AUDIE CORNISH, HOST:
On Sunday, news broke that the U.S. government had been hacked by what appeared to be a Russian intelligence service. Five days later, the list of affected agencies continues to grow, as do the calls for a U.S. response. Here's the number two Democrat in the Senate, Dick Durbin of Illinois, speaking to CNN.
(SOUNDBITE OF ARCHIVED RECORDING)
DICK DURBIN: This is virtually a declaration of war by Russia on the United States, and we should take that seriously.
CORNISH: NPR justice correspondent Ryan Lucas joins us now with more on this. Ryan, we just heard Senator Durbin blame Russia for this hack. What do we know about that and Russian involvement?
RYAN LUCAS, BYLINE: Well, the U.S. government hasn't formally attributed the hack at this point. President Trump notably hasn't discussed this publicly at all. But cybersecurity experts and my sources tell me that this very much appears to be the work of Russia's foreign intelligence service, the SVR.
CORNISH: How does this compare to the hack by Russian entities during the 2016 election?
LUCAS: Well, this is different in the sense that it's far more sprawling. The list of U.S. government agencies that have been hit by this is very long - The State Department, the Treasury, Department of Homeland Security, the Pentagon, just to name a few. I'm told that at this point, it appears that only unclassified systems were breached. It's hard to say with certainty, though, just how big this is.
I'm told that the government is still scrambling to try to figure out exactly all of the various entities that are affected. The National Security Agency, the FBI and DHS are doing the digital forensics on this now. But this is going to be a very long process, experts say, because the hackers in this case were very sophisticated, they were very patient and they were very good at what they do.
CORNISH: What do you mean by that?
LUCAS: In terms of how they pulled this off. They planted the malware back in March in a software update that was provided by a private tech company called SolarWinds. It has private sector and U.S. government clients. Around 18,000 of the company's clients downloaded that update and therefore got this malware onto their systems. That gave the hackers access to all of those networks.
But experts say that the hackers are believed to only be interested in some of them. For example, the U.S. government agencies. As one source explained it to me, this isn't about quantity, it's about quality and digging in on these high-value targets. So you can think of it this way. The hackers have a key that can get them into 18,000 houses, but they're only using that key to sneak into mansions and steal stuff from those.
The other difficult thing here is that experts say the hackers were extremely careful about covering their tracks; about wiping away their digital fingerprints. So it's very hard to tell if they are even in the system.
CORNISH: What's known about what the hackers were looking for?
LUCAS: A lot isn't known at this point. It's still very unclear. But sources say this appears to be about stealing government information to learn about U.S. government plans and intentions. I spoke to Thomas Rid about this. He is a professor of strategic studies at Johns Hopkins University. And he said this is what he expects a 21st century espionage operation to look like.
THOMAS RID: What I mean by that is it's, you know, a well-crafted, stealthy, clever espionage campaign. And so far, we have seen an adversary going after political targets of the kind that you would expect a foreign intelligence agency to go after.
LUCAS: He also said complaints from folks here in the U.S. about the Russians doing this are a little hypocritical because American spy agencies do similar things. And he said something else that I thought was really interesting, which is the question of whether or not spies should be able to conduct cyber operations like this.
RID: If you say no, then you kneecap the U.S. intelligence community probably more than the intelligence communities in countries like Russia or China, who are able to say one thing in public and do another thing in private.
CORNISH: In the meantime, what are the options for a U.S. response?
LUCAS: Well, it's - a response is going to depend on what investigators ultimately find. If this is espionage, there's a recognition that the U.S. also spies. That's how the espionage world works. If data was destroyed or manipulated or is leaked and weaponized like we saw in 2016, that's a very different thing and could prompt a very different sort of response. Now, the decision on this is likely to fall to the incoming Biden administration. So far, the transition team has said there will be substantial costs, but what those might be is unclear.
CORNISH: That's NPR justice correspondent Ryan Lucas. Thank you.
LUCAS: Thank you. Transcript provided by NPR, Copyright NPR.