NSA Warned White House Against Using Personal Email

By Josh Meyer, Politico

01 October 17

In briefings to incoming Trump aides, security officials highlighted the dangers of unsecured email and phones.

he National Security Agency warned senior White House officials in classified briefings that improper use of personal cellphones and email could make them vulnerable to espionage by Russia, China, Iran and other adversaries, according to officials familiar with the briefings.

The briefings came soon after President Donald Trump was sworn into office on Jan. 20, and before some top aides, including senior adviser Jared Kushner, used their personal email and phones to conduct official White House business, as disclosed by POLITICO this week.

The NSA briefers explained that cyberspies could be using sophisticated malware to turn the personal cellphones of White House aides into clandestine listening devices, to take photos and video without the user’s knowledge and to transfer vast amounts of data via Wi-Fi networks and Bluetooth, according to one former senior U.S. intelligence official familiar with the briefings.

The briefings were held in the White House Situation Room because of the sensitivity of the topics discussed, according to that official and three other former officials familiar with such briefings, which have been given to each incoming administration.

The officials said White House aides also were told they should assume that foreign cyberspies had already penetrated their personal email systems to some degree and used that access to vacuum up everything not just on their own computers and phones but those of their contacts.

The NSA briefers told the Trump aides that using their personal devices for work, including passing files and emails from one system to the other, could give cyberspies access to their work computers and email, too, the officials said.

If Kushner did not adhere to the security precautions, it could lead to a significant security breach, the officials said, given his access to President Donald Trump and unique portfolio of responsibilities. Kushner, who is Trump’s son-in-law, is the president’s point man on China, Syria, Middle East peace, and Afghanistan, along with innovation, infrastructure and other issues.

“Jared is probably one of the top five or 10 targets in the U.S. government because of his access to the president and because of the portfolios he’s been given,” said Richard Clarke, a former top cybersecurity advisor to three presidents. “It’s a pretty safe bet that his personal devices have been compromised by foreign intelligence services. And therefore there is some risk that meetings he attends are compromised too.”

White House spokespeople declined to comment on which officials received the briefings, but the former intelligence official said that former chief of staff Reince Priebus and homeland security adviser Thomas Bossert were among those who attended. Kushner and others of his rank were expected to attend, especially given the high potential for cyberespionage as one administration replaces another, the officials said.

A White House official told POLITICO that West Wing staffers are expected to follow security protocols, including leaving their cellphones in security lockers outside offices where classified information is discussed. White House press secretary Sarah Huckabee Sanders said earlier in the week that aides were frequently warned about using private email accounts, and that “to my knowledge, it’s very limited.”

POLITICO reported Sunday that Kushner and his wife, Trump’s daughter Ivanka, created a private family domain before Trump took office. Kushner used it to communicate with top White House officials in early 2017. Kushner’s attorney said the messages totaled fewer than 100 from January through August.

A day later, POLITICO reported that at least five Trump aides used personal email for public business, including Ivanka Trump and economic adviser Gary Cohn, and that Priebus tried unsuccessfully to stop White House aides’ rampant use of cellphones for official business.

The disclosures prompted sharp criticism and investigations from members of Congress. Much of their concern related to preserving records, but numerous national security officials said the far greater risk is the theft of information by foreign adversaries.

“This happens with every administration that comes in,” said the former senior U.S. intelligence official, who left government only recently. “They don’t know from this world and they don’t understand the vulnerabilities that the electronic devices they carry around compromise them.”

Hacking was rampant during the 2016 election, especially from Russia, as current investigations have shown. It was also widespread in 2008, and even more so in 2012, with intelligence officials confirming that both major-party candidates, Barack Obama and Mitt Romney, were targets of cyberattacks. U.S. intelligence officials were so concerned about hacking during the 2016 election that they declassified material from the briefings Obama staffers received in 2009 as a warning to others.

The declassified material was part of a slideshow warning Obama administration officials that their jobs made them prey for foreign spies for a variety of political, economic and other reasons.

Asked whether any Trump administration officials, or their predecessors in the Obama administration, had their systems hacked, the former intelligence official said: “Not that I can talk about. You should just assume we wouldn’t make this big a deal about it unless it was a serious threat.”

The briefings for White House aides are especially important, the former officials said, because of all the ways in which phones and email can be compromised. Officials are told not to allow any of their phones or laptops out of their sight for fear they will be “ghosted,” or copied, and not to take them to countries including China where they can be accessed by cyberspies even if they’re turned off.

When it comes to email, cyberspies will research a potential victim, especially someone identified as being a key to understanding an incoming administration. Then they will send the victim “spearphishing” emails that appear to be from friends, urging them to click on something that secretly installs malware on their system.

Once a foreign intelligence service “hooks” an electronic device, it will vacuum up all of the data, including any work files, and all of their contacts. That allows cyberspies to gain access to the devices of potentially thousands of other people.

And the hackers often simply lurk there, undetected for months or years, and use the information to help them gain powerful competitive advantage in trade talks, political negotiations and other matters.

“Getting access to your personal email is just the first step in the calamity that will eventually follow,” a former law enforcement official said. “And a potential lapse in security protocols could have such a deleterious effect on America that we may not even understand for years how bad it is until it’s too late.”

A second former U.S. intelligence official said that the NSA briefers understand how insidious the cyberespionage campaigns can be because they conduct similar operations against others.

“I’ve moved heaven and earth to get into the unclassified accounts of legitimate intelligence targets around the world,” the former official said. “Just because he thinks it’s unclassified doesn’t mean it does not contain information of great value to us.”

He cited Kushner’s personal accounts as being a potential mother lode of information for Trump’s upcoming summit meeting with Chinese leaders.

“Let’s say Jared meets with Dr. [Henry] Kissinger, has a great conversation and he writes a summary of the conversation” on his personal laptop, the former official said. “It’s not classified but it has information that is extremely important and of high interest to intelligence services around the world because of who he is, a man of influence.”