在线英语听力室_免费在线英语听力学习网站

LULU GARCIA-NAVARRO, HOST:

Hackers¹ love to try to breach² U.S. computer systems. This now may be easier than ever before. With so many IT and cybersecurity workers furloughed by the shutdown, security professionals say government websites are more vulnerable. NPR's Laura Sydell reports.

LAURA SYDELL, BYLINE³: The Trump⁴ administration may like to highlight American manufacturing, but try going to manufacturing.gov. The site has become unusable. You can't access any of the details offered about U.S. manufacturing. According to Netcraft, a British security firm, it's one of dozens of government sites that haven't renewed their security certificates. These certificates are a bit like a driver's license⁵ - they prove you are who you say you are. Dan Kaminsky, the chief scientist at the American security firm White Ops explains.

DAN KAMINSKY: You need to know you're really talking to your hospital or to something at the Air Force or wherever. And so there are certificates that make it so you know, OK, this is really the government resource that I'm trying to access and not some bad guy.

SYDELL: In some cases, the lack of a security certificate may just make a site unusable. But Kaminsky says the lack of a certificate also makes it easier for a bad actor to redirect you to a fake site.

KAMINSKY: People might get used to ignoring the browser⁶ warnings. Oh, well, you know, it's just the shutdown. And then you think, oh, you're really walking into this site. And you're really not.

SYDELL: Kaminsky offers up a worst case kind of scenario⁷. Imagine if the security certificate was down for the Social Security website, and a bad actor sets up a fake one. Someone could go to that site, enter their password and give the hackers access to personal information. The shutdown also means that there are fewer IT staff. For example, according to contingency⁸ plans on the White House Office of Management and Budget website, only around 2,000 employees out of more than 3,500 are working at the Cybersecurity and Infrastructure⁹ Security Agency. That's one of the agencies leading the nation's cyber defenses. Rob Ragan, a partner in the cybersecurity firm Bishop¹⁰ Fox, says there may be a lot of important tasks that aren't getting done, such as updating software with the latest security patches.

ROB RAGAN: You end up getting buried in a really big backlog¹¹ of issues that you may never dig yourself out of. And at that point, one of those issues may have been an indicator¹² of a compromise or a breach that may go unnoticed for months or years to come.

SYDELL: Security researchers worry that the shutdown is like putting a red blanket in front of a bull. Nations like Russia, China and Iran could see it as a signal to charge ahead. Ragan says think about the amount of information on government websites that's personal and even classified. And as the shutdown drags on, the likelihood of security lapses¹³ increases, says Vikram Thakur, a technical director at the security firm Symantec.

VIKRAM THAKUR: That risk is most definitely going to go up exponentially.

SYDELL: Ironically, Thakur says fewer personnel lowers at least one kind of security risk. One of the most popular hacking¹⁴ schemes is email phishing. That's when hackers send an email to an employee with a link that unleashes¹⁵ malware into the system.

THAKUR: If nobody's opening email and nobody's using the work network, the chances of the success rate for attackers who are using email as their primary mode of attack kind of falls all the way through.

SYDELL: NPR reached out to the cyber division at the Department of Homeland Security for comment but didn't hear back. Democratic aides in the House say they, too, are unable to get information right now about which IT workers are on the job. However, when the shutdown ends, they want to see details. In the event of a future shutdown, Democrats¹⁶ might move to keep IT workers on the job in the name of cybersecurity. Laura Sydell, NPR News.