(Notice that the article on the Cleveland Plain-Dealer’s website still refers to Antonetti as “Indians president of baseball operations.”)

You’re going to hear a lot of angry tirades about political correctness in the coming days. Some of us will notice that renaming a team usually generates a surge in sales of new apparel and team merchandise — so an owner who renames a team doesn’t just get “woke” points, he also likely gets higher profits in the years after a name change. Of course, the condition of Native Americans, coast to coast, will be pretty much the same when the team has a new name. But symbolism is always easier to confront than reality.

ADDENDUM: Over on Amazon, a review of Hunting Four Horsemen I swear I did not write myself, and that I’m fairly sure is not one of my blood relatives:

In this series, Geraghty has this way of writing about serious stuff, making you take it seriously, and yet also making you laugh constantly. Like the best possible approach to the only life we’ve got. His research is tight and his pop culture references perfectly timed.


The Latest