The Apprentice: Trump, Russia and the Subversion of American Democracy. Greg Miller
on Benghazi—with a deep budget, broad authority, and cynical mission that was inadvertently revealed long afterward by one of its architects.
“Everybody thought Hillary Clinton was unbeatable, right?” House majority leader Kevin McCarthy, a California Republican, said in a Fox News interview in September 2015 as the presidential campaign was heating up.1 “But we put together a Benghazi special committee, a select committee. What are her numbers today? Her numbers are dropping. Why? Because she’s untrustable. But no one would have known any of that had happened, had we not fought.”
The Benghazi committee was by no means the first to politicize a catastrophic event overseas, but the effectiveness with which it did so altered the dynamic in Washington. The name of the coastal Libyan city became a political shorthand—like Watergate or Whitewater—for a scandal that Clinton couldn’t shake. But it wasn’t any particular decision she had made about State Department personnel or facilities in Benghazi that proved most politically damaging. Instead it was the committee’s discovery as it assembled documents that Clinton had used a private email server while serving as secretary, and that the department had only a portion of her official correspondence.
Russia undoubtedly took note of this dynamic as it mounted its election interference campaign. And many of the partisan impulses that were sharpened by the Benghazi experience would resurface in 2016, impeding the United States’ ability to deliver a united response.
Clinton’s use of a nongovernment email server—@clinton email.com—had first been revealed in 2013 by a Romanian hacker who went by the name Guccifer. But the committee zealously dug further into the matter. Led by South Carolina Republican and former federal prosecutor Trey Gowdy, the panel noticed that messages to and from the secretary were being routed not through classified State Department systems but rather a server in the basement of the Clintons’ home in Chappaqua, New York.
Under congressional pressure, the State Department sent letters to Clinton and her predecessors asking them to produce any work emails still in their possession. (Former secretary of state Colin Powell had also used a private email account.) In December 2014, Clinton’s lawyers arrived at the department with twelve boxes filled with hard copies of more than thirty thousand messages. But she withheld another thirty-one thousand, insisting that while they were stored on her system they pertained to personal matters, including her daughter’s upcoming wedding and mother’s funeral, and were “not related in any way to my job as Secretary of State.” Having concluded this, she had then erased the emails she deemed personal.2
It was a decision that played straight into decades-long depictions of Clinton as secretive and duplicitous when it came to concealing the family’s alleged misdeeds. The committee was, reasonably, outraged that she had deleted a massive stockpile of messages without allowing any outsider to review what was being destroyed.
The controversy remained under wraps until The New York Times broke the story several months later, on March 2, saying Clinton’s use of private email “may have violated federal requirements that officials’ correspondence be retained,” and reignited lingering concerns about the Clintons’ “lack of transparency and inclination toward secrecy.” Immediately, the Clinton campaign was on its heels.
A week later, in a tense press conference, Clinton said that in using her private email address she had “opted for convenience,” and acknowledged that “it would have been better if I’d simply used a second email account.” Republicans rushed forward with sinister interpretations, implying that she was hiding incriminating messages about Benghazi or other scandals. The panel issued a subpoena for all of her communications, hoping to stave off any further email destruction. At the same time, the State Department came under court order to start publicly releasing batches of Clinton emails after they had been internally reviewed. The result was a disaster for Clinton—monthly dumps for the media to sift through, generating a seemingly endless stream of stories on the very issue that Trump and Putin would come to see as one of her most acute vulnerabilities.
State Department investigators subsequently determined that “classified information may exist on at least one private server and thumb drive that are not in the government’s possession.” Because some of the sensitive information in the emails belonged not to State but to spy agencies, the inspector general for the entire intelligence community examined a sample of forty Clinton emails and found that at least four contained classified material. He then relayed that finding to the Justice Department. The fallout from that referral would be devastating to her chances of becoming president.
IN THE SPRING OF 2016, NEARLY A YEAR AFTER THE DUTCH HAD ALERTED Washington to the penetration of the DNC, a second wave of Russian hackers converged on Clinton-related targets. These new intruders were working not for Russia’s foreign intelligence service, but its military spy agency: the Main Intelligence Directorate of the General Staff, otherwise known as the “GRU.” Long seen as inferior to other Russian services, the GRU had invested heavily in cyber capabilities and had raised its standing in the Kremlin through one successful hacking operation in particular.
The head of the Russian military, General Valery Gerasimov, had delivered an address in 2013 that American spies studied closely.3 Reprinted in a Russian publication called the Military-Industrial Courier, the speech spoke of a new era of hybrid warfare, one in which “the role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons.” The GRU had tested this theory in Ukraine in 2014, where it used a series of cyberattacks to shut down telecommunications systems, disable websites, and jam the cell phones of Ukrainian officials before Russian forces entered the Crimean peninsula.
After the Russian military had seized control of key Crimean facilities, GRU turned its information warfare troops loose to rally public support among Crimea’s largely ethnic Russian population to break with Ukraine and support annexation by Moscow. To do so, GRU psyops teams blitzed social media platforms, including Facebook and the Russian-language social network VKontakte, with fake personas and pro-Russian propaganda. In one week alone GRU cyber teams targeted dozens of Ukrainian activist groups, hubs of protesters on social media, and English-language publications, sowing confusion and creating the impression of a groundswell of support for Russian intervention.
Three years later, the GRU joined the Putin-ordered operation to damage or defeat Clinton. Working out of a building on Komsomolsky Prospekt in Moscow, a GRU cyber-operative named Aleksey Lukashev sent a spearphishing email to Clinton campaign chairman John Podesta on March 19, 2016. Lukashev had used a popular online service for shortening website addresses to help mask his baited missive and make it look like a legitimate security notification from Google. The breach was enabled when one of Podesta’s aides saw a supposed security warning from Google and had asked a computer technician to evaluate it. “This is a legitimate email,” the technician wrote. “John needs to change his password immediately.” With the ensuing mouse click, Russia gained access to a trove of messages stored on Podesta’s account.12 Within two days, Lukashev and his GRU unit had made off with more than 50,000 emails.
Lukashev was part of a GRU hacking group designated by its unit number, 26165. That same month, the hackers began probing the DNC network for gaps in defenses, seemingly oblivious to the fact that another Russian intelligence service was already rummaging through the files. U.S. spies said it was not uncommon for Putin to unleash separate agencies on the same target. In April, the Russian unit found an indirect route into the DNC system, stealing the computer credentials of an employee at a sister organization, the Democratic Congressional Campaign Committee, which occupied the same office and worked to help elect congressional candidates. Another spearphishing operation did the trick, luring the DCCC employee into clicking a link that effectively gave the GRU the keys into the network.
Once inside, Lukashev’s group installed a program known as X-Agent malware on at least ten DCCC machines, enabling them to steal passwords and data from other employees, and even monitor their keystrokes and take photos of their computer screens as they typed away unsuspectingly. The hackers tried to hide their tracks by transmitting the pilfered information to a server the GRU had leased in Arizona (paid for not with rubles or dollars but with bitcoin cryptocurrency).