WASHINGTON -- Contradicting his secretary of state and other top officials, President Donald Trump on Saturday suggested that China -- not Russia -- may be behind the cyberattack against the United States and tried to minimize its impact.
In his first comments on the breach, Trump scoffed at the focus on the Kremlin and downplayed the intrusions, which the nation's cybersecurity agency has warned posed a "grave" risk to government and private networks.
"The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control," Trump tweeted. He also claimed the media are "petrified" of "discussing the possibility that it may be China (it may!)."
There is no evidence to suggest that is the case. Secretary of State Mike Pompeo said late Friday that Russia was "pretty clearly" behind the cyberattack.
"This was a very significant effort and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity," Pompeo said in a radio interview.
Officials at the White House had been prepared to put out a statement Friday that accused Russia of being "the main actor" in the hack, but were told at the last minute to hold up, according to a U.S. official familiar with the conversations who spoke on condition of anonymity to discuss private deliberations.
It is not clear whether Pompeo got that message, but officials are now scrambling to figure out how to square the disparate accounts. The White House did not immediately respond to questions about the statement or the basis of Trump's claims. The State Department also did not respond to questions about Pompeo's remarks.
Throughout his presidency, Trump has refused to blame Russia or President Vladimir Putin for well-documented hostilities, including its interference in the 2016 election to help him get elected. He blamed his predecessor, Barack Obama, for Russia's annexation of Crimea, has endorsed allowing Russia to return to the G-7 group of nations, and has never taken the country to task for allegedly putting bounties on U.S. soldiers in Afghanistan.
On Saturday, Trump suggested that the real issue in the hacking incident was whether the election results had been compromised.
"There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big," he wrote on Twitter, tagging Pompeo. Twitter flagged Trump's assertion, saying that "multiple sources called this election differently."
With 30 days left in office, Trump's dismissive statements made clear there would be no serious effort by his administration to punish Russia for the hack, and national security officials say they are all but certain to hand off the fallout and response to President-elect Joe Biden.
In the midst of a pandemic, Biden will inherit a government so laced with electronic tunnels bored by Russian intelligence agencies that it may be months or even years before he can trust the systems that run much of Washington.
And in his first days in office, even as he has to deal with Russia on arms control and other issues, he will have to confront a quandary that has confounded his predecessors for a quarter-century: Retaliation for cyber intrusions often results in escalation.
However, Biden has signaled that he will not let the intrusion, whose full extent is not yet known, go unanswered.
"A good defense isn't enough," Biden said Thursday, vowing to impose "substantial costs on those responsible for such malicious attacks."
Pompeo said the government was still "unpacking" the cyberattack and some of it was likely to remain classified.
"But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems and it now appears systems of private companies and companies and governments across the world as well," he said.
Though Pompeo was the first Trump administration official to publicly blame Russia for the attacks, cybersecurity experts and other U.S. officials have been clear over the past week that the operation appears to be the work of Russia. There has been no credible suggestion that any other country -- including China -- is responsible.
'GOT INTO EVERYTHING'
The Democratic leaders of four House committees given classified briefings by the administration also have affirmed publicly that Russia was behind it -- and complained that they "were left with more questions than answers."
"Administration officials were unwilling to share the full scope of the breach and identities of the victims," they said.
It's not clear exactly what the hackers were seeking, but experts say it could include nuclear secrets, blueprints for advanced weaponry, covid-19 vaccine-related research and information for dossiers on government and industry leaders.
Russia has said it had "nothing to do" with the hacking.
While Trump downplayed the impact of the hacks, the Cybersecurity and Infrastructure Security Agency has said that the intrusion compromised federal agencies as well as "critical infrastructure." Homeland Security, the agency's parent department, defines such infrastructure as any "vital" assets to the U.S. or its economy, a broad category that could include power plants and financial institutions.
One U.S. official, speaking Thursday on condition of anonymity to discuss a matter that is under investigation, described the hack as severe and extremely damaging.
"This is looking like it's the worst hacking case in the history of America," the official said. "They got into everything."
Deputy White House press secretary Brian Morgenstern on Friday declined to discuss the matter, but told reporters that national security adviser Robert O'Brien had sometimes been leading several daily meetings with the FBI, the Department of Homeland Security and the intelligence agencies, looking for ways to mitigate the hack.
"Rest assured we have the best and brightest working hard on it each and every single day," he said.
Pompeo said Russia was on the list of "folks that want to undermine our way of life, our republic, our basic democratic principles. ... You see the news of the day with respect to their efforts in the cyberspace. We've seen this for an awfully long time, using asymmetric capabilities to try and put themselves in a place where they can impose costs on the United States."
Trump's comments Saturday reflect a long-running disregard for the facts and his disinterest in what he calls "the cyber," analysts and former aides said.
"Starting with Trump's very first meeting with Putin to today's tweets, we've seen an almost unbreakable pattern of denying the obvious about Russia's misdeeds while carrying water for the Kremlin," said Andrew Weiss, a Russia expert and vice president for studies at the Carnegie Endowment for International Peace. "Trump's comments are totally divorced from reality."
Gregory Treverton, former chairman of the National Intelligence Council, the government's senior-most provider of intelligence analysis, said Trump "behaves so much like a paid Russian agent."
"If you look at the string of his actions and pronouncement," Treverton said, "the only consistent interpretation that you can logically draw is that he's in their thrall."
Russia's Foreign Intelligence Service waged a widespread cyberespionage campaign in 2014-15 that ensnared the State Department, Pentagon Joint Chiefs of Staff and White House unclassified email networks, among other targets.
The Obama administration saw that campaign, as disturbing as it was, as classic espionage of the sort that states routinely engage in against one another, rather than as a disruptive attack, and so did not retaliate, said Michael Daniel, who was Obama's White House cybercoordinator. Officials were not aware of the thousands of other victims in the private sector and other countries at the time, he said. The administration never publicly accused Russia of perpetrating the hacks.
This time, the context is different. There is widespread publicity around the breaches, which could turn out to be unprecedented in scale. The nature of the compromises, involving corruption of software commonly used by thousands of large organizations around the globe, is alarming. And the public is much more attuned to Russia's malign activity in cyberspace in the wake of its 2016 election interference.
Thus far, there is no sign that the intrusions have resulted in disruption or destruction, and the Russian intelligence service is known mostly for conducting espionage. That doesn't mean, however, that the activity is not a precursor to something beyond spying, some analysts said.
In any case, Pompeo's "attribution is a very important step," said Tom Bossert, who was Trump's homeland security adviser until April 2018. "The United States can now direct its focus and unite the world against this outrage."
He said the Russian government is holding American networks at risk. "We must impose a cost on the Russians," he said. "Until we start defending digital infrastructure as if commercial and government operations depended on it, we will remain rudderless."
What makes this hacking campaign so extraordinary is its scale: 18,000 organizations were infected from March to June by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.
It's going to take months to kick elite hackers out of the U.S. government networks they have been quietly rifling through since as far back as March.
Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It's racing to identify more.
Many federal workers -- and others in the private sector -- must presume that unclassified networks are teeming with spies. Agencies will be more inclined to conduct sensitive government business on Signal, WhatsApp and other encrypted smartphone apps.
If the hackers are indeed from Russia's intelligence agency, as experts believe, their resistance may be tenacious.
The only way to be sure a network is clean is "to burn it down to the ground and rebuild it," said Bruce Schneier, a prominent security expert and Harvard fellow.
Information for this article was contributed by Jill Colvin, Matthew Lee, Frank Bajak, Eric Tucker and Bobby Caina Calvan of The Associated Press; by Ellen Nakashima, Josh Dawsey and Karen DeYoung of The Washington Post; and by David E. Sanger and Nicole Perlroth of The New York Times.