Sophisticated Cyberattacks
News of hack broke on December 8 when U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers.
FireEye said the attack compromised its software tools used to test the defenses of its thousands of customers.
This week we learn the hack did not start with FireEye, rather with SolarWinds, a trusted US security firm. The breach happened at least four years ago!
It was discovered only because of due diligence by a FireEye employee who took time to investigate an automated message regarding a login from an unknown device.
That’s a type of automated message routinely decarded by almost everyone.
The suspected Russian hack involving SolarWinds compromised parts of the U.S. government. The scale surprised even veteran security experts.
Hack Suggests New Scope, Sophistication for Cyberattacks
The Wall Street Journal reports Hack Suggests New Scope, Sophistication for Cyberattacks.
As the probe continues into the massive hack—which cast a nearly invisible net across 18,000 companies and government agencies—security specialists are uncovering new evidence that indicates the operation is part of a broader, previously undetected cyber espionage campaign that may stretch back years.
The attack blended extraordinarily stealthy tradecraft, using cyber tools never before seen in a previous attack, with a strategy that zeroed in on a weak link in the software supply chain that all U.S. businesses and government institutions rely on—an approach security experts have long feared but one that has never been used on U.S. targets in such a concerted way.
Most devastatingly, they sneaked their malicious code into the legitimate software of a trusted software maker—an Austin-based company called SolarWinds Corp. and its software called Orion.
FireEye put more than 100 cyber sleuths on the job out of its roughly 3,400 total staff. Trained to investigate breaches at other companies, they now found themselves scouring the company’s own networks.
Security Breaches
- US Treasury
- Energy Department
- Department of Homeland Security
- State Department
- At least 18,000 corporations who downloaded SolarWinds updates
- While 80% of the victim companies were based in the U.S., Microsoft said that targets were also hit in the U.K., Canada, Mexico, Belgium, Spain, Israel and the United Arab Emirates.
New Techniques
Among the worrying signs, the attacker seemed to have an understanding of the red flags that typically help companies like FireEye find intrusions, and they navigated around them: They used computer infrastructure entirely located in the U.S.; and they gave their systems the same names used by real FireEye employee systems, an unusually adept tactic designed to further conceal the hackers’ presence.
Once they noticed suspicious activity emanating from SolarWinds’ Orion product, the company’s malware analysts scoured some 50,000 lines of code in search for “a needle in a stack of needles,” Mr. Carmakal said, eventually spotting a few dozen lines of suspicious code that didn’t appear to have any reason to be there. Further analysis confirmed it as the source of the hack.
The Unknown
“It’s very broad in scope, and potentially very damaging to our economic security,” said J. Michael Daniel, chief executive of the Cyber Threat Alliance, an industry information-sharing group, and the former White House cybersecurity coordinator in the Obama administration. “It’s going to take a long time to figure out the full scope and extent of the damage, and it’s probably going to cost a lot of money to fix.”
How the hackers gained access to SolarWinds systems to introduce the malicious code is still uncertain. The company said that its Microsoft email accounts had been compromised and that this access may have been used to glean more data from the company’s Office productivity tools.
Inside the Hack
The above image from Solar Winds.
Microsoft and the US Nuclear Agency Exposed
Bloomberg reports Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed
The U.S. nuclear weapons agency and at least three states were hacked as part of a suspected Russian cyber-attack that struck a number of federal government agencies, according to people with knowledge of the matter, indicating widening reach of one of the biggest cybersecurity breaches in recent memory.
The Energy Department and its National Nuclear Security Administration, which maintains America’s nuclear stockpile, were targeted as part of the larger attack, according to a person familiar with the matter. An ongoing investigation has found the hack didn’t affect “mission-essential national security functions,” Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement.
“At this point, the investigation has found that the malware has been isolated to business networks only,” Hynes said. The hack of the nuclear agency was reported earlier by Politico.
Microsoft spokesman Frank Shaw said the company had found malicious code “in our environment, which we isolated and removed.”
President-elect Joe Biden issued a statement Thursday on “what appears to be a massive cybersecurity breach affecting potentially thousands of victims, including U.S. companies and federal government entities.”
“I want to be clear: My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Biden said, pledging to impose “substantial costs on those responsible for such malicious attacks.”
In the email notice, Bloomberg commented “President Donald Trump, who has been reluctant to criticize Russia or President Vladimir Putin throughout his four years in office, has said nothing.”
Wow.
What a pox on the Department of Homeland Security and the US National Security Agency.
Congrats to the FireEye employee who decided to investigate an automated message.
Mish
Did Trump kill JFK? When is the deadline for blaming Trump? I cannot wait to hear the griping when Biden screws up because of Trump. How convenient will that be for you losers and users… get a clue, they’re free.
Since everyone is having fun here, let me join in.
I’m voting for the most likely culprit on this one: A commercial outfit’s automated exploit system that got lucky with a “social”. 🙂
I think it was an inside job. Why expect the guys developing the software are all angels? It is in the core of general and widely used products and none of those agencies need to have been specific targets. As others have questioned, what specifically was stolen? I suspect money and in ways quite sophisticated and hard to unravel. Time to investigate the guys who compiled this.
In 80% of forensic investigations insiders are implicated.
Stealing money will get attention. These people were sophisticated and disciplined and kept it quiet. It should be possible to get some picture of what was exfiltrated with the help of the NSA and audits. We will never know anything with any degree of certainty. But their target was probably sensitive information with value only to specific people.
Anyone want to consider this to be an inside job? So quick to blame Russians, but the easier explanation is that the core software was infected by insiders at its inception for general use, and all these different agencies just happen to be users. Note that there is no specific mention of what might actually have been stolen from anywhere.
It makes you wonder what the Russians are holding over Trump’s head given his reluctance to point any blame at Russia for any of their transgressions over the past 4 years. Evidence of Russian influence in the 2016 elections? Is it compromising video or photographs? Perhaps financial loans from Russian oligarchs? Or maybe a promise of a future lucrative business deal? He has cozied up to Putin for the past 4 years which would leave one to question why.
No more golden showers if he talks.
Another sheep
At this point we just have to assume Donald Trump is compromised even if we don’t know how it occurred
The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of….
So, as far as anybody saying, how do we know its Russia? If uber toad Pompeo says it is clearly Russian, it probably is.
“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” said Pompeo in an interview with “The Mark Levin Show.”
If it was just really embarrassing, they would say that it was very sophisticated, must be a state actor, just to avoid owning up to their poor defence.
Apparently Solar Winds’ update server had the password “solarwinds123” and they were warned about it in 2019 already. Just having a password that weak is criminal negligence, not to mention being warned about it and doing nothing about it. That update server was the entry vector for the hackers. How on earth that got passed a security audit is a very interesting question
This is an urban legend. It had nothing to do with passwords, it was software weaponized and installed.
Yes, but the updates with code inserted were installed with that password, capital S.
Of humurous note, the PAL code on the nukes of the 60s was 00000000
Why is everyone assuming Russia. I bet it is China and with Biden’s ties to China….nobody is saying anything.
If Putin and Trump are friends like the DEMs proclaim, why would Russia hack the Government while Trump is still in office. It it is the Russians, than it shows the Democrats assumptions are wrong and Putin has ill intentions towards Trump?
Trump is the useful idiot of Putin, not a friend or ally. Perhaps Putin also has leverage over him. Maybe sexual, maybe a bunch of his debt with Deutsche Bank is actually sourced from Russian interests.
“Why is everyone assuming Russia. I bet it is China and with Biden’s ties to China….nobody is saying anything.”
Democrats ugly way of saying “Russian spies are a heck of a lot more hotter than China spies (believe me!), so they bagged more Dems!”
Terrible and horrible and I don’t necessarily agree!
The cyberwar era started awhile back. If they truly got into Treasury and other departments, you have to wonder if transactions to foreign bank accounts in Russia were initiated. Trump has been the worst president in global history for national security.
Sure looks like we are headed for war…with russia and china.
Good question…Looks to me like it’s more of an “oh shit” moment…..and one has to wonder what COULD be happening in some other proprietary security software that hasn’t been noticed yet. Is there another shoe somewhere that might drop?
Probably.
Pardon me if this is obvious, but what are the practical effects of the hack? What consequences have there been? Is money missing? Has the US suffered yet in any material way?
I am not questioning the truth or seriousness of the matter, just asking what actual harm has resulted so far.
#1, The exposure of sources. if the CIA got hacked, It’s sources could be exposed, and people who have helped us may die as a consequence.
#2 The exposure of methods. So like the Russians, we also exploit weaknesses in information systems. If the hack exposed our methods, then we would have less available intelligence to understand and hopefully prevent attacks in the future.
#3 State and local information systems. Thus far in the investigation it appears that the exploits were used to infiltrate the infrastructure that make our state and local work. Given that knowledge a would be attacker could readily disrupt activity at the state and local level.
Thanks, of the three the exposing of covert agents seems most threatening.
The fact that nothing has come out about what the hackers did means it’s pretty bad and probably classified.
We do not know the extent
What business secrets did they steal?
A “hack” can be the logical equivalent of having a nuke stored in any and all cities. The computerization of the human world is just getting started and no one has experience with something dramatized so well by the ending of Lawnmower Man.
If cyber ‘attacks’ are so terrible, does this mean the USA will commit to not doing such things to other countries?
How sophisticated this all was will only be known later. We know that for years the software updates for SolarWinds Orion used the password ‘Solarwinds123’ and this was known on back channels beyond the people involved.
Feeling vindicated in being paranoid about blindly depending on updates from open source projects like most software projects do.
It was proprietary software
I know, the lesson I’m taking is orthogonal to that: updates are not risk-free.
And our congress critters want to mandate back doors in all encryption. Brilliant
Alread been done. That’s why they worry so much about Hua-Wei. No back doors for them.
Excellent comment
Trump said to be announcing pardons today.
Typically the sketchy pardons are done on the LAST day…that’s what happened with Bill Clinton and his infamous quid pro quo pardon of Marc Rich
My guess is he will retroactively pardon Jesus to curry support from his religious base…..
Not really, but I bet it’s somebody he thinks pardoning ……will garner huge support for Himself.
I hope Julian Assange is the lucky one. The usual unnamed sources say it won’t be Snowden.
its just the flu HAHAHA German study finds some bodies of covid-19 victims are contagious after death https://www.washingtonpost.com/nation/2020/12/17/coronavirus-covid-live-updates-us/#link-ELZEIQ5RVVHXFK3BQJ3WCIN4IA
Did they try burying them or did they bury them too shallow as the Danes did with the minks?
Picking up pathogens from corpses is an occupational hazard for funeral workers. Of course some have gotten sick from covid……
Interesting that the Pentagon suddenly cancelled any further briefings with the Biden administration today. Makes you wonder 1) are these events related and, if so, 2) just how much more serious could this be.
Nooooo, it can’t be Russia. But, but, but, Russia is our friend. Why are you so mean to Russia? They’ve never done anything to us. It’s all a conspiracy against the people’s republic of Russia…
Enlighten me, WHAT has Russia done to the US, apart from drawing a line related to CIA regime change policies in regions that should be none of US’ business ? It was the US of A that messed up the Middle East remember, even supporting terrorists to achieve their criminal objectives, not Russia, it was the US that organized a coup against the democratically elected president of Ukraine, not Russia. Russia merely defends its legitimate and absolutely righteous geopolitical interests.
All operating systems and software have holes in them. There is very little negative testing done on them even today. I do this for a living for embedded systems for new products. It is really easy to find ways to break into systems if you look long enough.
If it had been traced to Chinese hackers instead, would POTUS still be quiet?
If it had been traced back to anybody, we would know.
They don’t know, in fact they don’t even know if it is foreign, apparently.
Tell me. Are you that high up in the military/security forces to actually be in the know about this or are you just bullshitting?
Intel agencies have not delivered any evidence. That always means they don’t have the goods. Nothing concrete is being said. Everything is couched. You can tell a lot by what people are saying and not saying and how. They don’t know if any damage has been done, or how much data has been exfiltrated. NSA hasn’t said anything yet, and they clone all the data streams.
“citing anonymous sources” means completely worthless information
Is switching to online voting a horrible idea? Could it ever be done 100% securely, with confidence that the results are accurate?
With blockchain technology, secure online voting would be achievable . I think you will see it in other countries quite soon. Finland is leading the pack, last I checked.
Part of our problem is that we don’t have a national election. We have fifty separate state elections. Until we get past that, elections will be problematic.
Why should you. Most other countries have switched back to hand counting. To boost confidence. Every other country can count the votes the same night without problems. You don’t need computers, machines, or the internet.
Every other country doesn’t have 324 Million people.
Every other country doesn’t have their elections decided by a few key swing states.
Every other country doesn’t have incumbents who might benefit from a broken system that has been engineered over time to make some votes count more than others and to increase the likelihood of disenfranchising some voters completely.
Our voting system is archaic. When I mean archaic I am not talking about the Constitution but about the nuts-and-bolts methods of ensuring that voter fraud is eliminated. Both parties have been much too complacent in this area because both have used it to their advantage but that time must come to an end. Today it is impossible to gloss it over as before because there are cameras and eyes everywhere. If a government wants legitimacy it has to prove it. If a government doesn’t care about being legitimacy then we have a big problem.
The person in charge of election security this year said paper ballots were key to ensuring election security, and this makes sense. While paper is archaic, it is awfully hard to efficiently hack the system based on paper ballots.
Paper trail are also auditable. Unlike machine records which can be erased in seconds. Despite all the security talk notice that the SIM card in your phone is frequently used for multi-factor authentication of bank accounts etc and SIM cards are a physical entity
Yeah, a paper audit seems crucial, but that seems to defeat the purpose of online voting if you had to physically verify that the paper matches your vote.
Seems like the purpose of online voting would just be for cevenience of voting and counting. I think I recall a security expert saying something like “convenience comes at the cost of security”.
meanwhile…
And this is why I am firmly against digital fiat currencies.
With the biggest digital miners in China, yeah.
Digital fiat currencies will not be mined crypto. No way.
What is more fiat than a currency that changes value every day.
Crypto is all fiat currency…not backed by a government. So the answer to your question is “nothing”.
But the fact that crypto miners are to a large extent Chinese, and that decentralization is a farce (which is true) has little to do with sovereign cryptos or central bank cryptos….which I believe will end up looking more like XRP or Stellar or Cardano. No need for such a crypto to be mined…it serves no purpose.
If this had been open source software it never would have happened. People would have been up in arms about the unexplained commits. That’s why Linux is so rock solid.
Yes and no. Open source linux has weaknesses that can be exploited because incorrect stuff gets checked in all the time. Apple use to think they were superior until hackers started penetration testing on it. The FSB and GRU are fighting a cyberwar while we are stuck in the 20th century.
To get into the main distributions the commits need to be approved and than pulled into the main repository. That is the power of Git. Great name, as Linus Torvalds said, I always name software after myself.
We have a natural weakness in cyber for the US government. In order to work for them you need to get clearances including dumb ass polygraphs for the highest level positions. Who the heck with any talent is going to go throw that to make less money. It is falling over laughing stupid.
What stops multiple operatives contributing to an open source project for years and then one day merging eachothers’ bad code containing a hard-to-find vulnerability that they can then use as a zero day? My guess is it’d be fricking easy to pull of in a billion open source projects. There’s a constant stream of bugs and vulnerabilities getting committed to open source when we aren’t trying to do it.
bradw2k, any project of significance will have a community looking at all commits.
I guess that’s why there’s no more vulnerabilities in open source projects 🙂
FireEye and SolarWinds. Why do these company names sound like failed James Bond movie titles?
computer guys are geeks
I once joined a telcon and the previous meeting had gone over time. The project manager referred to me as “that geek” leading the integration team. He had no idea of what a complement that was.
compliment or supplement?
“They used computer infrastructure entirely located in the U.S.; and they gave their systems the same names used by real FireEye employee systems, an unusually adept tactic designed to further conceal the hackers’ presence.”
I’m a 65 year old man, and I can barely use a keyboard as my bad typing attests….but none of that seems all that diabolically clever, really. It sounds like Hacking 101.
First you have to break into FireEyes infrastructure. The steal the system names. Then perform a mock on the network so that it recognizes your machines as FireEyes. Not that simple.
Thanks Lance. Your comments on this thread are appreciated.
I am 67. Nice to see others in Mish’s generation here.
Yep. 101. But, to put this in context, read any number of satire articles on the progression from research paper to USA Today. It would be a miracle if a computer security event made it to USA Today without undergoing the same treatment.
We’re getting the USA Today story.
(Apologies to USA Today. I’m using their name like the general press uses the incantations, “Russian” or “hacker”.)
Microsoft hacked??? Must be some virus attacking their sh-tty OS. Need to vaccinate them off the face of the earth.
Gates is too busy peddling vaccines to ever have gotten around doing something about unvaccinated Windows systems the past 25 years.
Yup. Micro$soft should be purged from every single govt system and Linux, a real OS, used instead. But that will never happen, management’s main role is to make PowerPoints.
This all could very well be yet another well orchestrated ‘fake news’ story to deflect attention away from the inside job that is being carried out on the entire system. Just another excuse made palatable to the minions of software dependent geekage that blindly putter on as the uncertainty, shutdowns, and eventual shortages of everything continue. It’s the new logistics.
Hmmm–inside job by who? The whole system?
The lizard people cover their tracks well.
Better start sleeping in tin foil clothing and use no lights.
I find it quite interesting how TCS spreads into tech–“ooh, why do you think it was the Russians?”
“citing anonymous sources” means completely worthless information
Will DonaldTrump ever address the horrific Russian cyber attack on multiple U.S. agencies (including the Dept of Energy, Dept. of Defense, Dept. of Justice and Dept. of Homeland Security), or is he still busy trying to steal the election?
Effective use of a rhetorical question.
Nobody has any evidence who has done it.
Since the default answer to every question is Russia!, Trump would be wise to wait for actual evidence.
The hack was notice by Fireeye a private firm. The DHS was oblivious to it. The problem may have begun under Bush and Obama but the technology of espionage an counter-espionage is evolving so rapidly I have no doubt we lost a critical four years under Donald Trump attacking his own experts taske with guarding our secrets
It was discovered by FireEye because they were being used as the white hat that the hackers were impersonating. Do DHS sees the logs from FireEye computers and say “FireEye is doing what we hired them to do”. If FireEye hadn’t gotten hacked then the logs would have stood out like a sore thumb.
This problem has been going on for years. This is small change, under Obama the Chinese collected the data on every single person with a clearance, or who had applied for a clearance. I expect they’ve managed to recruit a huge number of spies from that. The best and most common way to hack a system is to have someone on the inside do it for you. That’s very hard to prevent, probably impossible after the China breach.
I honestly don’t know what the solution is, other than to have computer security for each govt agency and facility run by experts (usually academics) who answer to NO ONE within the agency and are paid top dollar. That will never happen.
Our President is ignorant of virtually every thing to do with technology (remember his sharpie “correction” of a weather map (who did that)?). Of course he has no idea how to respond. Part of his agenda was to remove the layer of people who understood the critical tasks of each agency (his definition of deep state), and put people in place who would do what he wanted, and no more. This is the type of incompetence that is being built in from the top down.
And while this cannot be laid directly at his feet, the lack of planned response is what can be laid at his feet. There has to be a very direct response that tells the perpetrators that they screwed up by messing with our systems.
Trump is more afraid of the so called deep state and the career diplomats and intelligence experts than he is of America’s adversaries. We now saw what may be the logical conclusion to all this. Some of this was foretol by Robet Mueller earlier. There have been warnings
“Our President is ignorant of virtually every thing to do with technology…”
You talkin’ about the President or President-elect? Seems to work both ways.
Although the President is a heck of a lot more cogent.
From someone who has spent his entire career developing software, this looks like an inside job done by an employee. Every source control software keeps track of who did what and when. They should be able to easily identify who changed the code and when it was done. Almost certainly done by someone not born in the US.
Better PR to blame Russian hackers than acknowledge that our software is being developed by foreigners and we have no idea what their political ties are.
Oh, there are no hackers working for foreign governments?
Oh, there are no foreign born nationals working as software developers for US firms?
Why sure there are foriegn nationals working for US firms. But that is such 20th century (Mission Impossible?) thinking that someone has to be physically on-site to do hacking.
It has nothing to do with physically being on site. It has to do with the issue involving source code being modified 4 years ago. The only believable way this happened is an employee did it 4 years ago. Someone checked out the file(s), modified them and then checked them back in. The code was likely part of countless builds since then. This not at all like normal malware.
Maybe the employee was Russian. I don’t know.
Keep up, the code was modified earlier this year….
umm, “routinely discarded by almost everyone”?
how many messages like this do people get? And routinely discard it? If the login was successful!?
If you don’t recognize the IP or time of the login, somebody has your password pure and simple. That’s flip out time, not “meh I’m going to get another donut” time.
And btw if it’s your email account, that means they have access to almost every other account you own because they very often use your email ONLY for password recovery. Ya I’m looking at you PayPal X(
A familiar response from our CIC…”He said he didn’t meddle. He said he didn’t meddle,” Trump told reporters from Air Force One. “I asked him again. You can only ask so many times. I just asked him again. He said he absolutely did not meddle in our election. He did not do what they are saying he did.”…
Asked whether or not he believed Putin’s denial, Trump replied: “Every time he sees me he says, ‘I didn’t do that,’ and I believe, I really believe that when he tells me that, he means it. But he says, ‘I didn’t do that.’ I think he is very insulted by it, which is not a good thing for our country.”
u.s. failed to follow its own reccomendations
The answer is part Russian skill, part federal government blind spot.
The Russians, whose operation was discovered this month by a cybersecurity firm that they hacked, were good. After initiating the hacks by corrupting patches of widely used network monitoring software, the hackers hid well, wiped away their tracks and communicated through IP addresses in the United States rather than ones in, say, Moscow, to minimize suspicions. The hackers also used novel bits of malicious code that apparently evaded the U.S. government’s multibillion-dollar detection system, Einstein, which focuses on finding new uses of known malware and detecting connections to parts of the Internet used in previous hacks.
But Einstein, operated by the Department of Homeland Security (DHS), was not equipped to find novel malware or Internet connections, despite a 2018 report from the Government Accountability Office suggesting that building such
capability might be a wise investment. Some private cybersecurity firms do this type of “hunting” for suspicious communications — maybe an IP address to which a server has never before connected — but Einstein does not.
“DHS spent billions of taxpayer dollars on cyber defenses and all it got in return was a lemon with a catchy name,” said Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee. “Despite warnings by government watchdogs, this administration failed to promptly deploy technology necessary to identify suspicious traffic and catch hackers using new tools and new servers.”
Because we just run for office here….actual governing is not a part of Trump’s job description.
Congressional outrage, explained below.
Harrumph, harrumph. We must do something immediately. Immediately!
I didn’t hear a harrumph out of you!
What makes you think Russia? Please give a single piece of technical evidence.
The NSA monitors all traffic and copies it. If this data was going anywhere, the NSA will have logs of all these traffic patterns and the content. So far, they’re no letting on to anything. If they tell us that they can’t reveal anything, to protect means and tradecraft, we know that there is another pile of BS somewhere.
Yup. A billion dollar piece of useless crap is exactly what you’d expect for DHS. There are three main problems:
This has worked out great for me. I have a good clearance and have nearly doubled my salary by job hopping over the last three years.
meanwhile Trump is threatening to veto a bill that woul strengten the u.s. deterrent to Russian hacking
Trump fired the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) first and only director and while the hack began under his watch Trump hasn’t acte to replace him nor shown that he valued the role. If anything Trump’s distrust of career officials and the deep state took priority over safeguarding national security.
Trump has been silent on this matter as well. He’s made no public statements and valued a personal relationship with Putin that has never advanced any American interest.
The timing could not be worse. John Ratcliffe is holding up a report on national security to congress because its too hard on Russia and not hard enough on China. Nobody in the administration seems to get the irony. Previous intelligence officials who have testified to Congress have said that while both China and Russia pose threats Russia is the the larger one when it comes to hacking and espionage.
It truly seems Trump has abdicated the presidency in favor of his own self-prescribed emotional care. His supporters cheer him on while he stands by allowing pillaging of our data and info security.
Many of Trump’s supporters are pro-dictatorship and distrust Democracy. An adversarial stance against Russia was expunge from the RNC platform probably at the direction of Donald Trump
That is the best case, other one has to ro with Manchuria.
“If anything Trump’s distrust of career officials and the deep state took priority over safeguarding national security.”
The administrative state bureaucracy unlawfully attempts (for 3 years) to have Trump removed and so he doesn’t trust them? Odd!!!
“[Trump has] made no public statements and valued a personal relationship with Putin that has never advanced any American interest.”
“Friends” don’t do this (i.e., lots of sanctions) to each other:
Let’s not jump to conclusions that this was the Russians, I personally do not believe anything I cannot verify personally reported from our alphabet soup of security agencies. I have not much fear of a country with about the GNP of Texas. The PRC however, just cost us untold trillions with their international misshandling of Covid, and are on a tragectory to make the US their bitch within the next 10-20 years mebbe sooner with all the panda huggers we have here in the US in positions of power. Coming from a career in IT myself this is unbelievable. We aways had concerns about the security of software update packages. Kudos to the tech that drove the uncovering of this.
Eh. I’ve worked for years with the Dept. of Homeland Security. It’s most useless government agency imaginable. If the Russians hacked it too bad for them. They wasted their time.