DAVIES: This is FRESH AIR, and we're speaking with Nicole Perlroth. She is a cybersecurity correspondent for The New York Times.

I want to talk a bit about election security. You know, there's a general feeling, I think, that there was Russian interference in the 2016 presidential campaign in the form of hacked emails and disinformation campaigns but that the voting process itself was not tampered with. You've been on this beat a while and have been looking into this. What did you find?

PERLROTH: Well, we found that there is a dearth of serious forensic investigation that investigated problems from the 2016 election. And there were issues, particularly in North Carolina, that suggest that there actually were quite a few problems tied to issues with electronic pollbook systems, the systems that check you in when you go to check in at the voting booth.

And in many cases, these pollbooks were telling people that they had already voted when they hadn't, that they were not registered to vote when they were. And some of those pollbooks were managed by a company called VR Systems that, we know from leaked NSA documents, was in fact hacked by Russia prior to the 2016 election.

DAVIES: And was there any pattern to which communities or precincts these problems occurred?

PERLROTH: There was. Durham County, in particular, had a lot of problems with its e-poll book systems. Now, if you were going to try to disenfranchise a large number of Democratic voters in North Carolina, you'd probably go right to Durham County. This is a blue county in a largely red state. And when people went to go vote in Durham County, they were finding a lot of irregularities with the e-poll book systems.

So over a year ago, we wrote about those problems. And what was really disturbing is that when we tried to find whether there had been an in-depth forensic investigation of the e-poll book issues in Durham County, I found a report that was conducted that was unlike any other cyberforensics report I had ever seen. Usually, when you look at these forensic reports, they tell you, you know, we did an analysis of this computer. We found this vulnerability. We found this malware or we didn't find this malware or we found this hacking technique or we didn't find this hacking technique.

This read very differently. It read like a police report, where whoever was conducting the investigation was a local detective, former police officer, who said, at 3:15 p.m., I interviewed Suzy (ph), who was working at the voting booth, and she said all was normal. I mean, I've never seen a cybersecurity investigation report look like that.

And when we asked North Carolina to sort of account for this or to take a deeper look, they were pretty defensive about the issues that had happened in Durham County. And only now, a couple of years later, have we found out that, in fact, VR Systems - the company that was hacked by China - did remotely access the e-poll book systems in Durham the night before the 2016 election to try and diagnose some problems it was seeing. And that remote access could have very well been exploited by nation-state hackers. We just don't know.

DAVIES: Right. And so, again, we're talking about the electronic pollbooks. That's essentially the registry of electors in a particular polling place. And the company that managed them, VR Systems - you say that we know that it actually was penetrated by Russian hackers. What exactly do we know about that?

PERLROTH: We know this from leaked NSA documents that VR Systems was compromised in some kind of spear phishing-attack - so when employees open a malicious email attachment or click on a malicious link that allows malware into their systems. And we know that VR Systems maintained remote access to the e-poll books in Durham and many other counties all over the country - in Florida and elsewhere.

And what we don't know is, was that access exploited by Russian hackers to disenfranchise voters? We still don't know. And only now do we know that DHS, the Department of Homeland Security, is conducting a forensic examination of those e-poll book issues in Durham County.

DAVIES: And what does VR Systems say?

PERLROTH: VR Systems hasn't said much. I think the last time we spoke to them, they denied that they had been phished. They have sort of resisted what was leaked in the NSA documents that suggested it was successfully phished. And they've said they're cooperating with investigators. But beyond that, we really don't know what actually happened there.

DAVIES: Authorities actually identified the person in the NSA who leaked this report that VR Systems had been hacked. You want to tell us that story? What became of her?

PERLROTH: Right. So we may have never known about this if not for a young NSA employee by the name of Reality Winner, and that is her actual name. She leaked NSA documents that confirmed VR Systems had been hacked in a Russian cyberattack to The Intercept - a digital publication run by Glenn Greenwald. And The Intercept actually published the leaked documents and did it in a way that the NSA was able to trace the leak pretty easily back to Reality Winner. Now, she's since been sentenced to more than five years in prison under the Espionage Act for leaking those documents.

DAVIES: You've also written that there's evidence of Russian hacking in the 2018 midterm elections. Are the FBI and American security officials putting more resources into dealing with foreign interference in 2020? Is Congress doing anything?

PERLROTH: I wish I could say yes. The reality is that there's been a lot of red tape and a lot of politics around securing the next election. Now, that's not to say nothing's been done. We know that U.S. Cyber Command, that U.S. military hackers, going into the 2018 election, conducted a cyberattack that shut down servers that belonged to Russia's Internet Research Agency to sort of preemptively shut down any kind of Russian interference. We also know Claire McCaskill and other Democratic senators were targeted by spear phishing attacks ahead of the 2018 midterm elections, although they say that the attacks weren't successful...

https://www.npr.org/templates/transcript/transcript.php?storyId=732320853