Trump Says ‘No Computer Is Safe’ And He’s Totally Right

Could the answer to all these people questioning why Trump’s and the RNC’s email wasn’t hacked simply be that Trump doesn’t use email and Hillary does? Could it be that simple?

President-elect Donald Trump told reporters Saturday that “no computer is safe.” He said it twice, actually, in context of casting doubt onto the U.S. intelligence community’s conclusions that Russia was behind the DNC email hacks.

Mr. Trump, who does not use email, also advised people to avoid computers when dealing with delicate material. “It’s very important, if you have something really important, write it out and have it delivered by courier, the old-fashioned way, because I’ll tell you what, no computer is safe,” Mr. Trump said.

“I don’t care what they say, no computer is safe,” he added. “I have a boy who’s 10 years old; he can do anything with a computer. You want something to really go without detection, write it out and have it sent by courier.”

In his usual hyperbole, Trump has touched on a truth well-known in cyber security circles.

“The only secure computer is one that’s unplugged, locked in a safe, and buried 20 feet under the ground in a secret location… and I’m not even too sure about that one”
— Dennis Huges, FBI.

And this from 2014, from the head of the FBI’s Pittsburgh Cyber Squad:

“Really, the only safe computer is one that’s turned off and unplugged from the Internet, and even that may not be safe,” [J. Keith] Mularski told an audience at Carnegie Mellon University on Monday evening as he and co-panelists Nicolas Christin, an information systems security expert in CMU’s Cylab, and Pittsburgh Tribune-Review investigative reporter Andrew Conte debated the pros and cons of an increasingly wired world.

Could the answer to all these people questioning why Trump’s and the RNC’s email wasn’t hacked simply be that Trump doesn’t use email and Hillary does? Could it be that simple?

I personally know this to be true, as someone who routinely dealt with classified and unclassified computer networks during my time as an Air Force contractor. The only way to be sure that no classified network traffic gets onto an unclassified network is to never plug the two things into the same device, ever. Not at the same time, and not unplugging one then plugging in the other.

And even then, with no access to things like USB thumbdrives, micro SD, or (God forbid) floppy drives or even CD-ROMs, there are ways for data to be surreptitiously moved in and out. I’m not going to tell you the ones I know, and I know better than to ask people who know for other ways I don’t know. But rest assured, there are ways.

There’s a reason the POTUS isn’t allowed to surf the web like we do (obviously there are ways for the president to get “online”) or use a smartphone. Any device directly used by POTUS becomes the world’s most desirable hacking trophy for very serious players (meaning governments). This is why I and others were so furious with Hillary Clinton for exposing the State Department to all manner of hackers, which led to a breach of the Executive Office of the President in 2014.

That hack was thought to have been carried out by the Russian government. The DNC and Clinton campaign email hack was much more parochial by cyber threat standards. The Clinton hack was a high-school “script kiddie” level phishing expedition that yielded John Podestas’s gmail password because of lax security by Clinton staffers.

The DNC hack was done through malware installed–again most likely by phishing expeditions on DNC workstations. Evidence pointing this at the Russian government is much more robust.

But some of the most compelling evidence linking the DNC breach to Russia was found at the beginning of July by Thomas Rid, a professor at King’s College in London, who discovered an identical command-and-control address hardcoded into the DNC malware that was also found on malware used to hack the German Parliament in 2015. According to German security officials, the malware originated from Russian military intelligence. An identical SSL certificate was also found in both breaches.

The evidence mounts from there. Traces of metadata in the document dump reveal various indications that they were translated into Cyrillic. Furthermore, while Guccifer 2.0 claimed to be from Romania, he was unable to chat with Motherboard journalists in coherent Romanian. Besides which, this sort of hacking wouldn’t exactly be outside of Russian norms.

So the Russians probably did the DNC hack. They may or may not have done the Clinton/Podesta hack, but let’s say there’s a good chance they did that one too. Trump’s argument about hacking is really laughable. I actually did laugh out loud when I read this quote:

He added: “And I know a lot about hacking. And hacking is a very hard thing to prove. So it could be somebody else. And I also know things that other people don’t know, and so they cannot be sure of the situation.”

Once the hack evidence has been found, it’s not really that hard to prove (that there’s been a hack and what kind). As for connecting the person behind the keyboard, or “command and control” where the data is ultimately harvested, it’s a bit harder, but it helps when there are other examples of the same address being used in the wild. As I’ve touched on before, our cyber spies probably know a whole lot more than will ever be told. It’s far more important to them to protect sources and methods than to provide a legal case against these hackers.

As Erick noted, hacking the DNC is not the same as hacking the election. Exposing Hillary’s dirty laundry while not exposing Trump’s (and plenty of Trump’s has been exposed) isn’t evidence of government-grade cyber warfare. It’s interesting that President Obama agreed with this on December 16.

I just received a couple weeks back — it wasn’t widely reported on — a report from our cybersecurity commission that outlines a whole range of strategies to do a better job on this.  But it’s difficult, because it’s not all housed — the target of cyberattacks is not one entity but it’s widely dispersed, and a lot of it is private, like the DNC.  It’s not a branch of government.  We can’t tell people what to do.  What we can do is inform them, get best practices.

But the Russians (and Chinese, and others) are very capable of striking at the heart of our government. Protecting the DNC, or the RNC, or any independent campaign is not a function of the U.S. government. Protecting our secrets is very much a priority, again, as President Obama said about one minute later:

And my approach is not a situation in which everybody is worse off because folks are constantly attacking each other back and forth, but putting some guardrails around the behavior of nation-states, including our adversaries, just so that they understand that whatever they do to us we can potentially do to them.

Obama continued:

That does not mean that we are not going to respond.  It simply meant that we had a set of priorities leading up to the election that were of the utmost importance.  Our goal continues to be to send a clear message to Russia or others not to do this to us, because we can do stuff to you.

About the response: Sometime last week, Obama changed his mind about “attacking each other back and forth” when he slapped a glove across Putin’s face by throwing out some of their spies (because of the DNC hacks)–a petty move aimed more at Trump than Russia. Putin didn’t return the favor, to highlight the pettiness of Obama’s play.

The real “stuff” we can do to the Russians is far worse than closing a couple of guest houses used by spies in Maryland and New York. In the end, I suspect the Russians (and Putin) play by the same rules Trump does. They just don’t use email for sensitive communications, which means there’s not much we can expose without going really deep into intelligence gathering methods and sources–which hurts America.

I think Trump needs to be much firmer with Russia, and stop apologizing for a nation and its dictator who clearly would love to influence America against our own interests and in favor of theirs. But Trump is also absolutely right that any computer connected to the Internet is simply unsafe–if a determined enough hacker (or government) wants to crack it. This is why we have the best cyber sleuths in the world working on our side.

The best solution, however, is to do what Trump does and mostly remain a Luddite who dictates tweets to his staff, hand writes notes with a Sharpie, and sends a limo to pick up his doctor to write a one-page memo.

About the author

Steve Berman

The old Steve cared about money, prestige, and power. Then Christ found me. All at once things changed. But the Holy Spirit produces this kind of fruit in our lives: love, joy, peace, patience, kindness, goodness, faithfulness, gentleness, and self-control. There is no law against these things!

I spent 30 years in business. Now I write and edit. But mostly I love. I have a wife and 2 kids and a dog and we live in a little house in central Georgia.

View all posts