President Donald Trump on Saturday downplayed a massive cyberattack on US government agencies, declaring it “under control” and undercutting the assessment by his own administration that Russia was to blame.
“I have been fully briefed and everything is well under control,” Trump tweeted in his first public comments on the hack, adding that “Russia Russia Russia is the priority chant when anything happens” and suggesting without offering evidence that China “may” also be involved.
Trump’s response was in sharp contradiction to comments a day earlier from Secretary of State Mike Pompeo about both the source and the severity of the attack. Pompeo had said the breach — which cyber experts say could have far-reaching impact and take months to unravel — was “pretty clearly” Russia’s work.
“There was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems,” Pompeo told interviewer Mark Levin, alluding to widely used security software from Texas firm SolarWinds.
“This was a very significant effort,” Pompeo added, “and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”
Trump’s tweets left administration spokespeople scrambling to reconcile the conflicting takes.
CNN said White House officials had made plans Friday to release a statement directly blaming Russia, before it was abruptly pulled back for unclear reasons.
Playing down threats
It was far from the first time the president has played down apparent threats from Russia, starting with his refusal to recognize interference by Moscow in the 2016 election despite the clear finding of US intelligence agencies.
Russia has denied involvement in the latest attack, but several officials in and out of the US government have pointed the finger at Moscow, and none at Beijing.
There was no immediate reaction from China.
Dramatic details about the extraordinarily wide attack have emerged even as President-elect Joe Biden prepares to take office next month amid already high tensions with Moscow.
Biden has expressed “great concern” over the breach.
The US Cybersecurity and Infrastructure Security Agency said Thursday that the attack poses a “grave risk” and thwarting it would be “highly complex.” It did not identify those behind it.
On Friday, Senator Marco Rubio, a prominent Republican, tweeted that “the methods used to carry out the cyberhack are consistent with Russian cyber operations,” while adding that it was crucial to be certain.
“We can’t afford to be wrong on attribution, because America must retaliate, and not just with sanctions.”
Closing consulates
In a move apparently planned before news of the cyberattack emerged, the State Department on Saturday confirmed plans to close the two remaining US consulates in Russia, in Vladivostok and Yekaterinburg, due to “ongoing staffing challenges.”
Among the government agencies affected by the cyberattack, according to media reports, are the departments of State, Treasury, Commerce and Homeland Security.
Also targeted were the National Institutes of Health — at a time of keen interest in coronavirus vaccines — as well as the Energy Department and National Nuclear Security Administration, which manage the nuclear weapons stockpile.
Microsoft said Thursday that it had notified more than 40 customers hit by the malware, which security experts say could allow attackers unfettered network access to key government systems and electric power grids and other utilities.
Roughly 80 percent of the affected customers are located in the United States, Microsoft president Brad Smith said in a blog post, with victims also found in Belgium, Britain, Canada, Israel, Mexico, Spain and the United Arab Emirates.
“It’s certain that the number and location of victims will keep growing,” Smith said.
NATO said Saturday it was checking its computer systems but had found “no evidence of compromise.”
The European Commission said Saturday it had not found any computer system intrusion but was “analyzing the situation.”
In one of his two tweets Saturday, Trump attempted to link the cyberattack to his persistent efforts to undercut Biden’s election win.
“There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA.”
It was his latest baseless allegation of mass fraud in the November 3 vote, and Twitter appended a note stating that Biden had been certified by election officials as the winner.