2016 intel report was tasked to probe Chinese election meddling, but instead focused just on Russia

The controversial January 2017 intelligence community assessment (ICA) on meddling in the 2016 election was supposed to include details on Chinese hacking efforts targeting U.S. presidential campaigns in 2008 and 2012 — but it focused solely on Russia instead, and never mentioned Beijing once.

The omission of any mention of China in the publicly available versions of the January 2017 ICA is notable, given that internal emails indicate President Barack Obama ordered the ICA to include details on China’s 2008 cyber campaign targeting the campaign of Obama and of his opponent, since-deceased and then-Sen. John McCain, R-Ariz. 

Obama’s own White House also repeatedly said after the November 2016 election that the ICA would include details on any and all malicious foreign cyber efforts during the 2008 election as well as during the 2012 face-off between Obama and former Gov. and future Sen. Mitt Romney, R-Utah.

Despite this, the ICA does not appear to have contained anything about Chinese efforts in 2008 and 2012, focusing almost exclusively on Russia’s alleged efforts in the 2016 election between Donald Trump and Hillary Clinton.

CCP hackers targeted Obama, McCain and Romney

Though it is a largely-overlooked saga — lacking any formal ICA detailing it — there is substantial evidence that Chinese hackers targeted Obama and McCain in 2008 and again targeted Obama and Romney in 2012.

Then-Director of National Intelligence, James Clapper’s executive assistant, sent an early December 2016 email about Obama’s orders related to the Russian meddling assessment, saying it would also include a look at China’s influence operations in the 2008 election. 

A national intelligence officer working for ODNI then sent an email a few days later also confirming that the ICA would include details on China’s efforts during the 2008 campaign.

A principal deputy press secretary for the Obama White House also declared publicly in early December 2016 that the ICA would include details about all foreign malicious cyber activity aimed at U.S. elections since 2008, including the Chinese targeting of the McCain and Obama campaigns in that election cycle.

And the Obama White House’s press secretary repeatedly said in the days leading up to the public release of the ICA in early January 2017 that the ICA would include information about malicious foreign cyber efforts during the 2008 and 2012 elections in addition to the 2016 campaign.

This did not happen. 

The publicly-available version of the January 2017 ICA included no mention of Chinese attempts at election influence. A further declassified version of the January 2017 ICA also ignored Chinese cyber efforts targeting campaigns in 2008 and 2012. The recently-declassified bombshell House Intelligence Committee report declassified last month contains no indication that the most highly-classified version of the ICA touched on China either.

Russia, Russia, Russia

Since-fired FBI Director James Comey and disgraced Deputy Director Andrew McCabe pushed in December 2016 to include British ex-spy Christopher Steele's debunked dossier in the January 2017 ICA. A recent CIA review, referred to as the "lessons learned" memo, sharply criticized then-CIA Director John Brennan for allegedly joining with these anti-Trump forces in the FBI in pushing to include Steele’s baseless anti-Trump dossier in the assessment.

The CIA’s recent eight-page “lessons learned” review — released in July by CIA Director John Ratcliffe — concluded that “the decision by agency heads to include the Steele Dossier in the ICA ran counter to fundamental tradecraft principles and ultimately undermined the credibility of a key judgment.” In a statement, the CIA said “Agency heads at the time created a politically charged environment that triggered an atypical analytic process around an issue essential to our democracy.”  

A recently-declassified House analysis provided further details on how Brennan made sure that the Steele Dossier — bought and paid for by the Clinton campaign — would be included in the ICA, despite objections from others in the CIA and elsewhere inside the IC with experience in Russian affairs.

Obama’s directive and public promises ignored by the IC

The January 2017 ICA was supposed to provide details about previous Chinese election meddling, but the assessment failed to do so.

Clapper’s executive assistant sent a December 9, 2016 email to more than a dozen DNI email accounts and at least one CIA account and provided a “Tasker on Russian Interference in U.S. Elections,” indicating Obama wanted the ICA to include “how Moscow’s approach has changed over time, going back to 2008 and 2012 as reference points.” The ICA did not fully answer those questions.  The email also said that the “assessment will include additional elements, such as […] a box on China’s role in the 2008 election.” This never happened.

The then-national intelligence officer for Russia and Eurasia also sent an email to numerous DNI, FBI, CIA, and NSA email accounts on December 12 that year, repeating that the “assessment will include additional elements, such as … a box on China’s role in the 2008 election.” This was nowhere to be found in the ICA.

Eric Schultz, the White House Principal Deputy Press Secretary under President Obama, talked about the alleged Russian meddling during the 2016 election and said that the ICA “is going to put that activity in a greater context. That's going to look at the pattern of this happening from foreign actors, dating all the way back to 2008.”

A reporter asked if the ICA would encompass just Russia or if it would also look at other state actors as well as non-state actors.“The latter. … In other words, the intrusion that I mentioned in 2008 was publicly attributed to the Chinese, not to the Russians. So, yes, we will be looking at all foreign actors and any attempt to interfere with the elections,” Schultz promised.

White House press secretary Josh Earnest also repeatedly promised that the ICA would include details about malicious cyber activity in the 2008 and 2012 elections, as well as in the 2016 election.

“The President has tasked the intelligence community with putting forward more information before January 20th not just about what Russia did in the 2016 election, but about some of the malicious cyber activity that we saw in the context of the 2008 and 2012 elections, as well,” Earnest said on January 3, 2017.

Earnest also said the next day that “what I can tell you is that the intelligence community has been working at the direction of the President to put together a report that reflects their consensus view about malicious cyber activity in the context of the 2016, 2012, and 2008 presidential elections.”

That promise was not kept. There does not appear to be any mention in the ICA of China’s cyber activities targeting the 2008 and 2012 campaigns of both Republicans and Democrats, despite this promise.

The bipartisan Senate Intelligence Committee report from 2020 said that “the direction received from the President asked for context for the 2016 election by looking at foreign interference in the 2008 and 2012 elections.” In addition, the Senate report from 2020 also said that “the tasking [from Obama] included providing the IC's understanding of the historical context of Russian interference in U.S. political processes, focusing on the 2008 and 2012 elections.” The Senate report also said that “the ICA and its sources do not provide a substantial representation of Russian interference in the 2008 and 2012 presidential elections, as the Committee understands was part of the President's [Obama’s] original tasking.”

2008: Chinese hacking of McCain and Obama campaigns

There have been numerous reports and commentary from former campaign members, ex-intelligence officials, and others describing how Chinese government cyber actors hacked both the McCain and Obama campaigns in 2008.

It was reported by Newsweek late on the evening of November 4, 2008 — Election Day — that “the computer systems of both the Obama and McCain campaigns were victims of a sophisticated cyberattack by an unknown ‘foreign entity,’ prompting a federal investigation.”

“At the Obama headquarters in midsummer, technology experts detected what they initially thought was a computer virus — a case of ‘phishing,’ a form of hacking often employed to steal passwords or credit-card numbers,” the outlet said. “But by the next day, both the FBI and the Secret Service came to the campaign with an ominous warning.”

A federal agent reportedly told Obama’s team, “You have a problem way bigger than what you understand. You have been compromised, and a serious amount of files have been loaded off your system." The next day, Bush White House chief of staff Josh Bolten reportedly told Obama campaign chief David Plouffe that “you have a real problem [...] and you have to deal with it."

“Officials at the FBI and the White House told the Obama campaign that they believed a foreign entity or organization sought to gather information on the evolution of both camps' policy positions—information that might be useful in negotiations with a future administration,” Newsweek said. “The Feds assured the Obama team that it had not been hacked by its political opponents. (Obama technical experts later speculated that the hackers were Russian or Chinese.)” 

Obama's IC ignored credible reports on China's cyber activities

It was reported by the Financial Times just a couple of days later in early November 2008 that “U.S. government cyber investigators have determined that an attack this summer on the Obama and McCain campaign computer networks also originated in China. The Secret Service warned the Obama and McCain campaigns that their networks had been [compromised]. The hackers successfully downloaded large quantities of information, which security agencies believed was an attempt to learn more about the contenders’ policy positions.”

It was also reported by the Financial Times in November 2008 that Chinese hackers had penetrated the Bush White House’s computer network multiple times. NBC News later reported in 2015 that Chinese hackers had accessed the private emails of many key Obama administration officials and had been doing so since at least April 2010.

As president, Obama referenced the 2008 hacking of his campaign in a 2009 speech on cyber infrastructure policy, but he did not reveal that China was the foreign actor behind the hack, nor did he include the fact that the Chinese had hacked McCain’s campaign as well.

“Between August and October, hackers gained access to emails and a range of campaign files, from policy position papers to travel plans,” Obama said in a 2009 speech. “And we worked closely with the CIA — with the FBI and the Secret Service and hired security consultants to restore the security of our systems.”

An article by NBC News in 2013 — half a decade after the hacking of Obama and McCain — appears to be the first to provide more granular detail about the Chinese hacking. The outlet said that “the intrusions and some details of what was targeted have been previously reported, but not publicly attributed to government-backed Chinese hackers” and noted that “neither the president [Obama] nor his top aides publicly spoke about the identity of the hackers, or the depth and gravity of the attack.”

NBC cited “U.S. intelligence officials” when reporting that “the U.S. secretly traced a massive cyber espionage operation against the 2008 presidential campaigns” of Obama and McCain “to hacking units backed by the People’s Republic of China, prompting high-level warnings to Chinese officials to stop such activities.”

Beijing's cyber-campaign reported by media but ignored by Feds

NBC also said this was part of “Beijing’s aggressive, orchestrated campaign to pierce America’s national security armor at any weak point – in this case the computers and laptops of top campaign aides and advisers who received high-level briefings” and that “the goal of the campaign intrusion, according to the officials: to export massive amounts of internal data from both campaigns—including internal position papers and private emails of key advisers in both camps.”

The outlet said that U.S. government officials and former campaign officials “now acknowledge … that the security breach was far more serious than has been publicly known, involving the potential compromise of a large number of internal files.”

The network also said that former FBI official Shawn Henry “headed up the FBI’s probe of the 2008 attacks as the bureau’s chief of cyber-investigations” and that “he is now president of Crowdstrike.” Henry’s Crowdstrike is the same company which the DNC reached out to in 2016 and which first attributed the hack of the DNC to the Russians.

“There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue,” Henry told the outlet in 2013 when speaking about the Chinese hack of Obama's systems. “It’s stealing of information and there should be outrage.”

Alan Brill, the senior managing director of Kroll Solutions, which investigated the Chinese hack of the Obama campaign in 2008, told the outlet that the malware was “as sophisticated as anything we had seen” and was part of an “an infection chain” which replicated itself throughout the Obama campaign’s computer system. Brill said the Chinese hacking efforts continued for months in 2008, saying, “It was like a firefight. This was starting every day knowing that you didn’t know what they were going to throw at you.”

NBC also reported that the Chinese hack “included the apparent theft of private correspondence from McCain to the President of Taiwan” — an “incident that caused concern among U.S. intelligence officials.” The Chinese hackers gained access to private correspondence between McCain and Ma Ying-jeou, who at that time was the newly-elected president of Taiwan, the outlet said.

The outlet said that in late July 2008 “McCain had signed a personal letter — drafted on campaign computers — pledging his support for the U.S.–Taiwanese relationship and Ma’s efforts to modernize the country’s military.”

It was also reported by Time in 2013 that the Chinese hack was aimed at “targeting memos on national security and economic policy, apparently with the hope of getting a leg up on the new administration’s thinking.” The outlet said that “the revelation in the days following Obama’s historic victory was largely overlooked, and it was just a taste of what was to follow.”

It was reported by The New York Times in December 2016 — after Trump’s win — that the Chinese hack of Obama and McCain was believed to have been carried out by “Chinese intelligence.”

The Chinese knew that we knew

“Before the letter had even been delivered, a top McCain foreign policy adviser got a phone call from a senior Chinese diplomat in Washington complaining about the correspondence,” the outlet said. Randall Schriver, a former State Department official who had been a top Asian policy adviser for the McCain campaign, told the outlet that the Chinese official “was putting me on notice that they knew this was going on” and that it “certainly struck me as odd that they would be so well-informed.”

The Clapper-led ODNI in May 2016 released a post-November 2008 election briefing document which the intelligence community had seemingly drafted for incoming Obama administration officials and which seemed to at least in part be about the Chinese hack against the Obama and McCain campaigns. It was first reported on by The Intercept, and the ODNI link no longer fully works.

The ODNI-authored document was titled, “Unlocking the Secrets: How to Use the Intelligence Community.” The document strongly hinted at the Chinese hack, and emphasized that it had been a significant action taken by China (although the country wasn’t named).

“Foreign intelligence services have been tracking this election cycle like no other. Foreign intelligence services targeted the campaigns,” the ODNI document from just after the 2008 election said. “They: Met with campaign contacts and staff, Used human source networks for policy insights, Exploited technology to get otherwise sensitive data, [and] Engaged in perception management to influence policy. This exceeded traditional lobbying and public diplomacy.”

Thomas Bossert, who had been Bush’s deputy homeland security adviser and later was Trump’s homeland security adviser in 2017 and early 2018, spoke with Yahoo News in July 2018, telling the outlet that “he was the official designated to personally inform” Obama’s campaign that “Chinese hackers had infiltrated its computers during the 2008 election.” The outlet noted that “the Chinese had penetrated the computers” of McCain’s campaign too.

Bossert also attended the Aspen Security Forum that month, where he spoke at a panel session on confronting global cyber threats and revealed some more details about the 2008 Chinese hack, which he said had been a serious influence effort.

“When I handed the baton from Bush to Obama, I handed it to Lisa [Monaco] … and to John Brennan,” Bossert said. “And just a little level setting. At that time, the phone call I got was from then-FBI Director [Robert] Mueller with then chief of staff Lisa Monaco saying the Chinese have hacked… the McCain campaign and the Obama campaign. That was a foreign government using cyber tools directly, right? Very similar [to 2016], but this happened then.”

The moderator, David Sanger of The New York Times, interrupted Bossert to say that “they [the Chinese] didn’t make it public — they were doing it as an espionage operation.” Monaco also jumped in to argue that “as I recall, other people made it public.”

“We did a good job of keeping that quiet, and we did what we needed to do to get the campaign staff to understand the threat,” Bossert continued. “I don’t agree with your contention that they kept it quiet. I don’t know what they did with it. In fact, I don’t know what they might’ve done with it. And in fact, if you or any of you were on the short list to be a senior executive in that administration and that was kept in an electronic fashion in those databases, your house was subject to surveillance, your life was subject to some invasion prior to you even knowing you were being considered.”

Bossert added that “I think there was a significant influence effort going on there. I think there was a significant influence risk there.”

2012: Chinese hacking of Romney and Obama campaigns

There were multiple contemporaneous articles describing how Chinese government cyber actors hacked both the Romney and Obama campaigns in 2012, including commentary from former campaign officials about the cyberattacks.

It was reported by Time in 2013 that “neither campaign official would confirm which nation states were responsible, but one Obama campaign staffer said she was warned about the threat from China in particular.” The Obama staffer reportedly “said phishing emails often appeared to be press releases or news reports close to her area of responsibility — and usually related to breaking political news” and quoted her as saying that the phishing attempts “looked a lot like my real email.”

An excerpt from the book "DOUBLE DOWN: Game Change 2012" published by Time in 2013 provided more details about the Chinese efforts targeting the Romney campaign. The book said that Beth Myers was selected to lead the search for Romney’s vice presidential pick, and that the campaign had to operate with secrecy and in code, in part to avoid Chinese espionage efforts.

“Myers set up her operation in a third-floor office on Boston’s Commercial Street that became known as ‘the clean room.’ Because the Romney campaign’s servers were under continual assault by Chinese hackers, the computers in the clean room were not connected to the Internet,” the book excerpt recounted. 

Matt Rhoades, Romney’s 2012 campaign manager, also later spoke about the impact of the Chinese hacking efforts on the Romney campaign. “When I was Mitt’s campaign manager, we were actually hacked in the fall of 2011, and we were told by the FBI that the Chinese had hacked into our campaign,” Rhoades told CBS in 2017. 

“What the problem was, and we didn’t make a big to-do about it, but we had to spend precious campaign dollars to up our cybersecurity network. That was money that when we got to actual campaign elections — the primary with Newt Gingrich and Rick Santorum — those were resources we couldn’t use.”

When asked why the campaign hadn’t talked about this during the 2012 campaign, Rhoades replied, “It wasn’t going to move the ball down the field in winning the Republican nomination. We talked about it after the election, and so it just didn’t get as much coverage.”

Rhoades wrote a piece for Politico in 2018 explaining that, as Romney’s 2012 campaign manager, “I experienced cyberattacks firsthand when China tried to infiltrate our servers, forcing us to spend precious campaign resources on improved cybersecurity. Every cent we spent on protection could have been used addressing voters’ concerns, and that meant even unsuccessful cyberattacks ultimately weakened our campaign.”

The former Romney campaign manager expounded on this a bit more in a 2020 interview, where he also pointed out that the post-2016 focus had been exclusively on Russia-related cyber efforts, despite what China and other adversaries had done and likely planned to do.

“In 2011, when I was managing Mitt Romney’s presidential campaign. We discovered that our campaign had been hacked by the Chinese government during the primaries, and cybersecurity became a very real issue, very quickly. Unfortunately, this forced us to use precious campaign dollars on higher levels of network security rather than on winning votes,” Rhoades said in 2020.

Rhoades also said, “After the 2016 elections, the focus was exclusively on Russia. This attention was warranted, but it left us blind to possibly even more serious threats in China, Iran, North Korea, and even here domestically. We’ve learned that cybersecurity threats can come from anywhere, and anyone can be a target. Nation states and domestic hackers don’t care if you’re a liberal or conservative – they care about creating chaos and discord in our country. That’s the type of problem Americans can only solve if it’s united.”

"Playing Politics": Chinese targeting of Trump suppressed in 2020

Just the News published a story earlier this year revealing that a confidential human source told FBI counter-intelligence in the summer of 2020 that China’s communist government was seeking to meddle in the impending election to help then-candidate Joe Biden. That report was confirmed by a review by Just the News of a raw intelligence report distributed to federal agencies. 

Last month, Senate Judiciary Committee Chairman Chuck Grassley, R-Iowa, released FBI emails appearing to show the bureau did not pursue intelligence indicating Communist China was looking to hijack the 2020 presidential election with a potential mail-in ballot scheme to assist then-Democratic nominee Joe Biden. 

Grassley said he released the emails “revealing the FBI suppressed intelligence of alleged Chinese interference in the 2020 election” to “insulate” then-FBI Director Christopher Wray “from criticism, after Wray provided inaccurate and contradictory testimony to Congress.”

FBI Director Kash Patel and Deputy Director Dan Bongino alleged this summer that the bureau's prior leadership "chose to play politics" and hide evidence from the American people regarding a Chinese plot to hijack the 2020 U.S. election with fake mail-in ballots for Biden.

This was by no means the only example of the U.S. intelligence community potentially burying evidence pointing to China's malicious foreign influence efforts tied to the 2020 election.

Then-DNI John Ratcliffe, who is now Trump’s CIA director, revealed in early January 2021 that he had found evidence about the politicization of Chinese election influence analysis inside the IC and of undue pressure being brought to bear against the analysts who had assessed that China had worked to stop Trump from being reelected.

“I am adding my voice in support of the stated minority view — based on all available sources of intelligence, with definitions consistently applied, and reached independent of political considerations or undue pressure — that the People’s Republic of China sought to influence the 2020 U.S. federal elections,” Ratcliffe said in January 2017.

An intelligence community analytic ombudsman found in an early January 2021 report that U.S. intelligence analysts appeared to hold back information on Chinese meddling efforts because those analysts disagreed with the Trump administration’s policies.

Christopher Porter, the national intelligence officer for cyber during the 2020 election, tweeted on Friday that “five years ago at this time, a group of senior cyber and counterintelligence analysts joined me in dissenting on the Intelligence Community assessment on China’s interference in the [2020] Presidential election. CIA, NSA, and ODNI management blocked that dissent for political reasons.”

“We’ve been fighting for the truth about what they did to @POTUS [Trump] ever since,” Porter said. “Soon, everyone will get to see what we knew: that China was using its entire state apparatus to block Trump’s reelection.”

ICA buried election influence threats posed by other countries

The ICA refused to focus on any foreign meddling other than Russia’s in 2016. A whistleblower who served as the deputy national intelligence officer for cyber issues from 2015 to 2019 alleged that during the drafting of the January 2017 ICA, “I noted other nations' efforts to influence the 2016 Presidential election, but this critical context was omitted from the 2017 ICA.”

A recently-declassified September 2016 assessment was titled “Cyber Threats to the 2016 U.S. Presidential Election” and touched on the potential challenges posed by China, Iran, North Korea, and others, as well. “We judge that Russia, China, Iran, and North Korea can execute a variety of disruptive cyber attacks, including data corruption, distributed denial of service, and even data modification on some election infrastructure,” the ICA from September 2016 stated.

Mentions of these other countries — including China — were entirely eliminated in the January 2017 assessment, titled “Assessing Russian Activities and Intentions in Recent U.S. Elections.”