
Graphic: CNN
The U.S. government, and America’s largest companies, are scrambling to understand and protect against the "grave risk" to American security from a massive hack that Secretary of State Mike Pompeo now says was a Kremlin op. President Trump's public response: Mostly silence.
Why it matters: People across the government say we've seen the mere tip of this international intrusion — a stunning, dangerous breach that requires infliction of real pain on the perpetrator, now confirmed as Russia.
- Trump responded to the massive cyberattack on Twitter Saturday morning, claiming the "Fake News Media" is exaggerating the extent of the hack.
What's new: It's now clear it'll take months just to kick these elite hackers out of U.S. networks — let alone discern what they've rifled and captured, AP reports.
- The only way to be sure a network is clean is "to burn it down to the ground and rebuild it," said Dmitri Alperovitch, former CTO and co-founder of the leading cybersecurity firm CrowdStrike. "Cleanup is just phase one."
Experts say the hackers may have been seeking nuclear secrets, blueprints for advanced weaponry, COVID-19 vaccine-related research, and information for dossiers on key government and industry leaders.
- Bruce Schneier, security expert and Harvard fellow, said: "We don't know what networks they are in, how deep they are, what access they have, what tools they left."
Late Friday — five days after the hack was revealed — Pompeo became the first administration official to tie the Kremlin to the security debacle, telling conservative radio host Mark Levin:
- "[W]e can say pretty clearly that it was the Russians that engaged in this activity."
A twist: The Russian intelligence service apparently can watch in real time as governments and corporations try to discover and patch the damage.
- Jeremy Bash of Beacon Global Strategies — former Pentagon and CIA chief of staff — said on MSNBC that the hackers "poisoned our own medicine."
- Bash told Andrea Mitchell: "[T]hey're going to be reading the emails of the I.T. and security professionals who're responsible for kicking the Russians out."
Go deeper: