Listen

Dina Temple-Raston

Copyright 2021 NPR. To see more, visit https://www.npr.org.

SCOTT SIMON, HOST:

We learned this week that thousands of accounts at 150 different humanitarian organizations were breached in an attack that was first disclosed by Microsoft.

Microsoft officials say hackers linked to the Russian intelligence service, SVR, appear to have launched another supply chain attack — this time on a company that allowed the intruders to slip into the computer networks of a roster of human rights groups and think tanks.

Microsoft said it discovered the breach this week and believes it began with hackers breaking into an email marketing company called Constant Contact, which provides services to, among others, the United States Agency for International Development.

Updated May 28, 2021 at 12:50 PM ET

The same Russian hackers who carried out the SolarWinds attack and other malicious campaigns have now attacked groups involved in international development, human rights and other issues, according to Microsoft. The company said the breach began with a takeover of an email marketing account used by the U.S. Agency for International Development.

A flawed coronavirus test distributed by government scientists early in the pandemic was poorly designed and came with erroneous instructions that made it doubly difficult for labs to rely on the test's results, new records show. The shortcomings of the test kits cost the nation precious weeks as officials sought to detect virus hot spots and manage the outbreak.

For months, officials have been saying the Jan. 6 attack on the U.S. Capitol was the result of a classic intelligence failure. Now key officials are questioning whether that was the case.

The Biden administration is putting the final touches on an executive order aimed at helping the U.S. defend itself against sophisticated cyberattacks like the one Russian hackers recently leveled against Texas software-maker SolarWinds.

"This release includes bug fixes, increased stability and performance improvements."

The routine software update may be one of the most familiar and least understood parts of our digital lives. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The next morning, rather like the shoemaker and the elves, our software is magically transformed.

More than three months after the U.S. Capitol riot, a bomb-maker remains on the loose.

A majority of the public's attention has been focused on the hundreds of people who have been charged for their role on Jan. 6. But the night before, someone committed a different crime: The person placed two explosive devices near the Capitol in Washington, D.C., and that person is still at large.

Before Jan. 6, the run-ins Bruno Cua, 18, had had with police in his small town of Milton, Ga., were mostly of the scofflaw variety.

He blew an air horn in the school parking lot — that ended with a citation for disturbing the peace. He had been on the receiving end of multiple warnings for trespassing — he insisted on cutting through someone else's land to go fishing. And, according to court documents, his all-terrain vehicle was also a source of consternation: Police kept telling him to stop driving it on roads where it didn't belong.

Before Jan. 6, 18-year-old Bruno Cua was best known in his small town of Milton, Ga., as a great builder of treehouses. These were big, elaborate creations with ladders and trapdoors and framed-out windows. They were so impressive, neighbors paid Cua to build them for their kids.

The Justice Department charged six more people Friday it says are members of a right-wing militia group that plotted in advance of Jan. 6 to attack the U.S. Capitol.

The indictment offers the most sweeping evidence so far that members of the far-right extremist group known as the Oath Keepers had spent months allegedly planning to prevent Congress from certifying President Joe Biden's victory in a bid to keep former President Donald Trump in power.

Back in November, Kevin Mandia, CEO of the cybersecurity firm FireEye, opened his mailbox to find an anonymous postcard. It had a simple cartoon on the front. "Hey look, Russians," it read. "Putin did it."

In late December, the New York Police Department sent a packet of material to the U.S. Capitol Police and the FBI. It was full of what's known as raw intelligence — bits and pieces of information that turned up by scraping various social media sites. It all indicated that there would likely be violence when lawmakers certified the presidential election on Jan. 6.

On Feb. 6, a scientist in a small infectious disease lab on the Centers for Disease Control and Prevention campus in Atlanta was putting a coronavirus test kit through its final paces. The lab designed and built the diagnostic test in record time, and the little vials that contained necessary reagents to identify the virus were boxed up and ready to go. But NPR has learned the results of that final quality control test suggested something troubling — it said the kit could fail 33% of the time.

Back in July, two cybersecurity firms sent the Department of Homeland Security a troubling report that described a possible vulnerability in the online voter registration systems in dozens of counties in California and Florida.

The report, obtained by NPR, warned that flaws that might have allowed hackers to change a handful of voter registration files four years ago are still likely to exist in some places, and could be used again.

The Trump administration has renewed a controversial contract with a Pittsburgh company to collect key COVID-19 data from hospitals.

The Department of Health and Human Services decided to award a second $10.2 million, six-month contract to TeleTracking Technologies even though Congressional committees are investigating the process by which the contract was awarded and the HHS Inspector General is looking at how the company is securing the information it is gathering, an NPR Investigation has learned.

The Government Accountability Office is investigating the Pentagon's interest in deploying a "heat ray" to control crowds around the White House, part of a broader review of the tactics and use of nonlethal weapons that have been leveled against social justice protesters this summer, NPR has learned.

Updated at 2:51 p.m. ET

A spokesperson for Joint Forces Headquarters Command in Washington, D.C., confirmed to NPR that hours before federal police officers cleared a crowded park near the White House with smoke and tear gas on June 1, a military police staff officer asked if the D.C. National Guard had a kind of "heat ray" weapon that might be deployed against demonstrators in the nation's capital.

Federal police officers who cleared a crowded park near the White House with smoke and tear gas in June violated court-ordered regulations that spell out how demonstrators are to be warned before aggressive tactics are used against them, attorneys who helped write the agreed-upon rules say.

Louis DeJoy, depending on whom you talk to, is either a Republican political operative beholden to President Trump, or a savvy businessman who's the right person to fix what's broken at the U.S. Postal Service. When senators question him this week, they will want to know which narrative is closer to the truth — and whether he is suited to head the service at this time.

An NPR investigation has found irregularities in the process by which the Trump administration awarded a multi-million dollar contract to a Pittsburgh company to collect key data about COVID-19 from the country's hospitals.

The contract is at the center of a controversy over the administration's decision to move that data reporting function from the Centers for Disease Control and Prevention — which has tracked infection information for a range of illnesses for years — to the Department of Health and Human Services.

Congressional investigators are launching an inquiry into a handful of companies that landed government contracts related to COVID-19, calling the deals "suspicious" because the companies lacked experience and, in some cases, had political connections to the Trump administration.

A surveillance camera is said to have recorded it all: a woman in a black t-shirt stepping out of a tan minivan; the lighting of a toilet-paper fuse, the arc of a beer bottle filled with fuel as it was thrown onto the dashboard of an empty police car. That act of vandalism, in the early hours of May 30, is why two Brooklyn lawyers are fighting federal explosives charges and could face as much as life in prison.

A few years ago, Paul Allen, the co-founder of Microsoft, published the results of something called the Great Elephant Census, which counted all the savanna elephants in Africa. What it found rocked the conservation world: In the seven years between 2007 and 2014, Africa's savanna elephant population decreased by about a third and was on track to disappear completely from some African countries in as few as 10 years.

The crowded room was awaiting one word: "Fire."

Everyone was in uniform; there were scheduled briefings, last-minute discussions, final rehearsals. "They wanted to look me in the eye and say, 'Are you sure this is going to work?' " an operator named Neil said. "Every time, I had to say yes, no matter what I thought." He was nervous, but confident. U.S. Cyber Command and the National Security Agency had never worked together on something this big before.

New laws in Europe and California are forcing tech companies to protect users' privacy or risk big fines.

Now, the industry is fearing that more states will enact tough restrictions. So it's moving to craft federal legislation that would pre-empt state laws and might put the Federal Trade Commission in charge of enforcement.

Europe enacted a tough law in May which requires, among other things, that companies make data breaches public within 72 hours of discovering them.

Life changed as Sadiik Yusuf knew it about two years ago, when the FBI appeared at his front door in Minneapolis to tell him his son Abdullahi had been stopped at the airport, suspected of trying to board a flight that would take him to Syria to fight with ISIS.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

ARI SHAPIRO, HOST:

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

KELLY MCEVERS, HOST:

Danny Nolan was the first man to swing a wrecking ball in Manhattan in 25 years. Wrecking balls hadn't been allowed on the island for a very simple reason: The buildings are much too close together to allow a huge ball to swing back and forth.

An exception was made for Nolan because he, and the other construction workers of the International Union of Operating Engineers Local 14, were "working the pile" — hauling away what was left in the World Trade Center towers after the Sept. 11 attacks.

Pages