The first White House meetings following the Democratic National Convention leaks took place in a secure, classified conference room in the Eisenhower Executive Office Building, an architectural anomaly that Mark Twain called the ugliest building in America. The building's late-1800s French Second Empire style is simultaneously monolithic and gaudy with a double-pitched mansard roof, cast-iron columns, and granite façade dominated by cookie-cutter windows. A tunnel connects the White House to the building and the beehive of government employees who wind through its tiled corridors and who are cloistered in 550 offices spread out over two miles, some with cast-insignia doorknobs indicating whether they once belonged to the War, Navy, or State Department. The “Old Executive Office Building” now houses representatives of the Office of the Vice President, the Office of Management and Budget, and the National Security Council who may occasionally play a game of tenpin in the Truman bowling alley in the basement—but don't always share information.1

It isn't surprising, then, that among the dozens of people in the conference room, including members from the FBI, CIA, NSA, DOD, State, ordinary policy wonks, and anyone else you'd find at a national security meeting, nobody knew what others knew or when they had found out about it. Information wasn't restricted as much by security clearance as by party affiliation. Those involved with the Democratic National Committee (DNC) were more likely to have been tipped off. Polarization between White House policy and political campaigns is intended to protect the integrity of US elections. This is one of several staples of our democracy that now makes us vulnerable to attack.

It was surprising to find out that nobody in that room seemed to know much about the hacks. The Russian influence campaign didn't start with the cyberattack on the DNC's computer networks, though that seemed to be the point at which White House officials first took notice. The breach of the computer systems had been in the works for years. The Russian hackers gained access to DNC computers in the summer of 2015. They maintained access to the DNC networks until at least June 2016.2 Russian military intelligence then compromised the personal email accounts of Democratic Party officials and political figures. By May 2016, US intelligence officials assessed that the hackers had stolen “large volumes of data from the DNC.” The hackers’ dormant code had activated and “come to life.” The Russians’ cyber fingerprints were all over the DNC computer systems.³

Michael Daniel, who was then special assistant to President Barack Obama and was White House cybersecurity coordinator, admits that he first found out about the hacks from an article in the Washington Post on July 23. He then penciled the investigation onto the agenda of the regular Cyber Response Group.⁴

Daniel explained that the White House had been expecting election-related cyber-espionage, nation-state hackers mining for intelligence, which is what happened during the 2008 and 2012 election cycles.⁵ The way WikiLeaks was circulating this information publicly, however, was unprecedented. Accordingly, we knew neither who was behind it nor what the hacker's endgame was. The intelligence groups sloughed through scenarios. They first tried to determine if the hacker left a kind of cyber fingerprint, a pattern that could lead them to him/her.

“We start raising the question of, okay, what's the actual threat here? What's actually happening? And can we understand? The first couple of questions are going to be like, so who the heck do we actually think Guccifer 2.0 is? You know, do we really think he's a Romanian hacker?” Daniel said, and laughed.

It was information warfare that heaped another level of absurdity on an already absurd year. Guccifer 2.0 associated his name with “Guccifer,” a Romanian hacker named Marcel Lazar, and claimed to be a Romanian himself who had no ties to Russia. This is a comparison akin to a teenage tagger in Nebraska claiming to be associated with legendary New York graffiti artist Banksy.6

The investigating firm CrowdStrike gave the hackers the code names of children's stuffed toys. Guccifer 2.0 and his counterpart DCLeaks are believed to be linked to a Russian cyber unit security experts have come to call Fancy Bear or APT28 (Advanced Persistent Threat—a high-level, generally state-sponsored hacker). Simultaneously, another Russian cyber unit nicknamed Cozy Bear or APT29 is believed to have quietly embedded itself in the DNC and other government and political networks.⁷

“Was this an inside job?” Daniel said this question was brought up.⁸

They tried to determine how vulnerable we were.

“If the goals were to disrupt our elections in some way, how would you do that? And what do we need to do to protect ourselves against that?” Those were just a few questions White House officials at the time were trying to answer.

“What would a misinformation campaign look like?”

More experts were invited into the room. Edward Felten is a Princeton professor, a computer wunderkind who trades in his tweed sports coat for a navy-blue suit when called into the White House to assume his post as deputy chief technology officer. He has a physicist's brain that somersaults over cyber terrain, and his work tends to anger company head honchos by proving their systems aren't impenetrable. As witness for the US government in the antitrust lawsuit against Microsoft, he demonstrated nineteen ways it was possible to remove the Internet Explorer function from Windows without damaging the operating system.⁹ He broke a digital watermark created by Secure Digital Music Initiative, a forum of companies and IP professionals developed in 1998, to quash music piracy over the internet. The group, in September 2000, had put out a letter to IT professionals challenging them to break the watermark, and Felten's team claimed to have done so.¹⁰ Felten also identified critical problems with the accuracy of Sequoia voting machines in New Jersey and demonstrated how they could be easily hacked and compromised.¹¹

Felten helped the group to conclude that although voting machines could be hacked, they weren't likely a target. The hacker would have to know the specific location he/she wanted to target ahead of time and would have to predict how close the election will be in that locality. You'd have to rig the system to flip enough votes to change the outcome but not set off warning alarms.

In later meetings, the Cyber Response Group queried the Russia director at the National Security Council (NSC) and Russia experts at various agencies. They wanted to figure out what the Kremlin's strategic goals might be.

“They were talking about this idea of sort of disrupting and undermining confidence in the electoral process being one of the top goals. There was the discussion pretty early on that Vladimir Putin particularly hates Hillary Clinton—like, at a very personal level,” Daniel said. “That was certainly acknowledged as a factor.”12