Russia talk is FAKE NEWS put out by the Dems, and played up by the media, in order to mask the big election defeat and the illegal leaks!
—@realDonaldTrump, February 26, 2017
I never said Russia did not meddle in the election, I said “it may be Russia, or China or another country or group, or it may be a 400 pound genius sitting in bed and playing with his computer.” The Russian “hoax” was that the Trump campaign colluded with Russia—it never did!
—@realDonaldTrump, February 18, 2018
In the spring of 2016, Robert Hannigan was eighteen months into his job as director of GCHQ—Britain’s equivalent to the NSA—and he was getting accustomed to the rituals of the job. His past service to the government had been radically different: seeking peace in Northern Ireland under Prime Minister Tony Blair and adjudicating among bitterly competing British intelligence agencies at 10 Downing Street. But then he had been sent to one of those agencies, the Government Communications Headquarters, the blandly named bureaucracy that was still living off its reputation as the agency of brilliant oddballs who had cracked the German codes with the Enigma machine during World War II, and saved Britain.
Hannigan’s job was to bring GCHQ into the twenty-first century, the century of cyber conflict. Past heads of GCHQ barely communicated with the public, but on his first day on the job Hannigan took a direct shot at Silicon Valley firms in a column in the Financial Times. “However much they may dislike it,” he wrote, “they have become the command-and-control networks of choice for terrorists and criminals,” and must learn how to cooperate with the intelligence agencies of the Western democracies. Yet once he settled into the job, he found a player who worried him more than Facebook and Google: Vladimir Putin.
Hannigan thought Putin was causing a “disproportionate amount of mayhem in cyberspace.” His staff of thousands of code breakers, signal-intelligence officers, and cyber defenders had soon learned to place the raw evidence of that mayhem atop the pile of intelligence they brought him each day, culled from their own piles of intercepted computer messages and phone calls.
On this particular day, around Easter in 2016, a series of messages plucked out of the Russian networks stood out.
In the inartful terminology of the digital world, it was mostly “metadata,” Hannigan’s staff told him. To Hannigan’s frustration, he could not see its actual content. But it was clear that the traffic was controlled by one of Russia’s premier intelligence agencies, the GRU, the aggressive military intelligence unit whose activities GCHQ tried to monitor around the clock.
What struck Hannigan, though, was where the messages appeared to have originated: the computer servers of the Democratic National Committee.
When Hannigan sorted through the message traffic, pausing to examine what would turn out to be a historic intelligence intercept, he was deep inside “The Doughnut,” the Brits’ affectionate name for the bizarre, round Cheltenham headquarters of GCHQ. From the air, the building actually looked more like a spaceship, as if aliens had decided to drop in on the quaint pubs of the Cotswolds: Stow-on-the-Wold and Bourton-on-the-Water, the Shakespearean-era villages just down the road. The Doughnut’s design was very Silicon Valley; once inside the secure zone, everyone worked in the open, cross-pollinating ideas.
Of the thousands of communications GCHQ intercepted every week or so, more and more from Russia were pulled out and placed atop the daily pile on Hannigan’s desk. Like the CIA and NSA, British intelligence agencies had been surprised by the speed and stealth of Putin’s annexation of Crimea in 2014. NATO nations were worried enough about stepped-up Russian bomber and submarine runs along the European coast—something they had not seen since Soviet days—that they had to devote more resources to tracking them all.
“We had gotten pretty complacent about Russia,” one of Hannigan’s national security colleagues told me. “There was still this overhang from the ’90s that somehow the Russians would come to their senses and join the West and become our economic partners. Even when they attacked Georgia in 2008, people shrugged it off. It took a long time for reality to set in.”
The Baltic states on Russia’s edge now appeared, in the British official’s words, a “vulnerable gray zone” that Putin would seek to destabilize. Soon after arriving at GCHQ at the end of 2014, Hannigan began pressing for more intercepts, more “implants” in the networks to which Britain had unique access, one of the last benefits of a dismantled British Empire. Every day came a torrent of new material: messages fleshing out Russia’s support for the Syrian government of Bashar al-Assad, its maneuvers off Finland, its submarine runs.
To Hannigan, it was all new and fascinating. His background wasn’t in intelligence; it was in the intersection of politics and national security. At first glance, he was easily mistaken for the very model of the polished British bureaucrat: buttoned down, with the perfect pedigree for a job that was all about discretion. To one of his aides inside the Doughnut, Hannigan’s best attribute was a “puckish sense of humor about the ridiculousness of much of what we do in the intelligence business.”
Though Hannigan was no intelligence professional, he was put atop GCHQ because David Cameron, the prime minister, had come to rely on his judgment after years at 10 Downing Street. Already, Hannigan had broken a lot of china at the hidebound and overly secretive agency. The agency was born after World War I as the “Government Code and Cypher School,” which pretty well defined its role in the twentieth century. Hannigan was born twenty years after World War II had ended, and it was his job to push GCHQ to figure out its role in the cyber age. It had survived since the glory days of Enigma at Bletchley Park, decoding messages and intercepting calls, but in a new era when defense and offense had blended, merely intercepting conversations was not enough.
So Hannigan began reorganizing GCHQ’s structure and moving it beyond its roots in signals intelligence. He realized that, like the NSA, GCHQ needed to up its game in cyber skills—specifically “network exploitation” and “network attack.” Month by month, Hannigan tried to push the agency into the future. On his watch, GCHQ scraped ISIS recruiting messages off their servers around the world. Hannigan particularly enjoyed seeing transcripts of ISIS cyber lieutenants fuming that they could not get into their own recruiting and communications channels.
Cheltenham, on the edge of the Cotswolds, is a place of splendid isolation, and with his family remaining in London, Hannigan had plenty of time to dig deep on the Russia intercepts. The one containing DNC data was a particular mystery.
“It didn’t tell us much,” he recalled. “It told us there was an intrusion, and something had been taken out of the committee. But I had no way of knowing what.”
As Hannigan looked at the intercepted Russian communications from the DNC, it was his sense of history that made them stand out. He was only seven years old when the Watergate scandal broke, barely aware of the headlines from across the Atlantic. But he had become enough of a student of history and politics at university to immediately grasp the import of what the Russians seemed to be doing. “The DNC meant something to me,” he said. “And it was an odd target.”
It was unclear what they were looking for. The DNC wasn’t a place to get military secrets, or even much policy. It was essentially a place to redistribute cash to campaigns. The goal was a mystery.
Hannigan thought his American counterparts needed to see these intercepts, and fast. He looked at them once more and asked his staff to be sure to flag them for the National Security Agency. This shouldn’t get lost in the daily pile, he told them. This was sensitive stuff, and his American counterpart, Admiral Rogers, and his colleagues at the NSA, needed to know about it.
A few weeks later, Hannigan recalled, he received an acknowledgment “from someone senior” on Rogers’s NSA staff. They appreciated the heads-up.
It was the last he heard from them about it.
Inside the NSA, officials hint that they already had a pretty good idea of what the Russians were up to at the DNC, and they say the British were not the only foreign intelligence service to see evidence of the hack. But they were the most important, and that should not be surprising. For reasons of history, geography, and faded empire, GCHQ’s access to the networks that feed into and out of western Russia are among the best of the “Five Eyes”—the five English-speaking victors of World War II who share the burden of intelligence gathering and most of what they harvest.*
Hannigan describes the Five Eyes as more of a club than a tightly run organization. It was, he said, a “signals intelligence creation dating from World War II, when Roosevelt and Churchill took a political decision to share their most sensitive cryptological secrets.”
“I think Americans would be surprised by how many British experts we keep at the NSA,” one senior British official with deep experience said to me a few years before the Russia investigation broke. “And I know the British would be surprised how many Americans are deep in our system.”
In fact, the tie between the NSA and GCHQ was so tight that each placed its own officers in the other’s headquarters, so they were partners rather than anonymous analysts on each end of the line. Snowden documents revealed that in Bude, on the southwest coast of Britain, there were 300 GCHQ analysts and 250 Americans in 2012, working on two projects—“Mastering the Internet” and “Global Telecoms Exploitation”—that picked up terabytes of Facebook entries, emails, phone calls, Google Maps searches, and histories of who visited what websites, and when. It was all legal, the British maintained after the operation was revealed, but the analysis section was based in Britain for a reason: there was more legal leeway than in the United States.
For obvious reasons, no one will be very precise about how the British picked up the traffic that led back to the DNC. But there are several clues. The Snowden documents reveal that GCHQ was plugged into two hundred fiber-optic cables, and could process information from forty-six of them simultaneously. That is quite a feat, since cable traffic runs at ten gigabits per second. The content of that traffic is mostly encrypted. But the British were able to pick up the metadata.
British access to the cables came courtesy of two leaders who were quite definitely of a pre-cyber age: Queen Victoria and President James Buchanan. When HMS Agamemnon and the USS Niagara met in the mid-Atlantic in 1858 to splice together the first copper cable, the queen and the beleaguered president used the new undersea line to transmit telegrams to each other. Britain then became the critical hub—the “termination point”—for even more cables laid across Europe and into Russia. “Termination points” are where the cables come ashore. And in both the United States and Britain, the intelligence agencies paid “intercept partners”—like AT&T and British Telecom—to keep teams of technicians at the termination site to mine and hand over data. The whole arrangement is ruled by court orders on both sides, kept secret to avoid blowback for the firms. Post-Snowden, the rules governing the system got a lot stricter. But the intelligence was also getting more valuable.
One hundred and sixty years later, the copper cables have been replaced by fiber-optic cables, which are more durable, higher-capacity, and harder to tap, and more than 95 percent of network traffic moves through them. One termination point in Cyprus, leaked documents showed a few years ago, has long been a particular bonanza for intelligence agencies. So has another in Asia, not far from North Korea. When Gen. Keith Alexander, then the head of the NSA, visited the Menwith Hill Station in Yorkshire in 2008, he asked, “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.”
He could have said something similar at other listening posts around the world, which are divided up for monitoring among the Five Eyes. While the Brits focus on Europe, the Middle East, and western Russia, the Australians monitor East Asia and South Asia—which is why operations in Afghanistan are often run out of Pine Gap, in the Australian desert. New Zealand owns the digital traffic in the South Pacific and Southeast Asia. Canada peers deep into Russia and covers Latin America. The United States, with huge collection budgets, looks at hot spots, starting with China, Russia, Africa, and parts of the Middle East. Naturally, such monitoring is a subject officials in each of those countries won’t discuss openly, even years after the Snowden revelations.
One reason is that these termination points are no longer just a place to plug in headphones. They have become a way to inject implants—malware—into foreign networks. “Once they were all about defense,” a telecommunications expert told me. “Today, they are also about offense.”
They are also a huge risk, as the steady flow of global communication depends on them. If six or so termination points were blown up or seized, information flow in the United States would slow to a trickle. Phone conversations would halt, markets would be disabled, news would stop. “It’s a tremendous vulnerability,” one British official told me. “And a great opportunity.”
So it was no surprise that Facebook and Google started laying their own cables.
It was a sign of the Russian hackers’ professionalism that they did not rush the stolen Podesta emails into public view after they obtained them in March 2016. Instead, they took their time sorting through the material, looking carefully at what might be especially valuable, such as Clinton’s speeches to Goldman Sachs. She had refused to reveal the texts publicly, but here they were, in the stolen trove. (It turned out the speeches sounded a lot like the ones she used to give for free when she was Secretary of State.) The Russian strategy was one of patience: there would be a moment to reveal the contents of the emails, when they could do maximum damage.
At the DNC, Yared Tamene still saw no reason to be alarmed. He wrote in a memo on April 18 that a “robust set of monitoring tools” had finally been installed at the DNC—in other words, they had decided to pay for a burglar alarm.
Only later in April did Tamene, using those new tools, find evidence that someone had stolen credentials giving them access to all of the DNC’s files. He called the DNC’s chief executive, Amy Dacey, with news that there had been a major, recent breach and the DNC had probably lost most of its files—far more than they ever lost in the Watergate break-in.
Belatedly, panic set in.
Far from Washington, another element of the Russian enterprise was playing out in Texas, Florida, and New York—all in plain sight.
While Russian intelligence agencies were hiring hackers to break into the DNC, the trolls and bot creators at the Internet Research Agency in Saint Petersburg were kicking into overtime. Paychecks had risen to $1,400 a week, a small fortune by Russian standards, especially for twentysomethings. In return, they worked twelve-hour shifts, churning out Facebook posts that hit on themes conveyed to them by email. On one floor, Russian-language trolls fought off opposition to Vladimir Putin. On another floor, they looked for any divisive issue in American society where a wedge could be driven via the Internet, to widen the natural fault lines in American politics and society.
Texas seemed particularly ripe for meddling. Few of the trolls and bot makers had been there, but they had read about it online and seen it in the movies. It didn’t take much of a leap of imagination to form a “Heart of Texas” group that appeared to be based in Houston, but was actually operating near Red Square. They promoted a rally called “Stop Islamization of Texas,” as if there were much Islamization to worry about. Then, in a masterful stroke, the Russians created an opposing group, “United Muslims of America,” which scheduled a counter-rally, under the banner of “Save Islamic Knowledge.” The idea was to motivate actual Americans—who had joined each of the Facebook groups—to face off against each other and prompt a lot of name-calling and, perhaps, some violence.
It was a testament to how easy it is to mislead some subgroups of American citizens on the web with a few cheap bots and someone imitating a local resident. But no one was more amazed than the young Russians in Saint Petersburg, who, their own emails later showed, could not believe their targets were so gullible.
If you are going to catch a Russian inside your networks, hiring a Russian who thinks the way the attackers think isn’t a bad idea. By that measure, Dmitri Alperovitch was the right man for the job.
In his mid-30s, with sandy hair and broad smile, he was already a fixture in the Washington firmament: a cyber specialist who was a regular at foreign policy forums and seemed as interested in the geopolitics of the business as the bits and bytes. But it was hardly preordained that Alperovitch would get so far.
He was the son of Soviet nuclear scientist Michael Alperovitch, and spent his childhood and early teen years in Moscow, in the waning days of the Soviet Union. In 1986, when Dmitri was about five years old, Michael narrowly escaped an assignment that would have left his son fatherless. A fire had broken out at the Chernobyl nuclear power plant, and panicked Soviet officials wanted Michael and his colleagues to check it out. Michael had a bad feeling and declined. The scientists who went all developed cancer and died soon after.
His life spared by good luck, Michael began to think it might be time to get out. His opportunity came shortly after the breakup of the Soviet Union. The Alperovitch family left Moscow in 1994, moving first to Toronto before settling in Chattanooga when Michael had landed a job at the Tennessee Valley Authority. Dmitri eventually enrolled at Georgia Tech, graduating with what was, at the time, a rare degree in cybersecurity.
Out of college, Alperovitch bounced around a number of the digital stations of the cross, eventually joining McAfee, known for its early virus-protection products. His job was to analyze state sponsors of cyberattacks, and he did it well, publishing a long paper about a China-based group called “Shady Rat,” which was behind the theft of intellectual property from American companies. McAfee had been acquired by Intel, the country’s leading chipmaker, and the paper took off as one of the best-researched pieces of work tying the Chinese government to what Keith Alexander, then the head of the National Security Agency, used to call the “greatest transfer of wealth in history.”
Unsurprisingly, the Chinese didn’t care much for the research. Suddenly they were showing up in Intel’s offices in Beijing, inspecting business licenses—completely unrelated to Alperovitch’s work, naturally. One day, he recalled, he got a call from one of the company’s top executives. “Do you realize we do 60 percent of our business in China?” he remembers the executive asking.
Actually, he hadn’t known that. He resigned the next week and in 2011 moved on to create the cybersecurity firm CrowdStrike with entrepreneur George Kurtz. Alperovitch knew how to follow the bits. His partner knew how to manage the law-enforcement landscape.
It was good timing; the Russians were coming.
“Why don’t you come up and we’ll do a little health check?”
That was the seemingly benign invitation that Shawn Henry—a former FBI cyber expert whom CrowdStrike had recruited to serve as their chief security officer and president of their information security team—received from Michael Susman that April. Susman had prosecuted cybercrimes for the Justice Department, then moved to Perkins Coie, a law firm that counted both the Hillary Clinton campaign and the DNC among its clients.
CrowdStrike was accustomed to such calls, and soon their forensic engineers were tapped into the computers at the DNC, scanning them for signatures of known bad actors in cyberspace. Reams of data began flowing back to Henry and Alperovitch.
It took less than a day to find what they were looking for, but the full result was startling. It was at that moment that they discovered the DNC had been hacked by not one Russian intelligence group but two. And both had left plenty of fingerprints.
Alperovitch and his colleagues had long before nicknamed the first group “Cozy Bear,” the one the FBI referred to as “the Dukes.” It was a play on the Bear nicknames of the Cold War era. (Others called the group “APT 29” for “advanced persistent threat.”) Cozy Bear was the first group to infiltrate the DNC, the evidence suggested, the one Hawkins had seen when he first called the committee.
It wasn’t until March 2016 that “Fancy Bear,” a competing Russian group associated with the GRU, the military intelligence unit, broke into the computers of the Democratic Congressional Campaign Committee before moving into the DNC networks as well. That was the hack that Robert Hannigan’s spies at GCHQ had detected. Fancy Bear probably didn’t know that the SVR-linked Cozy Bear group was already there. At least, that was Alperovitch’s theory.
“These guys are deeply competitive with each other,” he told me. “They want approval from Putin, they want to say ‘Look what I did!’ ” And Fancy Bear was clearly busy—they were the ones sorting through Podesta’s email trove.
Once it was clear where the invaders were coming from, Alperovitch threw himself into the investigation. The mystery was what the Russian groups planned to do with the information they had stolen. As Alperovitch noted dryly to me one day, “No one expected what this turned out to be.”
Alperovitch knew what he needed to do at the DNC: replace its entire computer infrastructure. Otherwise, he would never know for sure where the Russians had buried implants in the system.
For the six weeks after CrowdStrike moved into the DNC headquarters, it worked quietly to prepare for a total replacement of the committee’s hardware, making the usual excuse that there were maintenance operations under way. Then, on one weekend in late spring, everything was shut down. DNC employees were told to turn in their laptops and phones for a “system upgrade.”
“There were people who thought this was a front for layoffs,” since the DNC was perpetually broke, Alperovitch recalled. They were relieved to discover that their jobs were safe, but when they got the equipment back the next week, the hard drives had been wiped clean and new software installed.
By now the DNC leadership had moved from total ignorance to total panic. They began meeting with senior FBI officials in mid-June, fully nine months after Agent Hawkins had been switched to the help line. Babies had been conceived and born in the time it took the DNC, and the US government, to wake up. Now the debate was over whether to make public what was going on.
The motivation of the DNC and its chairwoman, Debbie Wasserman Schultz, seemed clear: She wanted to gain a bit of sympathy for the Democrats, who had been attacked by the Russians, and put Donald Trump on the spot, since he had been nothing but complimentary about Putin. In mid-June, the DNC leadership decided to give the story of the hack to the Washington Post. It would leak soon enough anyway, they thought.
The Post ran with it, but it was a sign of how little thought was being given to Russian manipulation at the time that, as we played catch-up in the Times newsroom that day, it was difficult to get much interest in the story from the editors managing coverage of the strangest presidential campaign of modern times. At that moment, a few Russians mucking in the DNC didn’t exactly seem like a repeat of Watergate. The story was buried deep in the political pages.
The Obama administration also had a difficult time getting excited. They resisted demands from the DNC that the government do a quick “attribution,” as they had in the Sony case, and have the intelligence community publicly name the Russians as the offenders. The FBI said its own investigation was being hindered by the DNC, which it still viewed as being less than fully cooperative; the DNC would not allow the FBI access to its main servers, so the FBI was getting evidence secondhand, from CrowdStrike.
The government’s reluctance to “attribute” the hack to the Russians was hardly unusual. There was always concern in the intelligence agencies about revealing sources and methods. And while it was one thing for a private security firm like CrowdStrike to name the Russians, the US government had to have a much higher level of certainty. “If you do it,” one senior intelligence official said to me, “you have to be prepared to answer the question, ‘So what are you going to do about it?’ ”
Susman, the lawyer for the DNC, thought that the government’s argument was pretty ridiculous; CrowdStrike didn’t need secret sources to figure this out, and the Russians had not exactly hidden their tracks. “You have a presidential election under way here and you know that the Russians have hacked into the DNC,” he recalled saying at one meeting with DNC executives and their lawyer. “We need to tell the American public that. And soon.”
The day after the Post and the Times ran their stories, though, it became clear that the Russians had a larger plan.
A persona with the screen name Guccifer 2.0 suddenly burst onto the web, claiming that he—not some Russian group—had hacked the DNC. His awkward English, which became a hallmark of the Russian effort, made it clear he was not a native speaker. He contended he was just a very talented hacker, writing:
Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by “sophisticated” hacker groups.
I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy.
Guccifer may have been the first one who penetrated Hillary Clinton’s and other Democrats’ mail servers. But he certainly wasn’t the last. No wonder any other hacker could easily get access to the DNC’s servers.
Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?
Guccifer 2.0 offered a few DNC documents, which he advertised as just a sampling of a vast trove. They included a lengthy piece of opposition research prepared by the DNC as they struggled to understand Trump, with chapter headings like: “Trump Is Loyal Only to Himself” and “Trump Has Repeatedly Proven to Be Clueless on Key Foreign Policy Issues.” There was also a chart listing major donors to the DNC, where they lived, and how much they had given.
“And it’s just a tiny part of all docs I downloaded from the Democrats’ networks,” he wrote, adding that the remainder, “thousands of files and mails,” were now in the hands of WikiLeaks.
“They will publish them soon,” he predicted.
It was clear that morning that the hack was not simply about campaign intelligence gathering. It was intended to be the cyberattack equivalent of broadcasting the conversation about Ukraine between Victoria Nuland and Geoffrey Pyatt. There was only one explanation for the purpose of releasing the DNC documents: to accelerate the discord between the Clinton camp and the Bernie Sanders camp, and to embarrass the Democratic leadership. That was when the phrase “weaponizing” information began to take off. It was hardly a new idea. The web just allowed it to spread faster than past generations had ever known.
Anyone who had followed the Russian hacking groups knew that there was little chance that Guccifer 2.0 was simply a savvy, lone hacker. But the name he chose was a clever play: It was taken from “Guccifer,” the screen name of a Romanian hacker who was then sitting in jail, after famously breaking into the email accounts of former Secretary of State Colin Powell and former President George W. Bush.
It didn’t take long for online sleuths to puncture the tale and point to evidence that Guccifer 2.0 was far more likely a committee of hackers somehow linked to the GRU, the Russian military intelligence unit. Lorenzo Franceschi-Bicchierai, who wrote for Vice, had the inspired idea of sending Guccifer 2.0 a direct message. He got an instant answer: Guccifer 2.0 said he was Romanian.
So Franceschi-Bicchierai used Google Translate to ask Guccifer 2.0 some questions in stilted Romanian. The answers came back in equally stilted Romanian. It quickly became clear that Guccifer 2.0 didn’t speak the language; he was using Google Translate too. A deep look at the documents he was posting showed they had been written in a Russian version of Microsoft Word, and were edited by someone who identified himself as Felix Edmundovich. That name seemed a tip of the hat to the founder of the Soviet secret police, Felix Edmundovich Dzerzhinsky. (Dzerzhinsky Square in Moscow, where the KGB headquarters was located, got renamed after the fall of the Soviet Union, but Dzerzhinsky would soon have a bit of a revival.)
The more Franceschi-Bicchierai conversed online with Guccifer 2.0, the more he became convinced that he was dealing with “a group of people” who were not very skilled at covering their tracks. In fact, they didn’t really seem to want to cover them. And another outlet for the documents suddenly appeared: “DC Leaks,” a site established just a few months before, but not active until the end of June. It was another indication that making selected stolen documents public was part of a larger plan, one that had been formulated months in advance.
By the time Donald Trump arrived in Cleveland, Ohio, in the third week of July 2016 to accept the nomination of a Republican Party still stunned by his rise, questions about his campaign’s connections to Russia were already in the air. The millions of dollars that Paul Manafort, Trump’s campaign chairman, made in Ukraine on behalf of the now-exiled, pro-Putin former president of the country was under growing scrutiny—which would lead to his resignation, and eventually his indictment. The digital break-in at the DNC was strange enough, but Trump’s insistence that there was no way it could be definitively traced to the Russians was even stranger.
As I arrived in Cleveland, though, the biggest mystery seemed to be Trump’s own refusal to say anything remotely critical of Russia, and especially of Vladimir Putin. Every other Republican candidate for president I had covered—Bob Dole, George W. Bush, John McCain, Mitt Romney—had gone out of their way to stress their suspicions of Russia’s motives, and particularly Putin’s.
Yet Trump kept declaring he admired Putin’s “strength,” as if strength was the sole qualifying characteristic of a good national leader. In an interview with Fox News he refused to say if he had ever spoken to Putin. That seemed odd, because he was also attempting to make the case that he could handle foreign leaders more skillfully than his opponent, a former Secretary of State. He never criticized Putin’s moves against Ukraine, his annexation of Crimea, or his support of Bashar al-Assad in Syria. Instead, he brushed past all that with the declaration, “Wouldn’t it be nice if we actually got along with Russia? Wouldn’t that be good?”
So when Maggie Haberman and I were preparing on July 20 to conduct our second foreign-policy interview with Trump—the day before he would accept the party’s nomination—Russia was high on our list of questions. We stepped into his hotel room in Cleveland just as he was finishing a meeting with Manafort, who shook our hands and quickly stepped out of the room, before any questions might be directed his way.
Trump was distracted and a bit irritated by something he had just heard about himself on television, but he settled in when the questions began, eager to prove himself familiar with every global hot spot. About halfway through the interview, I saw an opening and noted to Trump, “You’ve been very complimentary of Putin himself.”
“No! No, I haven’t,” he insisted.
SANGER: You said you respected his strength.
TRUMP: He’s been complimentary of me. I think Putin and I will get along very well.
We pursued that non sequitur for a while; I was trying to draw him out on why the fact that Putin had been complimentary of the soon-to-be-nominee would in any way affect Trump’s judgment about how to deal with an increasingly aggressive adversary. When that went nowhere I tried another route, testing whether he would defend the newest members of NATO.
“I was just in the Baltic States,” I told him. “They are seeing submarines off their coasts, they are seeing airplanes they haven’t seen since the Cold War coming, bombers doing test runs. If Russia came over the border into Estonia or Latvia, Lithuania, places that Americans don’t think about all that often, would you come to their immediate military aid?”
This was, I thought, the bottom-line issue: if Putin wanted Trump to win, it had to be because he thought a Trump victory would undercut the Western allies’ confidence that America would defend the alliance. Trump tried to duck:
TRUMP: I don’t want to tell you what I’d do because I don’t want Putin to know what I’d do. I have a serious chance of becoming president and I’m not like Obama, that every time they send some troops into Iraq or anyplace else, he has a news conference to announce it.
As soon as Maggie and I pressed the point, Trump took refuge in one of his favorite arguments: NATO members are taking us for granted and “aren’t paying their bills.” So I decided to get a little more specific:
SANGER: My point here is, can the members of NATO, including the new members in the Baltics, count on the United States to come to their military aid if they were attacked by Russia? And count on us fulfilling our obligations—
TRUMP: Have they fulfilled their obligations to us? If they fulfill their obligations to us, the answer is yes.
HABERMAN: And if not?
TRUMP: Well, I’m not saying if not. I’m saying, right now there are many countries that have not fulfilled their obligations to us.
There was our story for the evening before he became the Republican nominee: The first major presidential candidate to cast doubt on whether the United States would come to the defense of treaty allies.
I had one other line of questions I wanted to try: How would he respond to cyberattacks? Particularly those “that are short of war” and “clearly appear to be coming from Russia?”
TRUMP: Well, we’re under cyberattack.
SANGER: We’re under regular cyberattack. Would you use cyberweapons before you used military force?
TRUMP: Cyber is absolutely a thing of the future and the present. Look, we’re under cyberattack, forget about them. And we don’t even know where it’s coming from.
SANGER: Some days we do, and some days we don’t.
TRUMP: Because we’re obsolete. Right now, Russia and China in particular and other places.
SANGER: Would you support the United States not only developing as we are but fielding cyberweapons as an alternative?
TRUMP: Yes. I am a fan of the future, and cyber is the future.
That was as far as we got on how the nominee thought about the newest weapon that Russia and the United States were utilizing in a global struggle for power: “Cyber is the future.” But worse yet, he fueled our suspicions that at a minimum he was perfectly comfortable with what was clearly Russian interference in the election. And he made us wonder whether, wittingly or unwittingly, he had become Putin’s agent of influence.
The leaked emails apparently weren’t producing as much news as the GRU-linked hackers had hoped. So the next level of the plan kicked in: activating WikiLeaks.
The first WikiLeaks dump was massive: 44,000 emails, more than 17,000 attachments. And not coincidentally, the deluge started just days after our interview with Trump, and right before the start of the Democratic National Convention in Philadelphia. The most politically potent of the emails made clear that the DNC leadership was doing whatever it could to make sure Hillary Clinton got the nomination and Bernie Sanders did not.
To anyone watching the nomination process, that was hardly surprising; while the DNC was supposed to be neutral, it was understood in the Democratic leadership that this was Clinton’s turn. She had the name recognition and the money and the experience, and many in the party felt she had been denied her chance when Obama came along in 2008. That air of inevitability about her candidacy ended up being one of her greatest liabilities.
Yet the emails that were released in the trove were so blunt and insulting that they played to the divisions within the party, just as Sanders’s delegates were showing up in the sweltering heat of Philadelphia. One of the big questions was whether the Russians knew enough by themselves to intensify that division, or whether they had help from Americans who had an interest in undercutting the Democrats.
If the Russian goal was simply to trigger chaos, it worked. Wasserman Schultz, the Florida congresswoman, had to resign as the party’s chair just ahead of the convention over which she was set to preside.
And finally the country—or at least anyone following what was happening closely—was waking up. In the midst of the Democratic convention in late July, my colleague Nicole Perlroth and I wrote: “An unusual question is capturing the attention of cyber specialists, Russia experts and Democratic Party leaders in Philadelphia: Is Vladimir V. Putin trying to meddle in the American presidential election?”
Clinton’s campaign manager, Robby Mook, accused the Russians of leaking the data “for the purpose of helping Donald Trump,” though he cited no evidence.
Mook suggested that Trump’s answers to us the week before about whether he would come to NATO’s aid marked a watershed moment. Such an allegation seemed unprecedented. Even at the height of the Cold War, we wrote, “it was hard to find a presidential campaign willing to charge that its rival was essentially secretly doing the bidding of a key American adversary.” For the first time we raised the question of whether Putin himself was behind the leaks.
That question had already seized the CIA and the NSA. Two days later, in Washington, word began to spread that a preliminary CIA assessment circulating in the White House—deeply classified—concluded with “high confidence” that the Russian government was behind the theft of emails and documents from the Democratic National Committee. It was the first time that the government began to signal that a larger plot was under way.
Yet publicly the White House remained silent. The CIA evidence, my Times colleague Eric Schmitt and I wrote, “leaves President Obama and his national security aides with a difficult diplomatic and political decision: whether to publicly accuse the government of President Vladimir V. Putin of engineering the hacking.”
In fact, a fight was brewing inside the administration on just that point. What we didn’t know at the time was that a disagreement had surfaced among the intelligence agencies. The CIA’s “high confidence” was in part based on human sources inside Russia. The NSA was not prepared to sign on; it did not yet have enough signals intelligence and intercepted conversations to say with anything more than “moderate confidence” the hack was a GRU operation, and that Putin had ordered it.
“This went to the heart of Russia’s role and intentions,” said one senior official who participated in the debate in early August, right after the conventions. “And finally Obama—who is usually pretty cool about these things—got pretty animated. He said, ‘I need clarity!’ And he didn’t have clarity” about who had ordered the hacking, or what its objectives were.
Trump himself seemed to understand what was at stake. “The new joke in town,” he wrote on Twitter, “is that Russia leaked the disastrous DNC emails, which should never have been written (stupid), because Putin likes me.”
Soon it would not be a joke.
* In addition to the United States and Britain, the other members are Canada, Australia, and New Zealand.