Share

Russians Believed To Have Used Spear-Phishing In Election Hacking



MICHEL MARTIN, HOST:

Now it’s time for a unchanging shred Words You’ll Hear. That’s where we take a word or word that will be in a news this week and try to know it by focusing on that word. This week, a word is spear-phishing. That’s when a hacker tricks somebody by promulgation an email allegedly from somebody a aim knows and trusts though with antagonistic software. The aim sees an email from a crony or colleague, opens adult a putrescent connection and bam, a hacker is in. That’s one of a strategies that Russia is believed to have used to try to change a U.S. elections final fall.

Next week, both a House and a Senate will reason hearings to demeanour into this. For more, we spin now to NPR’s Pam Fessler, who only got behind from a integrate of conferences with state and internal choosing officials final week. Hi, Pam.

PAM FESSLER, BYLINE: Hi, how we doing?

MARTIN: Good. So can we give us an overview of a purported spear-phishing campaign? Who were a targets, and how did it happen?

FESSLER: Well, this was an attempted conflict on choosing systems around a country. And it was suggested in an – National Security Agency news that was leaked about a week and a half ago. And apparently, Russian comprehension attempted final Aug to mangle into a email complement of a businessman who provides voter registration program and hardware to internal choosing offices.

It’s not accurately transparent what happened solely that late October, early November, 122 internal choosing officials were sent emails that looked like they were entrance from that vendor. They had attachments that enclosed antagonistic software. It’s not transparent if anyone indeed clicked on a attachments. There’s no signs that anybody did, though this lifted a lot of red flags.

MARTIN: Well, we know, vocalization of that, what prompts these hearings now? we mean, these concerns about a Russians tampering with a elections have been listened given final fall, so since now?

FESSLER: So this is partial of a broader review into Russian efforts final year to manipulate and meddle in U.S. elections. And so this is a most broader investigation. And it’s taken a while for a committees to try and figure out exactly, we know, where a concentration of this review is going to be.

MARTIN: Now, we mentioned that we were only during a discussion with choosing officials. And we spoke with someone from VR Systems. That’s a association that creates a choosing program that a hackers targeted. What is VR Systems observant about all of this?

FESSLER: That’s right. we spoke with Ben Martin. He is a company’s arch handling officer. And he pronounced that what appears to be Russian comprehension attempted to mangle into their employees’ emails accounts. He, in fact, says that nothing of his worker accounts were, in fact, compromised, though their business were receiving feign emails, emails that were done to demeanour like they were from this company.

Also, he said, we know, no choosing program association would be promulgation choosing offices updates to program only days before a election, so this lifted a garland of red flags. They alerted comprehension officials. And they also alerted all of their business to not open a attachments. And as distant as they know, nobody did open a attachments.

MARTIN: Well, Pam, before we let we go since there’s still – there are still there are still so many unanswered questions and questions that competence never be answered about what happened final fall, what does this meant for arriving elections in 2018 and 2020?

FESSLER: State and internal choosing officials contend they’re already doing a lot with security. They are now operative some-more with a sovereign government. The Department of Homeland Security has announced that choosing systems are now what they call vicious infrastructure. And this means that they will be providing a lot some-more assistance to state and internal choosing officials to try and exam their systems to make certain that they are not exposed to outward attacks.

So there’s going to be a lot of speak in a arriving year or dual about only how most choosing systems can be secured. Some people say, we know, a best approach to do that would be to make certain that we have voting machines that all have – if we have an electronic voting machine, that they have paper list backups. So if something does go wrong, we can always go behind to a paper and count and make certain that there hasn’t been any tampering. But it’s going to take a lot some-more than only that.

MARTIN: That’s NPR’s Pam Fessler. Pam, appreciate you.

FESSLER: Thank you.

Copyright © 2017 NPR. All rights reserved. Visit a website terms of use and permissions pages during www.npr.org for serve information.

NPR transcripts are combined on a rush deadline by Verb8tm, Inc., an NPR contractor, and constructed regulating a exclusive transcription routine grown with NPR. This content might not be in a final form and might be updated or revised in a future. Accuracy and accessibility might vary. The lawful record of NPR’s programming is a audio record.