‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails
Former Acting Secretary for the Department of Homeland Security Chad Wolf on Monday recounted the intense first days of the SolarWinds crisis, and remarked on recent reports that the suspected Russian hackers behind the attack had gained access to his email account.
“My first question was: were these unclassified email accounts? The answer was yes,” Wolf said at a virtual talk hosted by the Heritage Foundation. “It’s still concerning, but it would have been even more of a concern if they had access to the lines that DHS does its most sensitive work on.”
Wolf downplayed the value his emails would be to the hackers, who the U.S. government and cybersecurity experts believe are linked to Russia’s foreign intelligence agency. Still, the fact that the attackers were able to obtain access to the email accounts of top government officials is concerning, Wolf admitted.
“They could have found things like emails about me being late for an event… But if they had the ability to do that, what else would they be able to do? Just the fact that they got my email and knew I was running late to meetings isn’t that big of a deal at the end of the day—but the overall access was.”
Wolf, a former lobbyist, held several positions at DHS until he was named acting secretary in November 2019. He replaced Kevin McAleenan, who served in the role for seven months before resigning and who himself was serving in an acting capacity after DHS Secretary Kirstjen Nielsen resigned. According to a Government Accountability Office report, federal law stipulated that the director of DHS’s Cybersecurity and Infrastructure Security Agency, Chris Krebs, should have filled the acting secretary position instead of McAleenan, making both McAleenan and Wolf’s appointments unlawful. Several of Wolf’s orders were overturned by a federal judge, due to his lack of authority.
Wolf served in the top role at DHS during the 2020 presidential election and the disclosure of the SolarWinds compromise. He resigned in January following the storming of the United States Capitol.
Wolf said he was first notified of the SolarWinds attack by CISA’s leadership, who informed him of “a significant incident underway.” He said these conversations typically included a ranking of the incident on a scale of 1 to 10, with most of them being around a 3.
“In this case, it was obviously very different. It was about a 9, and this was on day one when there were a lot of unknowns,” he said. In the following days, CISA’s leadership came back with news that several federal agencies had been targeted—including DHS.
According to the Associated Press, which first reported on the news that hackers had accessed Wolf’s emails, top DHS officials used new phones that had been wiped clean and the encrypted messaging system Signal to communicate in the days after the incident’s discovery.
Adam Janofsky is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.