In September of 2016, on a Hofstra University debate stage, journalist Lester Holt asked presidential candidates Hillary Clinton and Donald Trump how they'd improve American cybersecurity. When it came Trump's turn to answer, he let loose a torrent of barely connected ideas about "the cyber." The stream of consciousness started with how many admirals had endorsed him, reiterated his long-running theme that no one could prove Russia had hacked the Democratic National Committee, noted cryptically that "we came in with an internet, we came up with the internet," touched on ISIS "beating us at our own game," and finally ended with these words:
"I have a son. He's 10 years old. He has computers. He is so good with these computers, it's unbelievable. The security aspect of cyber is very, very tough. And maybe it's hardly do-able. But I will say, we are not doing the job we should be doing."
In that moment, it became clear to cybersecurity professionals around the world that, should this man obtain the most powerful office in America, the next several years of politics were going to be very painful to listen to.
Indeed, while Trump has gained a deserved reputation as the most dishonest president in American history on a multitude of topics, few have inspired as much disinformation from him as “the cyber.” And no other issue, perhaps, has provided the confluence of factors to produce facepalming Trumpisms at such a high rate: complexity, ignorance of technical issues, and blatant conflicts of interest.
As Trump's term—and his Twitter feed—come to a close, these are the abysmal cybersecurity assertions and quotes that will resonate for years to come.
Trump's first major statement on cybersecurity as a presidential candidate was also one of his most absurd. In June 2016, The Washington Post broke the news that Russian hackers had penetrated the Democratic National Committee and stolen information that included the DNC's opposition research files on Trump. Security firm CrowdStrike, which had been helping the DNC defend against and respond to the hackers, quickly attributed the breach to two Russian hacking groups known as Cozy Bear and Fancy Bear.
Yet within 24 hours, Trump had released a statement to the press with his own baseless analysis: "We believe it was the DNC that did the ‘hacking’ as a way to distract from the many issues facing their deeply flawed candidate and failed party leader." He added another jab related to Clinton's private email server, whose deleted messages were still being investigated by the FBI: "Too bad the DNC doesn’t hack Crooked Hillary’s 33,000 missing emails.” (These missing emails would become another leitmotif for Trump: He would later claim in a presidential debate and beyond that Clinton had "acid-washed" or "bleached" the emails to destroy them and hide them from investigators. In fact, her IT staff had used the open-source deletion tool BitBleach to delete her non-work-related emails from the server, months before the FBI asked her to preserve them.)
Less than six weeks after accusing the DNC of hacking itself, Trump's rhetoric swung in the opposite direction: He actively asked Russia to hack Hillary Clinton and leak her emails. "Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing. I think you'll be rewarded mightily by our press," Trump said. "If Russia or China or any other country has those emails, to be honest with you, I’d love to see them." Though Trump's supporters and surrogates dismissed the remark as a joke, the statement carried serious implications in the midst of Russia's hack-and-leak operation targeting the Democratic National Committee and the Clinton campaign. And it remained a bizarrely explicit public wish for the sort of collusion with Russian intelligence that Trump would proceed to deny for years to come. The investigation of FBI special counsel Robert Mueller would later show that Russian hackers had successfully phished Clinton campaign chairman John Podesta months earlier, tricking him into giving up his Gmail password, and were continuing to send phishing emails to Clinton aides even as Trump made his glib request for Russian hacking help.
Trump's notorious debate answer on "the cyber" also included a new theory of who actually carried out the DNC hack, one that's since come to represent every armchair detective's unfounded skepticism of hacker forensics. "She's saying Russia, Russia, Russia," Trump said, referring to Clinton's statements on the hack, based on evidence as glaring as Russian-language formatting error messages in the DNC's leaked documents. "Maybe it was. It could also be China. It could be someone sitting on their bed that weighs 400 pounds." The mythical 400-pound hacker has since become practically a meme among cybersecurity professionals pointing to lazy attribution. It also inspired a renewed discussion on body shaming.
By July 2017, six months into his presidential term, Trump had no doubt received countless intelligence briefings confirming that Russia was responsible for the breaches of the DNC and Clinton campaign. After all, the Office of the Director of National Intelligence had published a statement in October of the previous year, backed by 17 intelligence agencies, pinning the blame on the Kremlin with "high confidence." But Trump was still consulting his own source: Vladimir Putin. During a trip to the G-20 meeting in Hamburg, Germany, Trump says, he discussed the election interference campaign with Putin privately. His takeaway? “I said, ‘Did you do it?’ And he said ‘No, I did not. Absolutely not,’” Trump said in an interview with Reuters. “I then asked him a second time in a totally different way. He said absolutely not.” In another tweet following his meeting with Putin, Trump floated the Russian president's suggestion that the US and Russia jointly form an "impenetrable Cyber Security unit" to prevent further election meddling. Former defense secretary Ash Carter compared the idea to "the guy who robbed your house proposing a working group on burglary.”
It's one thing for Trump to have questioned who really hacked the DNC in public appearances, years after his own intelligence agencies gave him the answer—a kind of willful ignorance aimed at swaying public perceptions. But it's quite another matter for Trump to have chased nonsensical theories about the DNC hack in private conversations, a sign that he may have drunk so deeply from the conspiracy Kool-Aid that he'd come to believe his own lies. That's what was revealed in the transcript of a conversation Trump had in the summer of 2019 with Ukrainian president Volodymyr Zelensky: The phone call came to light because a whistle-blower heard Trump try to pressure Zelensky to open an investigation into the son of Trump's political rival Joe Biden—the request that would eventually lead to Trump's first impeachment. But the transcript of the call also captured Trump asking Zelensky vague questions about a CrowdStrike server in Ukraine, an element of a strange, false story about how CrowdStrike helped cover up what really happened inside the DNC's network. "I would like you to find out what happened with this whole situation with Ukraine, they say CrowdStrike … I guess you have one of your wealthy people … The server, they say Ukraine has it. There are a lot of things that went on, the whole situation," Trump said. Never mind that CrowdStrike is not a Ukrainian company. Or that no single server provided the full picture of the DNC breach. Or that the DNC shared a forensically preserved digital image of its systems with the FBI and CrowdStrike, not a physical server. Or that the FBI concluded that Russian agents had indeed hacked the network. The Zelensky call's real revelation was that Trump will always live in his own alternative reality.
Just days before the November 2020 presidential election, Trump took a moment at a campaign rally to mock C-Span political editor Steve Scully, who had been suspended from his position for falsely claiming that a tweet he sent was the work of a hacker. “Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15 percent of your password,” Trump said. Trump's statements were followed by a report days later that his own Twitter feed had been hacked by a security researcher, reports which were confirmed in December. The same week as his "nobody gets hacked" claim, federal agencies unsealed an indictment against six hackers in Russia's GRU military intelligence agency for five years of attacks that included the most destructive cyberattack in history, imposed new sanctions on the Moscow research institute responsible for a uniquely dangerous piece of malware, and issued a public warning about an ongoing hacking campaign believed to be carried out by the FSB.
Both before, during, and after the November 2020 election that he soundly lost to Joe Biden, Trump railed repeatedly against all assurances of the security and cybersecurity of the 2020 election. Trump's attacks on the election's integrity were so nonstop—from the debate stage to his Twitter feed, making baseless claims of dead people voting, fake mail-in ballots, and glitchy or hacked voting machines—that it's difficult to point to any single statement as the most egregious. In total, however, they may be the most damaging to American democracy of all his false statements about cybersecurity.
None of those claims was backed up with any evidence of fraud. Instead, a group of election security experts and officials, including the Trump administration's own Cybersecurity and Infrastructure Security Agency, issued a statement calling the 2020 election “the most secure in American history." Even then-attorney general William Barr, a Trump loyalist, told the Associated Press that “to date, we have not seen fraud on a scale that could have effected a different outcome in the election."
In the midst of Trump's rigged election tirades, the most head-scratching moment for the cybersecurity community was, perhaps, a message with no words at all. After falsely claiming in earlier tweets that voting machines made by Dominion Voting had deleted 27 million votes, Trump tweeted a video from the 2019 Defcon hacker conference. The news footage, shot at the Las Vegas event's voting-machine hacking village, showed security researchers demonstrating numerous security vulnerabilities. Organizers of the event and dozens of other election security experts responded by signing on to a statement denouncing Trump's claims of any election rigging or hacking. While the Defcon event had in fact demonstrated vulnerabilities in voting machines, they pointed out that there was no evidence those vulnerabilities had been exploited. In fact, evidence of those vulnerabilities had helped bolster efforts to safeguard elections against hacking, such as with audits and recounts of paper ballots.
"We are aware of alarming assertions being made that the 2020 election was 'rigged' by exploiting technical vulnerabilities," the statement read. “However, in every case of which we are aware, these claims either have been unsubstantiated or are technically incoherent. To our collective knowledge, no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise.”
The day after that statement was published, Trump summarily fired CISA head Chris Krebs in a pair of tweets. "The recent statement by Chris Krebs on the security of the 2020 Election was highly inaccurate," they began. "Therefore, effectively immediately, Chris Krebs has been terminated as the director of the Cybersecurity and Infrastructure Security Agency." The tweets also included a rehashed greatest hits of several of Trump's debunked electoral fraud falsehoods. But Trump's decision to fire the official widely credited with protecting the 2020 election from foreign interference deeply unnerved many in the cybersecurity world.
In mid-December, the massive breach of SolarWinds and an untold number of its customers—including at least half a dozen federal agencies—came to light. Officials with access to classified intelligence about the breach, including members of Congress, Attorney General Barr, and Secretary of State Michael Pompeo all attributed the attack to Russia, recognized the gravity of the cybersecurity crisis, and vowed some sort of response. After days of silence on the issue, Trump finally used the opportunity to divert blame from Russia and rehash claims of election fraud:
“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” Trump tweeted. The "Lamestream" media, he added, are "petrified of discussing the possibility that it may be China (it may!)" He ended by suggesting that the hack, which he had just called insignificant, might have affected the results of the election which he had just "won big, making it even more of a corrupted embarrassment for the USA."
That final, news-making tweet about cybersecurity issues from Trump's Twitter feed, just a few weeks before his account was permanently suspended, managed to inject disinformation into the election outcome, cloud a complicated national issue, provide cover for Russia, and contradict itself all at once. After four years, we would expect nothing less.
- 📩 Want the latest on tech, science, and more? Sign up for our newsletters!
- The self-driving chaos of the 2004 Darpa Grand Challenge
- The right way to hook your laptop up to a TV
- The oldest crewed deep sea submarine gets a big makeover
- The best pop culture that got us through a long year
- Hold everything: Stormtroopers have discovered tactics
- 🎮 WIRED Games: Get the latest tips, reviews, and more
- 🎧 Things not sounding right? Check out our favorite wireless headphones, soundbars, and Bluetooth speakers
