In September of 2016, on a Hofstra University debate stage, journalist Lester Holt asked presidential candidates Hillary Clinton and Donald Trump how they’d improve American cybersecurity. When it came Trump’s turn to answer, he let loose a torrent of barely connected ideas about “the cyber.” The stream of consciousness started with how many admirals had endorsed him, reiterated his long-running theme that no one could prove Russia had hacked the Democratic National Committee, noted cryptically that “we came in with an internet, we came up with the internet,” touched on ISIS “beating us at our own game,” and finally ended with these words:
“I have a son. He’s 10 years old. He has computers. He is so good with these computers, it’s unbelievable. The security aspect of cyber is very, very tough. And maybe it’s hardly do-able. But I will say, we are not doing the job we should be doing.”
In that moment, it became clear to cybersecurity professionals around the world that, should this man obtain the most powerful office in America, the next several years of politics were going to be very painful to listen to.
Indeed, while Trump has gained a deserved reputation as the most dishonest president in American history on a multitude of topics, few have inspired as much disinformation from him as “the cyber.” And no other issue, perhaps, has provided the confluence of factors to produce facepalming Trumpisms at such a high rate: complexity, ignorance of technical issues, and blatant conflicts of interest.
As Trump’s term—and his Twitter feed—come to a close, these are the abysmal cybersecurity assertions and quotes that will resonate for years to come.
The DNC Hacked Itself
Trump’s first major statement on cybersecurity as a presidential candidate was also one of his most absurd. In June 2016, The Washington Post broke the news that Russian hackers had penetrated the Democratic National Committee and stolen information that included the DNC’s opposition research files on Trump. Security firm CrowdStrike, which had been helping the DNC defend against and respond to the hackers, quickly attributed the breach to two Russian hacking groups known as Cozy Bear and Fancy Bear.
Yet within 24 hours, Trump had released a statement to the press with his own baseless analysis: “We believe it was the DNC that did the ‘hacking’ as a way to distract from the many issues facing their deeply flawed candidate and failed party leader.” He added another jab related to Clinton’s private email server, whose deleted messages were still being investigated by the FBI: “Too bad the DNC doesn’t hack Crooked Hillary’s 33,000 missing emails.” (These missing emails would become another leitmotif for Trump: He would later claim in a presidential debate and beyond that Clinton had “acid-washed” or “bleached” the emails to destroy them and hide them from investigators. In fact, her IT staff had used the open-source deletion tool BitBleach to delete her non-work-related emails from the server, months before the FBI asked her to preserve them.)
‘Russia, If You’re Listening’
Less than six weeks after accusing the DNC of hacking itself, Trump’s rhetoric swung in the opposite direction: He actively asked Russia to hack Hillary Clinton and leak her emails. “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you’ll be rewarded mightily by our press,” Trump said. “If Russia or China or any other country has those emails, to be honest with you, I’d love to see them.” Though Trump’s supporters and surrogates dismissed the remark as a joke, the statement carried serious implications in the midst of Russia’s hack-and-leak operation targeting the Democratic National Committee and the Clinton campaign. And it remained a bizarrely explicit public wish for the sort of collusion with Russian intelligence that Trump would proceed to deny for years to come. The investigation of FBI special counsel Robert Mueller would later show that Russian hackers had successfully phished Clinton campaign chairman John Podesta months earlier, tricking him into giving up his Gmail password, and were continuing to send phishing emails to Clinton aides even as Trump made his glib request for Russian hacking help.
The 400-Pound Hacker
Trump’s notorious debate answer on “the cyber” also included a new theory of who actually carried out the DNC hack, one that’s since come to represent every armchair detective’s unfounded skepticism of hacker forensics. “She’s saying Russia, Russia, Russia,” Trump said, referring to Clinton’s statements on the hack, based on evidence as glaring as Russian-language formatting error messages in the DNC’s leaked documents. “Maybe it was. It could also be China. It could be someone sitting on their bed that weighs 400 pounds.” The mythical 400-pound hacker has since become practically a meme among cybersecurity professionals pointing to lazy attribution. It also inspired a renewed discussion on body shaming.
Our Cybersecurity Partner, Putin
By July 2017, six months into his presidential term, Trump had no doubt received countless intelligence briefings confirming that Russia was responsible for the breaches of the DNC and Clinton campaign. After all, the Office of the Director of National Intelligence had published a statement in October of the previous year, backed by 17 intelligence agencies, pinning the blame on the Kremlin with “high confidence.” But Trump was still consulting his own source: Vladimir Putin. During a trip to the G-20 meeting in Hamburg, Germany, Trump says, he discussed the election interference campaign with Putin privately. His takeaway? “I said, ‘Did you do it?’ And he said ‘No, I did not. Absolutely not,’” Trump said in an interview with Reuters. “I then asked him a second time in a totally different way. He said absolutely not.” In another tweet following his meeting with Putin, Trump floated the Russian president’s suggestion that the US and Russia jointly form an “impenetrable Cyber Security unit” to prevent further election meddling. Former defense secretary Ash Carter compared the idea to “the guy who robbed your house proposing a working group on burglary.”
‘Ukraine … the Server … CrowdStrike?’
It’s one thing for Trump to have questioned who really hacked the DNC in public appearances, years after his own intelligence agencies gave him the answer—a kind of willful ignorance aimed at swaying public perceptions. But it’s quite another matter for Trump to have chased nonsensical theories about the DNC hack in private conversations, a sign that he may have drunk so deeply from the conspiracy Kool-Aid that he’d come to believe his own lies. That’s what was revealed in the transcript of a conversation Trump had in the summer of 2019 with Ukrainian president Volodymyr Zelensky: The phone call came to light because a whistle-blower heard Trump try to pressure Zelensky to open an investigation into the son of Trump’s political rival Joe Biden—the request that would eventually lead to Trump’s first impeachment. But the transcript of the call also captured Trump asking Zelensky vague questions about a CrowdStrike server in Ukraine, an element of a strange, false story about how CrowdStrike helped cover up what really happened inside the DNC’s network. “I would like you to find out what happened with this whole situation with Ukraine, they say CrowdStrike … I guess you have one of your wealthy people … The server, they say Ukraine has it. There are a lot of things that went on, the whole situation,” Trump said. Never mind that CrowdStrike is not a Ukrainian company. Or that no single server provided the full picture of the DNC breach. Or that the DNC shared a forensically preserved digital image of its systems with the FBI and CrowdStrike, not a physical server. Or that the FBI concluded that Russian agents had indeed hacked the network. The Zelensky call’s real revelation was that Trump will always live in his own alternative reality.
‘No One Gets Hacked’
Just days before the November 2020 presidential election, Trump took a moment at a campaign rally to mock C-Span political editor Steve Scully, who had been suspended from his position for falsely claiming that a tweet he sent was the work of a hacker. “Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15 percent of your password,” Trump said. Trump’s statements were followed by a report days later that his own Twitter feed had been hacked by a security researcher, reports which were confirmed in December. The same week as his “nobody gets hacked” claim, federal agencies unsealed an indictment against six hackers in Russia’s GRU military intelligence agency for five years of attacks that included the most destructive cyberattack in history, imposed new sanctions on the Moscow research institute responsible for a uniquely dangerous piece of malware, and issued a public warning about an ongoing hacking campaign believed to be carried out by the FSB.
A ‘Rigged’ Election
Both before, during, and after the November 2020 election that he soundly lost to Joe Biden, Trump railed repeatedly against all assurances of the security and cybersecurity of the 2020 election. Trump’s attacks on the election’s integrity were so nonstop—from the debate stage to his Twitter feed, making baseless claims of dead people voting, fake mail-in ballots, and glitchy or hacked voting machines—that it’s difficult to point to any single statement as the most egregious. In total, however, they may be the most damaging to American democracy of all his false statements about cybersecurity.