KELLY MCEVERS, HOST:
A Russian intelligence agency launched a cyberattack last year against a company that helps run American voting systems. That detail appeared today in a top secret National Security Agency document that was posted by the news website The Intercept. And on the same day, the Justice Department announced it's charging a young woman who works for an intelligence agency contractor with sending secret information to a news organization. NPR has confirmed these two threads are connected.
And to tell us more about this breaking story, we are joined by national security editor Phil Ewing. Hi there, Phil.
PHIL EWING, BYLINE: Hi, Kelly.
MCEVERS: OK, so there's a lot of stuff here. Let's start with this cyberattack first. What does this NSA report say happened?
EWING: What it says happened is in the last months of the presidential campaign last year, the Russian military intelligence agency known as the GRU began a spearfishing attack against a company in the United States that provides election services and election systems to eight U.S. states. And what appears to have taken place is these Russian cyber hackers sent spearfishing emails to people in this company that said, we need your login credentials so that you can do something with these messages that they got.
And what the NSA report doesn't say is whether or not these officials, these U.S. officials, know whether that was successful, whether these guys got in, what kind of information they were able to take out or what kind of control they were able to get over these election computing systems.
MCEVERS: Is there any sense of - that the Russians could have used what they did here to change the outcome of the election?
EWING: The short answer is no, there's nothing in this that indicates that was a danger. But at the same time, once you get control of a computer system, you can do all kinds of things. You can see what people in that network are doing. You can install your own software to create false data. You could create chaos and send everybody in the company an email saying they've been laid off, and maybe they won't show up to work on a key day when you want there to be chaos. So the indications are that this stopped short of changing the outcome of any election, but it's still very serious potentially for these vendors to have had their systems compromised in this way.
MCEVERS: And usually we don't know where a lot of these national security stories come from. There was some indication today that the government might have already identified the source.
EWING: That's right, yeah. Not long after the story posted on The Intercept, the Justice Department announced that it has filed charges down in Georgia against a woman named Reality Leigh Winner, who's 25 years old. She works for an NSA contractor, and she may have been connected with the leak of this material.
According to court documents the Justice Department unveiled today, she was one of the people at this NSA facility in Augusta, Ga., who had access to these documents. The FBI says she was in email contact with the correspondents for this website The Intercept that broke the story. And she may have printed out copies of this PDF and mailed them by snail mail - kind of old fashioned - to The Intercept to be able to share this information with them.
Now, this story is still unreeling, and we don't know much more. But we do know from national security officials who are familiar with these matters that she is connected with this case and The Intercept.
MCEVERS: Certainly not the first time the U.S. intelligence community has had a contractor release secret information, right?
EWING: Yeah, that's right. And one of the things this story - one of the many things this story raises is, this is not the first time, as you say, a contractor who's not a U.S. government employee but kind of on the outer perimeter has compromised some secrets. We remember Chelsea Manning, who was in the Army at the time and released information about U.S. military conduct overseas - Edward Snowden, the most famous example. And this right now appears to be something very much similar to those two.
MCEVERS: NPR's national security editor Phil Ewing, thank you.
EWING: Thank you.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.