{ "id": "011a87de-3e8a-4d94-b1c1-de0f60b47df1", "created_at": "2026-04-06T15:53:20.328348Z", "updated_at": "2026-04-10T03:35:29.182936Z", "deleted_at": null, "sha1_hash": "c211d9568ccdb1ccd53b177befbaae20c632ed90", "title": "Exclusive: Secret Trump order gives CIA more powers to launch cyberattacks", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2058500, "plain_text": "Exclusive: Secret Trump order gives CIA more powers to launch\r\ncyberattacks\r\nBy Zach Dorfman, Kim Zetter, Jenna McLaughlin and Sean D. Naylor\r\nPublished: 2020-07-15 · Archived: 2026-04-06 15:42:12 UTC\r\nThe Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets\r\nsince winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for\r\nsuch activities, according to former U.S. officials with direct knowledge of the matter.\r\nThe secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of\r\noperations it conducts and who it targets, undoing many restrictions that had been in place under prior\r\nadministrations. The finding allows the CIA to more easily authorize its own covert cyber operations, rather than\r\nrequiring the agency to get approval from the White House.\r\nUnlike previous presidential findings that have focused on a specific foreign policy objective or outcome — such\r\nas preventing Iran from becoming a nuclear power — this directive, driven by the National Security Council and\r\ncrafted by the CIA, focuses more broadly on a capability: covert action in cyberspace.\r\nThe “very aggressive” finding “gave the agency very specific authorities to really take the fight offensively to a\r\nhandful of adversarial countries,” said a former U.S. government official. These countries include Russia, China,\r\nIran and North Korea — which are mentioned directly in the document — but the finding potentially applies to\r\nothers as well, according to another former official. “The White House wanted a vehicle to strike back,” said the\r\nsecond former official. “And this was the way to do it.”\r\nhttps://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html\r\nPage 1 of 7\n\nPresident Trump and the CIA. (Photo illustration: Kelli R. Grant/Yahoo News; photos: AP(3), Getty\r\nImages)\r\nThe CIA’s new powers are not about hacking to collect intelligence. Instead, they open the way for the agency to\r\nlaunch offensive cyber operations with the aim of producing disruption — like cutting off electricity or\r\ncompromising an intelligence operation by dumping documents online — as well as destruction, similar to the\r\nU.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear\r\nprogram.\r\nThe finding has made it easier for the CIA to damage adversaries’ critical infrastructure, such as petrochemical\r\nplants, and to engage in the kind of hack-and-dump operations that Russian hackers and WikiLeaks popularized,\r\nin which tranches of stolen documents or data are leaked to journalists or posted on the internet. It has also freed\r\nthe agency to conduct disruptive operations against organizations that were largely off limits previously, such as\r\nbanks and other financial institutions.\r\nAnother key change with the finding is it lessened the evidentiary requirements that limited the CIA’s ability to\r\nconduct covert cyber operations against entities like media organizations, charities, religious institutions or\r\nbusinesses believed to be working on behalf of adversaries’ foreign intelligence services, as well as individuals\r\naffiliated with these organizations, according to former officials.\r\n“Before, you would need years of signals and dozens of pages of intelligence to show that this thing is a de facto\r\narm of the government,” a former official told Yahoo News. Now, “as long as you can show that it vaguely looks\r\nlike the charity is working on behalf of that government, then you’re good.”\r\nThe CIA has wasted no time in exercising the new freedoms won under Trump. Since the finding was signed two\r\nyears ago, the agency has carried out at least a dozen operations that were on its wish list, according to this former\r\nofficial. “This has been a combination of destructive things — stuff is on fire and exploding — and also public\r\ndissemination of data: leaking or things that look like leaking.”\r\nSome CIA officials greeted the new finding as a needed reform that allows the agency to act more nimbly. “People\r\nwere doing backflips in the hallways [when it was signed],” said another former U.S. official.\r\nBut critics, including some former U.S. officials, see a potentially dangerous attenuation of intelligence oversight,\r\nwhich could have unintended consequences and even put people’s lives at risk, according to former officials.\r\nThe involvement of U.S. intelligence agencies in hack-and-dump activities also raises uncomfortable comparisons\r\nfor some former officials. “Our government is basically turning into f****ing WikiLeaks, [using] secure\r\ncommunications on the dark web with dissidents, hacking and dumping,” said one such former official.\r\nhttps://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html\r\nPage 2 of 7\n\nThe CIA declined to comment or respond to an extensive list of questions from Yahoo News. The National\r\nSecurity Council did not respond to multiple written requests for comment.\r\nWhile the CIA has been pushing for years to expand its cyber authorities, Russia’s interference in the 2016\r\nelection led Obama officials to grasp for new ways to retaliate against the Kremlin. High-level discussions\r\nincluded proposals for the CIA to dump embarrassing hacked information about Russian officials online, as well\r\nas to destroy Russian servers, according to former officials.\r\nBut just days away from launching operations in the late summer of 2016, intelligence operatives were told to\r\nstand down, according to former officials. The decision to do so was made at the highest levels of the Obama\r\nadministration, according to a former senior national security official.\r\nDuring the early days of the Trump administration, intelligence officials were hopeful that the president would\r\ngive the go-ahead to those operations. But senior Trump officials weren’t interested in retaliating against Russia\r\nfor the election interference, according to a former official. “It was radio silence,” the former official said. “It all\r\ndissipated, went to nothing.”\r\nWhile plans for immediate cyber retaliation against Russia faded, discussions about expanding the CIA’s cyber\r\nauthorities continued to accelerate under Trump. For years, the CIA had bristled under what some intelligence\r\nofficials considered onerous barriers to covert action in cyberspace that prevented it from even proposing many\r\noperations, according to former officials.\r\nWhen it came to covert action, “you always had the two camps [inside the CIA],” said Robert Eatinger, who\r\nserved at the CIA for 24 years, including a stint as the agency’s top lawyer. There were “those who felt that their\r\nhands were too tied, and those who felt the restrictions were wise and appropriate,” recalled Eatinger, who said he\r\nhas no knowledge of the CIA cyber finding signed by Trump and wouldn’t discuss specific incidents that occurred\r\nduring his time with the agency.\r\nAdvocates for greater cyber authorities gained the upper hand in these debates under the Trump administration,\r\nwhich encouraged the CIA to stretch its prior authorities to pursue more aggressive offensive cyber operations —\r\nparticularly against Iran. “Trump wanted to push decision making to the lowest possible denominator,” said a\r\nformer intelligence official.\r\nMike Pompeo made that point clear after Trump made him CIA director in January 2017. Pompeo’s message, the\r\nformer official said, was: “We don’t want to hold you up, we want to move, move, move.”\r\nhttps://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html\r\nPage 3 of 7\n\nA current senior intelligence official, who declined to discuss specific U.S. government operations or policies,\r\ncalled Trump-era interest in offensive operations “phenomenal.” The CIA, the National Security Agency and the\r\nPentagon “have been able to play like we should be playing in the last couple years,” the current official said.\r\nJohn Bolton’s appointment as national security adviser in April 2018 gave another boost to those seeking to ease\r\nrestrictions on cyber operations. “We needed to scrap the Obama-era rules and replace them with a more agile,\r\nexpeditious decision-making structure,” Bolton writes in his recently published memoir, “The Room Where It\r\nHappened.” Part of this involved strengthening the U.S. government’s “clandestine capabilities” in cyberspace\r\nagainst “nonstate actors” and others, he writes.\r\nIn September 2018, Bolton announced that Trump had signed a presidential directive easing Obama-era rules\r\ngoverning military cyber operations. Although the administration disclosed the existence of that directive —\r\nknown as National Security Presidential Memorandum 13 — the underlying rules of engagement for military\r\ncyber operations remain secret. The administration also kept secret the CIA finding, which gave the agency its\r\nnew authorities.\r\nThe CIA’s new cyber powers prompted concerns among some officials. “Trump came in and way overcorrected,”\r\nsaid a former official. Covert cyber operations that in the past would have been rigorously vetted through the\r\nNSC, with sometimes years-long gaps between formulation and execution, now go “from idea to approval in\r\nweeks,” said the former official.\r\nFormer officials declined to speak in detail about cyber operations the CIA has carried out as a result of the\r\nfinding, but they said the agency has already conducted covert hack-and-dump actions aimed at both Iran and\r\nRussia.\r\nFor example, the CIA has dumped information online about an ostensibly independent Russian company that was\r\n“doing work for Russian intelligence services,” said a former official. While the former official declined to be\r\nmore specific, BBC Russia reported in July 2019 that hackers had breached the network of SyTech, a company\r\nthat does work for the FSB, Russia’s domestic spy agency, and stolen about 7.5 terabytes of data; the data from\r\nthat hack was passed to media organizations.\r\nIn another stunning hack-and-dump operation, an unknown group in March 2019 posted on the internet chat\r\nplatform Telegram the names, addresses, phone numbers and photos of Iranian intelligence officers allegedly\r\ninvolved in hacking operations, as well as hacking tools used by Iranian intelligence operatives. That November,\r\nthe details of 15 million debit cards for customers of three Iranian banks linked to Iran’s Islamic Revolutionary\r\nGuard Corps were also dumped on Telegram.\r\nAlthough sources wouldn’t say if the CIA was behind those Iran breaches, the finding’s expansion of CIA\r\nauthorities to target financial institutions, such as an operation to leak bank card data, represents a significant\r\nhttps://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html\r\nPage 4 of 7\n\nescalation in U.S. cyber operations. Under prior administrations, senior Treasury Department officials argued\r\nsuccessfully against leaking or wiping out banking data, according to former officials, because it could destabilize\r\nthe global financial system. These were operations the “CIA always knew were an option, but were always a\r\nbridge too far,\" said a former official. “They had been bandied about at senior levels for a long time, but cooler\r\nheads had always prevailed.\"\r\nThe new cyber finding further emboldened the CIA’s operations against Iran, according to former officials. Even\r\nbefore Trump signed the directive, administration officials were already encouraging the CIA to aggressively\r\ninterpret preexisting secret Iran-related authorities to help prosecute the administration’s “maximum pressure”\r\ncampaign against Tehran. Using the Cold War strategy of rolling back the Soviet Union as inspiration, senior\r\nTrump national security officials believed that destabilizing Iran within its borders would force the regime to\r\ncease its adventurism abroad and, perhaps, collapse.\r\nThe maximum-pressure campaign includes punishing economic sanctions, but has also involved CIA cyberattacks\r\non Iranian infrastructure, said former officials. “It was obvious that destabilization was the plan on Iran,” said one\r\nformer official, and Trump administration officials were eager to have the CIA conduct destructive cyber\r\noperations against targets inside that country. Bolton “wanted another tool, he wanted another hammer. He was\r\nlooking at Stuxnet and how to be mean to Iran, so that was probably attractive to him,” said another source.\r\nThe Trump administration was able to lean on extensive legal powers for covert action against the Islamic\r\nRepublic that were already on the books, including a presidential finding dating back at least to the early 2000s\r\ndevoted to counterproliferation — in other words, preventing a nuclear-armed Iran, according to former officials.\r\nAnother long-standing Iran-focused presidential finding authorizes the CIA to counter Tehran’s influence in the\r\nMiddle East, in particular by combating Iran’s Islamic Revolutionary Guard Corps and by supporting groups in\r\nthe region opposed to the regime, according to former U.S. officials.\r\nNeither these two Iran-related findings, nor the new cyber finding, mention regime change as a stated goal,\r\naccording to former officials. Over time, however, the CIA and other national security officials have interpreted\r\nthe first two Iran findings increasingly broadly, with covert activities evolving from their narrow focus on\r\nstopping Tehran’s nuclear program, they said. The Iran findings have been subject to “classic mission creep,” said\r\none former official.\r\nFatigue from having to continually beat back Iran’s nuclear progress gradually led U.S. officials to take an even\r\nmore aggressive approach that began to resemble a regime change strategy, according to former officials. The\r\nthinking became “If we can impact the regime, then no bomb,” said another former official. “We’re playing\r\nsemantics — destabilization is functionally the same thing as regime change. It’s a deniability issue,” the former\r\nofficial said.\r\nhttps://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html\r\nPage 5 of 7\n\nWhile the CIA’s new powers expand the agency’s ability to target Iran and other foreign adversaries, they also\r\npresent potential pitfalls, according to former officials. The CIA and the Pentagon have long tussled over\r\nauthorities in cyberspace, and these coordination issues will only become more critical now, according to former\r\nofficials — especially when U.S. military operatives online unknowingly run up against their counterparts from\r\nthe CIA.\r\n“If you’re doing something on someone’s network and you have friendly forces also on the network, you don’t\r\nwant to have fratricide,” said a former senior military intelligence official. Even inside the U.S. intelligence\r\ncommunity, the CIA has a reputation for secrecy, according to former officials. The CIA’s “deconfliction is poor,\r\nthey’re not keeping people in the loop on what their cyber operations are,” said another former official.\r\nSome former officials even worry about the oversight of cyber operations within the CIA. Agency cyber\r\noperatives “weren’t always transparent” about their activities, said a former senior official. “It was a problem.\r\nThere were times I was surprised.”\r\nThis more permissive environment may also intensify concerns about the CIA’s ability to secure its hacking\r\narsenal. In 2017, WikiLeaks published a large cache of CIA hacking tools known as “Vault 7.” The leak, which a\r\npartially declassified CIA assessment called “the largest data loss in CIA history,” was made possible by\r\n“woefully lax” security practices at the CIA’s top hacker unit, the assessment said.\r\nEatinger, the former top CIA attorney, who retired in 2015, said it’s unclear to him whether the new cyber finding\r\nwould be a return to the agency’s more freewheeling days of the 1980s, or something that goes even further. Either\r\nway, it’s a “big deal,” he said.\r\nRemoving NSC oversight of covert operations is a significant departure from recent history, according to Eatinger.\r\n“I would look at the intel community as the same as the military in that there should be civilian control of big\r\ndecisions — who to go to war against, who to launch an attack against, who to fight a particular battle,” he said.\r\n“It makes sense that you would have that kind of civilian or non-intelligence civilian leadership for activities as\r\nsensitive as covert action.”\r\nRegardless, these expansive new cyber powers may become a lasting legacy of the Trump administration,\r\nsolidifying the greater role the CIA has long coveted in a key arena, and providing the agency with authorities it\r\nhttps://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html\r\nPage 6 of 7\n\nhas desired for three presidential administrations.\r\n“People thought, ‘Hey, George W. Bush will sign this,’ but he didn’t,” said a former official. CIA officials then\r\nbelieved, “‘Obama will sign it.’ Then he didn’t.”\r\n“Then Trump came in, and CIA thought he wouldn’t sign,” recalled this official. “But he did.”\r\n_____\r\nRead more from Yahoo News:\r\nSource: https://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html\r\nhttps://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html\r\nPage 7 of 7", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html" ], "report_names": [ "secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html" ], "threat_actors": [ { "id": "42a6a29d-6b98-4fd6-a742-a45a0306c7b0", "created_at": "2022-10-25T15:50:23.710403Z", "updated_at": "2026-04-10T02:00:05.281246Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "Whisper Spider" ], "source_name": "MITRE:Silence", "tools": [ "Winexe", "SDelete" ], "source_id": "MITRE", "reports": null }, { "id": "c91e335e-42be-48d9-96b5-ba56749a723b", "created_at": "2022-10-25T16:07:23.458346Z", "updated_at": "2026-04-10T02:00:04.616481Z", "deleted_at": null, "main_name": "CIA", "aliases": [ "Central Intelligence Agency" ], "source_name": "ETDA:CIA", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "eb5915d6-49a0-464d-9e4e-e1e2d3d31bc7", "created_at": "2025-03-29T02:05:20.764715Z", "updated_at": "2026-04-10T02:00:03.851829Z", "deleted_at": null, "main_name": "GOLD WYMAN", "aliases": [ "Silence " ], "source_name": "Secureworks:GOLD WYMAN", "tools": [ "Silence" ], "source_id": "Secureworks", "reports": null }, { "id": "88e53203-891a-46f8-9ced-81d874a271c4", "created_at": "2022-10-25T16:07:24.191982Z", "updated_at": "2026-04-10T02:00:04.895327Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "ATK 86", "Contract Crew", "G0091", "TAG-CR8", "TEMP.TruthTeller", "Whisper Spider" ], "source_name": "ETDA:Silence", "tools": [ "EDA", "EmpireDNSAgent", "Farse", "Ivoke", "Kikothac", "LOLBAS", "LOLBins", "Living off the Land", "Meterpreter", "ProxyBot", "ReconModule", "Silence.Downloader", "TiniMet", "TinyMet", "TrueBot", "xfs-disp.exe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775490800, "ts_updated_at": 1775792129, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c211d9568ccdb1ccd53b177befbaae20c632ed90.pdf", "text": "https://archive.orkl.eu/c211d9568ccdb1ccd53b177befbaae20c632ed90.txt", "img": "https://archive.orkl.eu/c211d9568ccdb1ccd53b177befbaae20c632ed90.jpg" } }