KIOS-FM

Dina Temple-Raston

Steven Adair hunts hackers for a living. Back in January, in a corner-of-his-eye, peripheral kind of way, he thought he saw one in his customer's networks — a shadowy presence downloading emails.

Adair is the founder of a cybersecurity company called Volexity, and he runs traps to corner intruders all the time. So he took a quick look at a server his client was using to run Microsoft Exchange and was stunned to "see requests that we're not expecting," he said. There were requests for access to specific email accounts, requests for confidential files.

Early one morning in January, Suzanne Ianni peered through her window to discover two black SUVs and a police cruiser parked in front of her house. All she could think was: "Aw, they're here."

While Ianni had been expecting federal agents for days, she wasn't fully prepared for their arrival or for the moment when they said, "You're under arrest." "And I just sat down in a chair, I was trying to catch my breath," she told NPR. "And they're like, OK just relax," she said. "It's only a misdemeanor."

Copyright 2021 NPR. To see more, visit https://www.npr.org.

SCOTT SIMON, HOST:

We learned this week that thousands of accounts at 150 different humanitarian organizations were breached in an attack that was first disclosed by Microsoft.

Microsoft officials say hackers linked to the Russian intelligence service, SVR, appear to have launched another supply chain attack — this time on a company that allowed the intruders to slip into the computer networks of a roster of human rights groups and think tanks.

Microsoft said it discovered the breach this week and believes it began with hackers breaking into an email marketing company called Constant Contact, which provides services to, among others, the United States Agency for International Development.

Updated May 28, 2021 at 12:50 PM ET

The same Russian hackers who carried out the SolarWinds attack and other malicious campaigns have now attacked groups involved in international development, human rights and other issues, according to Microsoft. The company said the breach began with a takeover of an email marketing account used by the U.S. Agency for International Development.

A flawed coronavirus test distributed by government scientists early in the pandemic was poorly designed and came with erroneous instructions that made it doubly difficult for labs to rely on the test's results, new records show. The shortcomings of the test kits cost the nation precious weeks as officials sought to detect virus hot spots and manage the outbreak.

For months, officials have been saying the Jan. 6 attack on the U.S. Capitol was the result of a classic intelligence failure. Now key officials are questioning whether that was the case.

The Biden administration is putting the final touches on an executive order aimed at helping the U.S. defend itself against sophisticated cyberattacks like the one Russian hackers recently leveled against Texas software-maker SolarWinds.

"This release includes bug fixes, increased stability and performance improvements."

The routine software update may be one of the most familiar and least understood parts of our digital lives. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The next morning, rather like the shoemaker and the elves, our software is magically transformed.

More than three months after the U.S. Capitol riot, a bomb-maker remains on the loose.

A majority of the public's attention has been focused on the hundreds of people who have been charged for their role on Jan. 6. But the night before, someone committed a different crime: The person placed two explosive devices near the Capitol in Washington, D.C., and that person is still at large.

Before Jan. 6, the run-ins Bruno Cua, 18, had had with police in his small town of Milton, Ga., were mostly of the scofflaw variety.

He blew an air horn in the school parking lot — that ended with a citation for disturbing the peace. He had been on the receiving end of multiple warnings for trespassing — he insisted on cutting through someone else's land to go fishing. And, according to court documents, his all-terrain vehicle was also a source of consternation: Police kept telling him to stop driving it on roads where it didn't belong.

Before Jan. 6, 18-year-old Bruno Cua was best known in his small town of Milton, Ga., as a great builder of treehouses. These were big, elaborate creations with ladders and trapdoors and framed-out windows. They were so impressive, neighbors paid Cua to build them for their kids.

Updated September 17, 2021 at 3:51 PM ET

Editor's note: This story was first published on Feb. 9, 2021. It is regularly updated, and includes explicit language.

Back in November, Kevin Mandia, CEO of the cybersecurity firm FireEye, opened his mailbox to find an anonymous postcard. It had a simple cartoon on the front. "Hey look, Russians," it read. "Putin did it."

The people in the yellow hazmat suits arrived at St. Joseph's Senior Home in Woodbridge, N.J., on a crisp morning in late March, emerging from blue and white ambulance buses all suited up, like astronauts descending from a lunar rover.

For the 78 residents whom they had come to evacuate on March 25, however, this all felt more like an alien abduction. As the hazmats approached, some residents shouted and furiously clawed at the air; others begged not to be taken away, clutching the nuns' sleeves, dissolving into tears.

As the nation gears up for a massive vaccination effort, the Trump administration is doubling down on a novel, unproven injection device by providing more than half a billion dollars in government financing for something still awaiting Food and Drug Administration approval.

On Feb. 6, a scientist in a small infectious disease lab on the Centers for Disease Control and Prevention campus in Atlanta was putting a coronavirus test kit through its final paces. The lab designed and built the diagnostic test in record time, and the little vials that contained necessary reagents to identify the virus were boxed up and ready to go. But NPR has learned the results of that final quality control test suggested something troubling — it said the kit could fail 33% of the time.

Back in July, two cybersecurity firms sent the Department of Homeland Security a troubling report that described a possible vulnerability in the online voter registration systems in dozens of counties in California and Florida.

The report, obtained by NPR, warned that flaws that might have allowed hackers to change a handful of voter registration files four years ago are still likely to exist in some places, and could be used again.

The Trump administration has renewed a controversial contract with a Pittsburgh company to collect key COVID-19 data from hospitals.

The Department of Health and Human Services decided to award a second $10.2 million, six-month contract to TeleTracking Technologies even though Congressional committees are investigating the process by which the contract was awarded and the HHS Inspector General is looking at how the company is securing the information it is gathering, an NPR Investigation has learned.

Despite people's fears, sophisticated, deceptive videos known as "deepfakes" haven't arrived this political season. But it's not because they aren't a threat, sources tell NPR. It's because simple deceptions like selective editing or outright lies have worked just fine.

"You can think of the deepfake as the bazooka and the video splicing as a slingshot. And it turns out the slingshot works," said Hany Farid, a professor at the University of California, Berkeley specializing in visual misinformation.

The Government Accountability Office is investigating the Pentagon's interest in deploying a "heat ray" to control crowds around the White House, part of a broader review of the tactics and use of nonlethal weapons that have been leveled against social justice protesters this summer, NPR has learned.

Federal police officers who cleared a crowded park near the White House with smoke and tear gas in June violated court-ordered regulations that spell out how demonstrators are to be warned before aggressive tactics are used against them, attorneys who helped write the agreed-upon rules say.

Louis DeJoy, depending on whom you talk to, is either a Republican political operative beholden to President Trump, or a savvy businessman who's the right person to fix what's broken at the U.S. Postal Service. When senators question him this week, they will want to know which narrative is closer to the truth — and whether he is suited to head the service at this time.

Congressional investigators are launching an inquiry into a handful of companies that landed government contracts related to COVID-19, calling the deals "suspicious" because the companies lacked experience and, in some cases, had political connections to the Trump administration.

A surveillance camera is said to have recorded it all: a woman in a black t-shirt stepping out of a tan minivan; the lighting of a toilet-paper fuse, the arc of a beer bottle filled with fuel as it was thrown onto the dashboard of an empty police car. That act of vandalism, in the early hours of May 30, is why two Brooklyn lawyers are fighting federal explosives charges and could face as much as life in prison.

A few years ago, Paul Allen, the co-founder of Microsoft, published the results of something called the Great Elephant Census, which counted all the savanna elephants in Africa. What it found rocked the conservation world: In the seven years between 2007 and 2014, Africa's savanna elephant population decreased by about a third and was on track to disappear completely from some African countries in as few as 10 years.

Copyright 2020 NPR. To see more, visit https://www.npr.org.

AUDIE CORNISH, HOST:

The crowded room was awaiting one word: "Fire."

Everyone was in uniform; there were scheduled briefings, last-minute discussions, final rehearsals. "They wanted to look me in the eye and say, 'Are you sure this is going to work?' " an operator named Neil said. "Every time, I had to say yes, no matter what I thought." He was nervous, but confident. U.S. Cyber Command and the National Security Agency had never worked together on something this big before.

Debbie Scroggin and her husband live at the end of a series of gravel roads in a lonesome part of Kansas. It is the kind of place where, Debbie says, "you have to drive 15 minutes to get anywhere." Getting to the Scroggin house involves turning onto a desolate ribbon of gravel that cuts through fields as far as the eye can see. It was easy to think that someone might come here to either get lost or be forgotten. Scroggin remembers Adrian Lamo arriving on a night train with nothing but a broken suitcase and a hangdog expression.

Copyright 2019 NPR. To see more, visit https://www.npr.org.

RACHEL MARTIN, HOST:

Pages