Did a Russian Cyberattack Affect the Election? Officials Couldn't Be Sure

In this daily series, Newsweek explores the steps that led to the January 6 Capitol Riot

On December 13, the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security issued an emergency directive requiring federal agencies to disable SolarWinds' Orion software because it posed a substantial security threat.

Such "hacking" announcements, seemingly constant, are often difficult to assess regarding severity, and they almost always provoke reporting that screams greater and greater vulnerability. But in the case of the SolarWinds cyberattack, it was "one of the most widespread and sophisticated hacking campaigns ever conducted against the federal government and private sector," according to the Government Accountability Office.

The attack had repercussions on the focus and attitude of the national security agencies, and on the power of the deep state that so many insist doesn't exist.

SolarWinds has more than 320,000 customers in 190 countries. The infected software was widely used by federal government agencies to monitor network activity and SolarWinds later estimated that nearly 18,000 of its users received the compromised software update. The Russian government was in, spying on compromised federal agency computers from May through December, reading emails and other documents.

(Though 18,000 users received the compromised software update, over time, SolarWinds corporation tells Newsweek, the number of actual infected computers was much smaller. The Department of Homeland Security CISA later noted that, "a much smaller number [of computers] have been compromised by follow-on activity on their systems." SolarWinds later announced that "the actual number of customers who were hacked ... [were] fewer than 100.")

Beginning in September 2019, cyberattacks perpetrated by Russia's Foreign Intelligence Service breached the computing network of SolarWinds—an Austin, Texas-based network management company. The Russians managed, over five months, to inject hidden code into a file that later went out as part of SolarWinds' regular software updates for the Orion platform, their business software. The Trojan malware provided Russia with a "backdoor" to access infected computers. The Russian operators then were able to remotely exploit SolarWinds' customers.

Donald Trump 2020 Presidential Campaign Joe Biden — Did a Russian cyberattack affect the election? Officials couldn't be sure. Election personnel sort absentee ballot applications for storage at the Gwinnett County Board of Voter Registrations and Elections offices on November 7, 2020 in Lawrenceville, Georgia. Elijah Nouvelage/Getty Images

Just after the election, FireEye, a cybersecurity firm, detected an intrusion to its own systems and informed SolarWinds of the compromise of the Orion platform. SolarWinds begins notifying customers, posting on Twitter that it was asking "all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability." Microsoft also detected an intrusion into its cloud platforms, the company informing federal agencies that their systems had been breached.

On December 16, the Cyber Unified Coordination Group, responsible for coordinating government-wide responses, was activated. The Russians were probably reading the internal emails of the Departments of Defense, Homeland Security, State, Treasury, Energy, Labor, Commerce and Justice (including U.S. Attorney's offices and courts). The agencies using SolarWinds Orion software had their systems disconnected or powered down.

President Donald Trump said nothing for days. When he did speak up on December 19 he suggested that China and not Russia might have been responsible, and that "everything is well under control."

The Department of Justice later said that around three percent of its email inboxes were compromised. The New York Times reported that the most senior Treasury Department officials' emails were compromised. Breach of court systems likely put at risk "sensitive case records and information that would be of great value to Russian intelligence, including trade secrets, investigative techniques, and information on targets of surveillance operations."

The biggest worry, according to a senior intelligence official who has been involved in the damage assessment, is that Russia, through their Orion access, was able to burrow deeper into the electrical grid and even nuclear storage facilities, leaving backdoors for later use.

solarwinds russia cyberattack security breach — FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify during a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 in Washington, DC. The hearing focused on the 2020 cyberattack. Drew Angerer/Getty Images

The Russian Embassy in Washington denied any involvement, saying in a statement on December 14 that Russia "does not conduct offensive operations in the cyber domain."

In truth, Russia does. But the federal government, which spends billions annually on cybersecurity, never detected the intrusion: not on the networks, not in its intercepts, not from human agents. CISA, the agency also in charge of protecting the election infrastructure, detected nothing. The CIA and NSA detected nothing.

"Russia should be held accountable," Joe Biden's Secretary of Defense, retired Army General Lloyd Austin, said during his confirmation hearing. Members of Congress called for America to retaliate. It should be "swift and clear," senators said.

Russia, the perpetual enemy, was the primary focus of the intelligence community as December moved into January. And because of SolarWinds, Justice and the FBI became deeply involved as well. There were discussions, according to the senior intelligence official (granted anonymity in order to speak about classified issues), whether CISA and the NSA could in fact know for sure that the election systems hadn't been compromised. SolarWinds was so sophisticated that it went undetected for over a year; as a result the FBI, in particular, doubled down on its many Russia-related cases, spooked as well as to whether they weren't missing a broader penetration into the fabric of American society.

SolarWinds, as damaging as it might have been, provided the national security bureaucracy with a needed diversion and something to do at a time when the post-election chaos and the president's distraction left them powerless. Without the president, and with National Security Advisor Robert O'Brien checked out, the bureaucracy churned on SolarWinds. No one in the federal government was ever held accountable for the breach itself. By the time the Cyber Unified Coordination Group ceased their work on April 19, 2021, a new Deputy National Security Advisor for Cybersecurity had been created at the White House, another member of the bureaucracy. And more funding was secured for everyone.

Update 12/13, 5:45 pm.: This story has been updated with additional information about the number of computers affected by the compromised software update.

In this daily series, Newsweek explores the steps that led to the January 6 Capitol Riot

'Stop the Steal' Was a Donald Trump Fans' War Cry Even Before Election Day

Fox News Called Arizona for Biden, Turning January 6 Into the Day of Reckoning

'I'm Going to War; I'm Bringing the Big Cock,' Posted a Trump Fan. The FBI Didn't Notice

'Just Put Me In Charge,' Rudy Giuliani Told Donald Trump. 'They Stole This Thing'

The 'Adults' Vanished, Leaving Four Seasons Total Landscaping for Rudy Giuliani

As Tensions Rose, U.S. Intelligence Spotted Election Meddling by China, Russia, Iran

The Silent Coup Against Donald Trump Emerged in a Super-Secure Meeting Room

The Oath Keepers Called for Attacks on the Government: Insurrection, by Definition

'We Are On the Way to a Right-wing Coup,' the CIA Director Privately Warned

'Trump' Was Named in 1,200 Homeland Security Threat Reports Before the Election

Donald Trump Supporters Didn't Appreciate Barack Obama's 'So-Called Wisdom'

'There Will Be Bloodshed': As Night Fell, the Million MAGA March Turned Violent

'Terrorists' at the Border? To Please Donald Trump, Homeland Security Tweaked Reports

With a Tweet, Donald Trump Fired the Official Who Stated There Was No Election Fraud

This Donald Trump Advisor Used the Word 'Transition'—and Scuttled Out of Town

'I Cannot Wait to Leave This Job,' Said the Acting Defense Chief, a Week Before the Riot

Rudy Giuliani's Melting Hair Dye 'Freak Show' Made Even Donald Trump Flinch

After Her Family and Pets Were Threatened, She 'Ascertained' the Election

Donald Trump Tweeted about 'Massive Corruption,' Demanded Recount, Went Golfing

Donald Trump's Former Ally Chris Christie Called Rudy Giuliani a 'National Embarrassment'

'I Can't Afford a Big Frontal Attack on the President,' Mitch McConnell Confided

'Anyone Who Opposes Trump Supporters' Could Disrupt Capitol Rally, Planners Feared

Loyal Donald Trump Pardoned Mike Flynn, Who'd Gone Down a QAnon Rabbit Hole

'You Play Golf, Right?' Donald Trump Rambled On as Commanders Tried to Interrupt

'Tyrants and Traitors Need to Be Executed,' Said the Army-Vet-Conspiracy-Theorist

Intelligence Analysts 'Didn't Understand Donald Trump, How Far He Would Go'

Donald Trump Must Have a Diabolical Plan, Officials Assumed. But There Was No Plan

'Enemies Foreign and Domestic'? Threats the Daily Intelligence Briefs Left Out

'You Must Really Hate Trump,' a Furious Donald Trump Said to Bill Barr

Donald Trump Should Declare Martial Law, Michael Flynn Retweeted from His Now-Banned Account

Donald Trump's Lafayette Park Photo-Op Spooked Military Leaders

Donald Trump's Post-Election Fury Prompted a Warning from His General

Donald Trump Peddled His 'Stolen Election' Story. The Job was to Promote GOP Candidates

'Your Days are F--king Numbered': Threats Rained Down on Election Officials

'Racist.' 'Terrorist.' 'Extremist.' Did the FBI Get the Proud Boys Wrong?

Ted Cruz Offered His Services in Resolving National 'Acrimony' About the Election

Donald Trump Supporters, Censored, Discovered They Didn't Need Twitter, YouTube

Exclusive: Far Right's Growing Anti-Government Rage Put Security Agencies on Alert

Donald Trump's Refusal to Concede Fueled the 'Emerging Domestic Threats'

Donald Trump's Good Day: Cheered at West Point, Wowed by a Stop the Steal Protest

Did a Russian Cyberattack Affect the Election? Officials Couldn't Be Sure

Donald Trump Griped about His Lack of Airtime as States Certified Joe Biden's Win

Mitch McConnell Hated Donald Trump More than He Loved Being Majority Leader

Don't Make Your FBI Director Pass a Loyalty Test, Donald Trump Was Told

Did Michael Flynn's 'Insane Rant' Reveal Media Bias?

Donald Trump's 'Bizarre' Meeting: Cursing, Screaming, Swedish Meatballs

Ecstatic Donald Trump Fans Retweeted His Call for 'Wild' Protests

Even Donald Trump's COVID Infection, Vaccination, Didn't Change Republican Views

Donald Trump Supporters Targeted the Capitol: 'Bring Guns. It's Now or Never'

Donald Trump Pardoned Military Rank-and-File But Hated 'My Generals'

Exclusive: Classified Documents Reveal the Number of January 6 Protestors

Mike Pence Fed the Illusion that Donald Trump Might Prevail

Christmas Day Bombing Raised Fears of Donald Trump Conspiracists as Terrorists

Donald Trump's Base Took His Tweetstorm Seriously, Even If Nobody Else Did

Though Obsessed with Donald Trump, the Media Was Blind to Brewing Threat of Violence

Capitol Riot Investigators Search for Donald Trump Smoking Gun

Dr. Anthony Fauci Understood COVID Science But Not the American People

Exclusive: Secret Threat Report Named Everyone Except Angry Donald Trump Voters

Underestimating the Threat, DC Mayor Muriel Bowser Ordered Up Unarmed Guards

Insurrectionist Chic Is a 'Serious Growth Sector,' Analysts Say

Donald Trump Planned to Stoke Unrest, Call Out Troops, General Milley Feared

Exclusive: Secret Commandos with Shoot-to-Kill Authority Were at the Capitol

Exclusive: Secret Service Intel Saw 'No Indication of Civil Disobedience'

'Cops Are the Primary Threat,' Warned the Proud Boys' Encrypted Messaging Channel

Donald Trump Didn't Run the January 6 Riot. So Why Did It Happen?