tv Charlie Rose Bloomberg August 12, 2016 10:00pm-11:01pm EDT
complex from our studios in new york city, this is charlie rose. charlie: the cyber attack targeting the dnc appears to be more extensive than officials first believed. forcedginal leak in july the dnc chairwoman debbie wasserman schultz to resign. the question remains, whether it is part of a larger effort to influence the election.
he served as the general counsel at the national security agency. he currently leads a global cyber security practice. michael o'rielly covers -- michael riley covers cyber security for bloomberg news. david sanger of the new york times. david, tell me where we are. david: we are at a protectable place in the course of this. what we knew a year ago, although the government did not announce it as such, the russians have got inside the state department's unclassified e-mail system, part of the systems in the joint chiefs of staff. we discovered the successor to ago,gb, more than a year got into the democratic national committee systems, followed by another russian intelligence
agency which did not even know the fsb was there. when you go into the systems, you follow the breadcrumbs out. it would not be surprising if one of those hacked e-mails or the oneals was either who led these agencies into the dnc or from the dnc, they went out to the. you follow the string as it proceeds in and out of these networks. charlie: tell me what role wikileaks plays in this. david: wikileaks was the recipient of a number of the documents. they were not the primary recipient. initially after the d&c hack was discovered -- dnc hack was discovered, and the report printing back to two russian , after that, we began to
see some of these documents surface on the web from somebody who we talked about a few weeks himself withified the name after another hacker actually in jail. it looks like that was a construct. probably there was no individual, but a committee of russian hackers. whoever it is, they published this material themselves and they did not get much news bounce out of it. after that, it ended up in the hands of wikileaks. we do not understand about the transmission belt of how it got from the people who hacked this to the people who published it. charlie: is julian assange saying that he has a lot more? more: he has hinted he has
. he has hinted he has no particular love for hillary clinton. in an odd way, the contents of what was in these lakes, apart from the fact the dnc was favoring hillary clinton over bernie sanders, which was not the best kept secret in washington. the fact of the hack in the concept the russians may be inserting themselves into an american election is far more newsworthy than what we have seen out of these e-mails. charlie: any doubt the russians did this? >> i do not think there is any doubt the russians did this. think the big question still is, was this directed at espionage? the russians have been interested in u.s. government
agency servers and networks. the chinese have been interested. or did they, in fact, intend to insert themselves into the election? or did they make the decision after they were caught? charlie: have we seen the tip of the iceberg? >> i would expect there is much more. this appears to be much more than espionage. something like an information warfare operation. the russians have been running these types of operations in europe for a couple of years. they have done it in ukraine, eastern europe, they hacked a television station in paris. decided to intervene in a
very contentious election in the u.s. and there is no doubt they have a lot of information with which to do that. the attacks have come out, the victims are part of a small subset of a larger set of people who were targeted. tracked 4000s spearfishing e-mails from the gre intelligence unit and they crossed a whole bunch of categories. they go into every corner of the washington power structure. nato officers, military stuff, defense contractors, personal e-mails. gossipy stuff with things they managed to get that people talked about. there is a lot of stuff out there and the question is -- how
much have they already given to wikileaks or other people to release? do they plan to do this all the way up to the election? is there any response the u.s. can make that might change the calculus? >> i am sure senior officials are debating that exact question and the complexity involved -- publicly admitting something to a nationstate is far different than privately doing so. we saw the u.s. government make significant strides when the sony hack was attributed to the government of north korea. officials are seeing the public benefit for attribution, to hold hostile actors accountable. charlie: how do we hold north korea accountable? how might we hold russia accountable? >> everything from diplomatic action, we have seen diplomatic
approach meant with the chinese. to criminal indictments as we saw with several pla actors. to economic sanctions, as we saw in the case of north korea. they have various advantages and his advantages. -- disadvantages. comes upthe question with regards to hillary clinton people do we assume the who did the hackings wanted to would it bever or much more difficult to penetrate? david: what we have heard from the fbi director so far is he said there was no direct evidence that anybody who had gotten inside the server, but he went on to say the actors are
usually so good, they might not leave any evidence. if they are so good, why was it so easy in the case of the d&c hack? beenc hack it could have that it could have been more than one actor. in cyber, it is not uncommon, once somebody gets caught, for them to leave the door open to other hackers so the crime scene gets polluted. there are all those different elements and it may be a long time and we may never figure out whether her server was hacked. i want to pick up on one thing, there is a growing sense that naming and shaming has some utility. the justice department indicted some iranians.
,here is the chinese indictment the naming of the north koreans. one interesting question may be, did the obama administration make a mistake by not naming the russians for the state department and white house and joint chiefs of staff and had they done so, would it have created some kind of deterrent for them to act against the dnc? or would it have made no difference? we will never know the answer. question, whathe about these previous hacks the u.s. government knew about and never discussed publicly? charlie: they named the north koreans after sony, correct? >> it was a very quick attribution. the president had gotten briefed on it and named them in december just before he went to hawaii.
immediately after that, a lot of people came out and said, the evidence is no good. the u.s. government did not want to reveal its evidence because it did not want to reveal how much it was up inside north korea's own computer systems. that could be going on in the russian case. you could have intelligence agencies, i do not know if this is the case, it could be the intelligence agencies know more about this case from our own implants inside russian systems communitytelligence may have decided they could not risk revealing the depth of that penetration and thus cannot talk about what evidence they have. charlie: does that make sense to you? >> generally, it does. gain-loss analysis, they will
weigh the benefits of doing so publicly versus the potential loss of an intelligence source. to pointalso important out we are trying to create stayin behavior in cyber -- cyberspace. in many ways, the type of targets we have signaled those are legitimate targets. i think we want to draw a line between what type of espionage the u.s. itself conducts. charlie: the u.s. government would not try to influence elections? >> the russians said, we discovered this malware in our own server. we all know who it is really from. charlie: we do know there have
been certain kinds of agreements. the chinese claimed they would stop supporting industrial espionage. >> so far, the evidence seems to be the cyber economic espionage is going down. what does this open up in terms of where hacking may be going in a larger sense? everything access to . medical records, for example. >> we have often described the threat as a kind of live free or die hackers are going to cause massive destruction and what we have seen is cyber is used below the threshold for an armed attack. there is a whole range of ways to use cyber, influence
operations, espionage. it is very difficult to figure out who the targets are. sony is a private company. organization.ical the target is constantly shifting. it is a whole range of private actors that gives states the ability to influence and coerce in ways we had not thought about before. charlie: where is this on the priority of the nsa? >> cyber security can be as much about protecting the confidentiality of communications as it can be assets.ng if you are the head of a party or the ceo the company, the hack and leak of e-mails can have
just as important real-world impact. charlie: do we know who in russia might have ordered this? possible the intelligence agency were rooting and once they got into the d&c and got this material, they may have brought it to their political masters and said, see what we have got. maybe they were looking for bureaucratic approval or they thought it was useful. it is hard to imagine sitting around at the table saying, we have all this great stuff about how the d&c was favoring -- dnc was favoring hillary clinton over bernie sanders. if they see a moment to disrupt an american election, they may whatt as payback for vladimir putin views is an
effort by secretary clinton, who was secretary of state to do denounce -- to denounce a rigged or partly fraudulent parliamentary election in russia where she said some things vladimir putin views as having encouraged protests. adam got at a very important point. we have spent the past few years thinking about the cyber pearl harbor extreme, that is bringing down the power grid. that is something to worry about. what we are seeing here in sony and the dnc hack is more common and below the threshold of an act of war. that may be the future of where cyber war is going.
along with the kinds of attacks the u.s. and israel did against the iranian nuclear program, which is an act of sabotage. all of these are acts that are short of what could prompt an armed response. charlie: where are we in terms of the race between people who had and want to resist hacking? >> the people who hack are far ahead. it is much easier to play offense than defense. one of the things the dnc hacks have shown us, there are interesting tactics being used effectively. you can hack personal e-mails by getting a decent malware on a computer at home, getting credentials to an e-mail and that can get you all sorts of information that can have surprising sensitivity.
a general who based on e-mails posted, the russians were reading his e-mail from 2012 on. he was talking to colin powell and wesley clark. just because of the way people use information and go back between secure e-mail accounts and personal accounts, we haven't figured out a way to counter that. charlie: that would have given the fbi some accountability if they wanted to find out more about those e-mails that were deleted. there was someone at the receiving end of those e-mails. >> absolutely.
the state department has released e-mails that have gone through and released them. the e-mails that were deleted, the fbi was able to reconstruct some part of that. in terms of the fragments and the data they had. but the clinton campaign has been clear, that was a process. our lawyer sat down and went through everything that was in the account and the only thing that was left out where personal -- left out were personal e-mails that didn't have anything to do with state department business. donald trump suggested there may be another hand the russians could play if they did hack in the servers, they could present that themselves. it presents the possibility of an interesting surprise between now and november. ♪
security. cyber has risen in terms of the focus of the u.s. government and within the military. what do we need now? >> i think there is a series of hard decisions president obama is going to have to confront. he doesn't have an investigation report to act upon. the fbi is still looking at this. it is continuing to spread. he's probably feeling pressure to be able to send an official message to the russians before the election happens. there is always the possibility this could be the beginning of a broad and complex attempt to
tinker with the election itself. we have no evidence they are in the election systems that there are vulnerabilities in the systems of many of the states. he would want to issue some kind of warning to the russians to keep their hands off of the american elections from the votes and the counts. >> can you set some norms for all of this, we have had success with that with the chinese. i've never seen any indication of success with that with the russians. charlie: because they are different? >> less interested in the commercial data and intellectual property the chinese have focused on. more interested in the espionage information warfare.
and the traditional military secrets. the u.s. doesn't want to set any norms that would cut into its ability to conduct espionage against the russian military, or some of the financial institutions and its political institutions. people are going to be saying before you cut that deal, think about what the u.s. espionage activities you may be affecting. >> we've had a little success with the russians with the group of government experts at the you win. u.n., 20 experts. they agreed there are some basic rules of behavior in cyberspace that international law applies, that state should not attack the critical infrastructure of state during peacetime. how do you define critical infrastructure?
i think one of the things the obama administration is going to do is send a signal that we will consider critical infrastructures including the voting system, that there is a line there. charlie: so they should say to the russians stop this because we have more we can do. -- because you know what we can do. >> there are certain behaviors that are going to be outside and some repercussions. charlie: what would be the repercussions? >> most of them we will not see. already we are engaged in some disruption in russia. are we disrupting whatever the russian spies are doing themselves? are we sending signals through our own cyber operations that we could respond if we need to? given the interests we have with the russians now in syria, we are unlikely to use sanctions or other punitive measures.
it may be worth noting they may have played some cards already that we haven't yet seen. there's a lot we don't know about how this evolves. we don't know exactly how the dnc figured out it had been hacked by the russians. it is possible they could have got a heads up. saying you guys should look at that. they called in an ir firm that was quick to put out the message it was russia. they called in other firms to confirm that and quickly the narrative became what's in the e-mails but who is doing it and why. that may be an effective counter to an operations to influence it. there's a possibility it has come back, there is scrutiny on donald trump and connections to russia. there are some complex things.
charlie: what do we know about donald trump and his connections to russia? >> people will point out a couple of things. strong business connections. paul manafort, his campaign manager spent several years in ukraine working for the president of the ukraine who once he was ejected from the country in the protests, went to russia and is there now. that is a close relationship between manafort and connections to the kremlin. people are like what does this add up to the russians are -- if the russians are trying to interfere in the u.s. elections on one side and not the other? >> the washington post has done some pretty good work on this and looked at some money that has flowed between russian oligarchs and some of trump's
financial interest. several steps removed from saying he has direct financial interest that coincide with the russian oligarchs or vladimir putin that would explain why they are doing what they are doing. a better explanation might be that the russians looked at the field and don't have any love for hillary clinton and may have just decided and information operation like this is a way to confront the west, specifically the west without much the u.s. can do about it. >> that is an important part. -- that is an important point. a lot of russians operations are not a specific outcome. as long as you can create undermineyou can
peoples trust in information, that is a positive outcome. it may be enough to throw the election into chaos. they would see that as a positive outcome. charlie: do you believe the russians are trying to influence the result of the american presidential election? >> the one big open question, the relationship between the hack and the leak. intelligence officials are trying to think through that. that is an important step in policy consequences and is there a direct attempt to influence an election? clearly this highlights for the american public importance of preserving the integrity of our electoral process from cyber adversaries, i think now they all have the spotlight. charlie: we just don't know. twice i don't think we know publicly that critical link.
-- i do not think we know publicly that critical link. in line with the other comments made, it would not be unusual in the tradition of russian information operations for this activity to be undertaken but i think the jury is still out on this and you shouldn't leap to that conclusion until we know more. >> i agree. the evidence that there were russian actors and almost certainly linked to or part of the intelligence agencies who did the hack is very strong. the transmission of that making -- ther transmission transmission belt of that, making his public, who made that decision, who was in control, whether they may have been others who leaked the material, that is unclear, at least to me and the people i have talked to. on the broader question, this is something the u.s. government is going to have to act on pretty quickly in the next 90 days.
it's a very decentralized system. every state does it differently. some are going to be more vulnerable than others. it is not as if some hacker could sit around and come up with a way to manipulate the vote in the united states. they would have to go state-by-state and locality by locality. that would be difficult. charlie: thank you so much. thank you. pleasure to have you here. thank you. we'll be right back. stay with us. ♪
charlie: on september 11, 19 terrorists use jetliners and -- as guided missiles to kill 2977 people. that changed this nation's approach to national security. the u.s. has spent $1 trillion to protect itself against terrorist attacks. a new article by steven brill answers the question -- are we any safer. it is the cover story for the september issue of "the atlantic." what made you pursue this? steven: i was curious to
document and see how we had done. i did a book in 2003 about the immediate aftermath and the standing up of the department of homeland security. as a citizen i had not paid much attention to it. the record might be interesting and mixed. the record is mixed. charlie: but it is clear we are safer. steven: we are stronger. we have more defenses because of the men and women who work at it every day. charlie: why doesn't that make us stronger? >> there are two things in the equation. the offense has multiplied. it is much more diffuse.
we went into iraq and cause -- caused turmoil in that part of the world. we face many more threats, different kinds of threats and we haven't even completely responded to the threats we faced on 9/11. after the attacks, there were the anthrax attacks. we haven't made progress we need in dealing with bioterrorism. charlie: but what happened in iraq was not the reason saddam -- osama bin laden attacked on us. >> that is the point. that was a gratuitous raising of the threats against us. not only was it not justified as a response to 9/11 but it was counterproductive. charlie: because? >> it unleashed and destabilized
-- it unleashed destabilizing forces in the region. we faced them in paris. we faced them in san bernardino and orlando. individuals get inspired. charlie: let's stay with that idea. are you saying, take 9/11, osama bin laden wanted to lash out. a planned attack by him. one of the principal people in captivity. in terms of iraq, destabilize the region, because that war had the destabilizing effect it had. and provided a bigger series of people who wished us bad as well as what else? steven: they also had a target.
suddenly the americans were invading an islamic country. the terrorist's greatest dream is to have the war with western civilization. charlie: would that have happened if we had not gone into iraq? steven: i don't know. that goal of the terrorists is the same. to lure us into a war with western civilization and the muslim religion. charlie: which is the argument used by many people as to how we have to respond to this. if we engage them in a land warfare, we would play into their hands. >> if we even say we are at war with a religion, that is what they want us to say. president bush didn't take the bait. president obama didn't take the bait.
donald trump declares that war. charlie: and other people as well. steven: but he is running for president. charlie: there's been a divide between republicans and democrats. >> not national security republicans per se. charlie: my point is to understand whether you can make a distinction between not saying it is a war against islam and recognizing that you are fighting in most cases a radical extremist islam. steven: that is the exactly the distinction we have to make, that you just made. the distinction is in that the -- that is not the distinction the terrorists want us to make. they want us to declare war. that is what inspires people in their basement somewhere.
the great satan west is declaring war on this religion. i am going to show i am joining the battle and i am going to shoot up a nightclub or a shopping mall. the answer to your first no.tion, are we safer, we have done a lot, we are stronger, we are tougher. you can't hijack airplanes. we have learned a lot of the lessons. there are now these new lessons to learn and some we can't prevent. we can't prevent them if we let anyone who wants to walk into a gun store and buy an assault rifle. that would help if we would do something about that. in the world in which our enemy, the soviet union was deterred. we had missiles, they had missiles. we decided not to kill each other. if your enemy is the people trying to kill you don't care if
they die and can't be deterred and take glory in the notion they might die, and if they have access to assault weapons, we are going to have more of the attacks we have seen lately. one of the things the president has tried to do is get the country to adjust to that, to understand that and say it is not the end of the war -- world. we are doing everything we can to prevent it, but in this world that we live in today, that is going to happen. the cliche after 9/11 was never again. president bush used to say the terrorists only have to be right once. we have to be right 100% of the time. you can't be right 100% of the time. charlie: most are surprised there have not been -- hasn't been an attack.
they point out there have been a number of times in which they were stopped. steven: i'm less surprise now that i'm looking at this and seeing everything this administration and the bush administration have done to fortify our defenses. they have done a good job. charlie: you talked to james comey. you talked to a range of people. the ultimate threat, terrorist organizations having weapons of mass destruction. steven: correct. lots of different weapons. if you're talking terrorism, you can have a weapon that doesn't destroy masses of people but scares masses of people. that is what the dirty bomb i wrote about is. it is a standard explosive you lace with enough radiological material, which you can get at any hospital in this city.
it's not well secured. you mix it with a standard explosive. when police show up after a bomb goes off, in the middle of the -- midtown or the middle of levelston, the radiation are going to show that there is contamination. what is your definition of lethal? show, inould washington, d.c., they did a test, unless you evacuated all of downtown washington from the library of congress to the smithsonian, one person for every 10,000 people would would die of cancer over the next five
or 10 years. that sounds pretty awful. that sounds terrible except that if you do the math, if you have half a million people living around washington, d.c., that adds up to 50 extra deaths. i could prevent those deaths if i went into an office building and got people to quit smoking. the essence of a dirty bomb is everybody gets scared and says this is as dangerous as a superfund site. that would be the natural impulse. but the fact is, if you look at it rationally, we should not be that scared of it. one of the places i fault the administrations, they have never had that discussion with the
american people. if the first time you try to have that discussion, this isn't as bad as it seems discussion is the afternoon after a dirty bomb goes off, that is not going to be very credible. if you do it before hand and get experts out there explaining it, that takes the weapon away from the terrorists. you have an october surprise if -- surprise -- if you take it that the terrorists would like presidency, the next logical step is they want to disrupt the election. the way to do that is to scare more and more people.
that is what the pundits seem to say. you should be scared and vote for me because secretary clinton is weak. the moment i take office, isis is gone. charlie: did you see today, president obama is a founder of isis? steven: who could explain that? i can't wait to hear him asked about it. charlie: my assumption is we withdrew from iraq, isis grew out of what we used to be al qaeda, iraq. steven: that is true. if we had never gone in there in the first place, it would not have started. charlie: that would be his argument. a lot of things happen. let me stay with two notions.
why do you think they haven't been able to explode a dirty bomb? explain to me how difficult it is to do it. steven: it's not that hard. it takes more expertise than getting an assault weapon and shooting up a nightclub. that is the one thing in all the reporting i did, what is the thing that hasn't happened you you cannot understand why it has washappened, the dirty bomb the first thing everybody brought up. the answer is, i do not know either, but i do not feel comfortable that the past is prologue here. charlie: they would make arguments about intelligence, more vigilant in terms to -- in terms of trying to understand who it is. steven: but we are not the job -- we are not vigilant when it comes to protecting radiological
material. there are two agencies in the energy department and the obama -- in the obama administration. the nuclear regulatory commission regulates anyone who has any radiological material. they prescribed a security requirement. the other agency suggest counter for peopleon methods with this material ought to use. their suggestions are 10 times as strong as the nrc regulations. they go around trying to persuade hospitals and logging companies, put locks on your doors, have alarms, but the nrc doesn't require any of it. charlie: why not? steven: because they are a captive of the industry. one agency saying you ought to do this and the agency that could make them says, literally
quoted in the article as saying we like to make suggestions, we don't like to be prescriptive. he's a regulatory authority. charlie: so we should be more safe and secure with respect to radioactive materials. we have not done that. let me go back to the central concern. therefore they are not as secure. people who wish us ill can get their hands on it. the other thing is it easier to -- the other thing, is it easy to learn how to make a dirty bomb? steven: it is really not
complicated. i'm oversimplifying this a little bit but not much. you have an explosive. a standard explosive. you put this material in the same box. when it goes off, it will disperse. it is not hard. it is hard to make a nuclear weapon. has anyone used a dirty bomb anywhere? steven: it has been tried. i don't know what the result was. but there have been tests done, tabletop exercises where they have mapped out contamination. contamination, the headline would be we are living on the superfund site. the reality would be, there is more radiation out there but it's not lethal to any significant number of people.
charlie: the point you were making, the president was sensitive to this, this idea of not making this a war against islam. the president does this by not using the word war against islam. steven: correct. charlie: he also has said to a range of people we have a mindset here that you can't go out and explain more people are killed in other areas than terrorism. you can't do that and political dialogue. steven: he addresses that the article. there's a different sense of the -- fear about this kind of danger. i asked, why is there a
difference between someone who is mentally ill and goes to a gun store and buys an assault rifle and shoots up a school, that is one kind of tragic event. the people against gun control seem to accept that as a fact of life in the united states. if the same person gets an assault rifle and as he is shooting yells out something in arabic, it becomes this apocalyptic event. the president says it is irrational but true. charlie: he also said you have to worry about the marginal stupid people. they motivate you. there are people trying to kill us. you have to worry about that. -- balancing those threats is the challenge today.
steven: that comes back to my answer to your first question. are we safer? you put those two things together, you get the answer -- we are not safer. as well as we have done, as much as we should credit all of those who are doing it, the kinds of threats have multiplied. on 9/11, we were not thinking about someone shooting up a community service center in san bernardino and claiming he was part of a terrorist group. charlie: some may or may not have had contact. steven: the person who shot president reagan was inspired by a moving. -- a movie. these people were inspired, they say, by terrorism.
at the end of the day, it is hard to tell the difference. charlie: how long did it take you to write this? steven: i started just about a year ago, reading reports and testimony. charlie: you talked to the president. steven: i exchanged e-mails with the president. i talked to everybody. charlie: a whole range of people. is there a consensus? stephen: the consensus is twofold. there are certain things we haven't done enough to deal with and people are surprised we have not suffered from it. the dramatic consensus is the threats of multiplied because -- have multiplied because somebody acting alone who is inspired by online communication
or reading propaganda online, that is stuff you cannot prevent and potential to scare us multiplies because when you do it in a random place, like a community service center, nightclub, the intent or the result of that is to send the message nobody is safe, it can happen anywhere. saying heis quoted thought san bernardino was the game changer because it was such a random place. it was not the statue of liberty or some ring. -- something. it was an any place. ♪
>> i'm mark crumpton you're watching "bloomberg west." let's begin with a check of your first-word news. the pentagon confirms the death of the islamic states leader in afghanistan and pakistan. officials say he was killed in an air strike last month. last may a u.s. drone killed the afghan taliban leader. after repeatedly standing by claims president obama founded islamic state, donald trump appeared to change his tune tweeting he was being sarcastic. but at a rally this afternoon in erie, pennsylvania trump had a new take on his old claim. >> he let this happen. they had eight states. they had eight countries. they're now in 28 countries. they're expanding.