The Brits Told Us the Russians Were Hacking Our Election
To the British eavesdroppers who uncovered Russia’s hack of Democratic headquarters, it looked like Watergate all over again. But no one in the U.S. seemed to care.
Russia talk is FAKE NEWS put out by the Dems, and played up by the media, in order to mask the big election defeat and the illegal leaks!
—@realDonaldTrump, February 26, 2017
I never said Russia did not meddle in the election, I said “it may be Russia, or China or another country or group, or it may be a 400 pound genius sitting in bed and playing with his computer.” The Russian “ hoax” was that the Trump campaign colluded with Russia—it never did!
—@realDonaldTrump, February 18, 2018
In the spring of 2016, Robert Hannigan was eighteen months into his job as director of GCHQ—Britain’s equivalent to the NSA— and he was getting accustomed to the rituals of the job. His past service to the government had been radically different: seeking peace in Northern Ireland under Prime Minister Tony Blair and adjudicating among bitterly competing British intelligence agencies at 10 Downing Street. But then he had been sent to one of those agencies, the Government Communications Headquarters, the blandly named bureaucracy that was still living off its reputation as the agency of brilliant oddballs who had cracked the German codes with the Enigma machine during World War II and saved Britain.
Hannigan’s job was to bring GCHQ into the 21st century, the century of cyber conflict. Past heads of GCHQ barely communicated with the public, but on his first day on the job Hannigan took a direct shot at Silicon Valley firms in a column in the Financial Times. “However much they may dislike it,” he wrote, “they have become the command-and-control networks of choice for terrorists and criminals,” and must learn how to cooperate with the intelligence agencies of the Western democracies. Yet once he settled into the job, he found a player who worried him more than Facebook and Google: Vladimir Putin.
Hannigan thought Putin was causing a “disproportionate amount of mayhem in cyberspace.” His staff of thousands of code breakers, signal-intelligence officers, and cyber defenders had soon learned to place the raw evidence of that mayhem atop the pile of intelligence they brought him each day, culled from their own piles of intercepted computer messages and phone calls.
On this particular day, around Easter in 2016, a series of messages plucked out of the Russian networks stood out.
In the inartful terminology of the digital world, it was mostly “metadata,” Hannigan’s staff told him. To Hannigan’s frustration, he could not see its actual content. But it was clear that the traffic was controlled by one of Russia’s premier intelligence agencies, the GRU, the aggressive military intelligence unit whose activities GCHQ tried to monitor around the clock.
What struck Hannigan, though, was where the messages appeared to have originated: the computer servers of the Democratic National Committee.
When Hannigan sorted through the message traffic, pausing to examine what would turn out to be a historic intelligence intercept, he was deep inside “The Doughnut,” the Brits’ affectionate name for the bizarre, round Cheltenham headquarters of GCHQ. From the air, the building actually looked more like a spaceship, as if aliens had decided to drop in on the quaint pubs of the Cotswolds: Stow-on-the-Wold and Bourton-on-the-Water, the Shakespearean-era villages just down the road. The Doughnut’s design was very Silicon Valley; once inside the secure zone, everyone worked in the open, cross-pollinating ideas.
Of the thousands of communications GCHQ intercepted every week or so, more and more from Russia were pulled out and placed atop the daily pile on Hannigan’s desk. Like the CIA and NSA, British intelligence agencies had been surprised by the speed and stealth of Putin’s annexation of Crimea in 2014. NATO nations were worried enough about stepped-up Russian bomber and submarine runs along the European coast—something they had not seen since Soviet days— that they had to devote more resources to tracking them all.
“We had gotten pretty complacent about Russia,” one of Hannigan’s national security colleagues told me. “There was still this over-hang from the ’90s that somehow the Russians would come to their senses and join the West and become our economic partners. Even when they attacked Georgia in 2008, people shrugged it off. It took a long time for reality to set in.”
The Baltic states on Russia’s edge now appeared, in the British official’s words, a “vulnerable gray zone” that Putin would seek to destabilize. Soon after arriving at GCHQ at the end of 2014, Hannigan began pressing for more intercepts, more “implants” in the networks to which Britain had unique access, one of the last benefits of a dismantled British Empire. Every day came a torrent of new material: messages fleshing out Russia’s support for the Syrian government of Bashar al-Assad, its maneuvers off Finland, its submarine runs.
To Hannigan, it was all new and fascinating. His background wasn’t in intelligence; it was in the intersection of politics and national security. At first glance, he was easily mistaken for the very model of the polished British bureaucrat: buttoned down, with the perfect pedigree for a job that was all about discretion. To one of his aides inside the Doughnut, Hannigan’s best attribute was a “puckish sense of humor about the ridiculousness of much of what we do in the intelligence business.”
Though Hannigan was no intelligence professional, he was put atop GCHQ because David Cameron, the prime minister, had come to rely on his judgment after years at 10 Downing Street. Already, Hannigan had broken a lot of china at the hidebound and overly secretive agency. The agency was born after World War I as the “Government Code and Cypher School,” which pretty well defined its role in the 20th century. Hannigan was born twenty years after World War II had ended, and it was his job to push GCHQ to figure out its role in the cyber age. It had survived since the glory days of Enigma at Bletchley Park, decoding messages and intercepting calls, but in a new era when defense and offense had blended, merely intercepting conversations was not enough.
So Hannigan began reorganizing GCHQ’s structure and moving it beyond its roots in signals intelligence. He realized that, like the NSA, GCHQ needed to up its game in cyber skills—specifically “network exploitation” and “network attack.” Month by month, Hannigan tried to push the agency into the future. On his watch, GCHQ scraped ISIS recruiting messages off their servers around the world. Hannigan particularly enjoyed seeing transcripts of ISIS cyber lieutenants fuming that they could not get into their own recruiting and communications channels.
Cheltenham, on the edge of the Cotswolds, is a place of splendid isolation, and with his family remaining in London, Hannigan had plenty of time to dig deep on the Russia intercepts. The one containing DNC data was a particular mystery.
“It didn’t tell us much,” he recalled. “It told us there was an intrusion, and something had been taken out of the committee. But I had no way of knowing what.”
As Hannigan looked at the intercepted Russian communications from the DNC, it was his sense of history that made them stand out. He was only seven years old when the Watergate scandal broke, barely aware of the headlines from across the Atlantic. But he had become enough of a student of history and politics at university to immediately grasp the import of what the Russians seemed to be doing. “The DNC meant something to me,” he said. “And it was an odd target.”
It was unclear what they were looking for. The DNC wasn’t a place to get military secrets, or even much policy. It was essentially a place to redistribute cash to campaigns. The goal was a mystery.
Hannigan thought his American counterparts needed to see these intercepts, and fast. He looked at them once more and asked his staff to be sure to flag them for the National Security Agency. This shouldn’t get lost in the daily pile, he told them. This was sensitive stuff, and his American counterpart, Admiral Rogers, and his colleagues at the NSA, needed to know about it.
A few weeks later, Hannigan recalled, he received an acknowledgment “from someone senior” on Rogers’s NSA staff. They appreciated the heads-up.
It was the last he heard from them about it.
Reprinted from THE PERFECT WEAPON: War, Sabotage, and Fear in the Cyber Age Copyright © 2018 by David E. Sanger. Published by Crown, an imprint of Penguin Random House LLC.