Trump's hacking comment rattles the cybersecurity industry

Trump suggested that Russia should steal Hillary Clinton’s emails

Donald Trump’s muddled stance on hacking has disturbed security experts at time when the tech industry is looking for clarity on the U.S.'s cyber policy.

On Wednesday, the outspoken presidential candidate seemed to call on Russia to break into rival Hillary Clinton’s email system.

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said, referring to emails Clinton had deleted from a private email server. On Thursday, he walked back his comment and said he was being sarcastic.

Some security experts are concerned that Trump is taking the matter so lightly when the country is trying to halt a rash of cyberattacks against it, not promote them.

“Whether he was sarcastic or not, it was an open invitation to hack,” said Justin Harvey, CSO with Fidelis Cybersecurity. “And I guess I’m deeply disturbed by that posturing.”

It's not the first time Trump has made a remark about hacking his own government. In 2014, he tweeted that hackers should uncover records about President Obama’s birth place.

Trump shoots from the hip about all manner of subjects, and his offhand comments serve partly to keep his name in the headlines. But they also show a willingness to be flippant about topics that are vital to national security.

“Supporting espionage that harms America is never okay,”said Eric O'Neill, national security strategist at security firm Carbon Black.

“However," he said, "Trump’s comment is only half of the story.”

Clinton didn’t show the best judgment when using a “poorly protected” private server to exchange emails during her time as secretary of state, he noted. O’Neill said it would be a “nightmare” for Clinton if Russian hackers have stolen some of her emails.

“Security is critical in both the policies we promote and the actions we take,” he said.

Trump’s campaign staff have said he never explicitly invited anyone to hack Clinton, and that his comments were merely an invitation to produce 32,000 emails that she deleted during an investigation into her use of the private server.

On Thursday, during an interview with Fox News, Trump called the email deletion “illegal.”

Regardless of the intent, Trump’s comments will cause concern within the security industry, said Kendall Burman, a data privacy lawyer at Mayer Brown. Cybersecurity issues have only grown in importance, and the next president will need to clarify the U.S. policy on the matter, she said.

Just this week, President Obama issued a new directive to better coordinate the U.S. response to major cyber attacks. However, the U.S. hasn’t defined its policy towards cyber war, and whether it would lead to retaliation.

It could soon find itself in that very position. Speculation is building that Russian hackers may have breached the Democratic National Committee as a way to influence the outcome of the U.S. election.

The FBI is still investigating the incident, but stolen documents have been leaked to the public and could undermine support for Clinton.

Whatever the FBI concludes, the U.S. still needs to prevent cyberspies from stealing critical information, O'Neill said.

Trump has yet to outline his policies on cybersecurity, and comments like the one about Russia do little to inspire confidence, Harvey said.

“To hack another U.S. citizen, regardless if it’s a political candidate or a private citizen, I think that crosses a line,” he said.

Join the CSO newsletter!

Error: Please check your email address.

More about Carbon BlackCSOFBINewsO’Neill

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts