NICK EICHER, HOST: Coming up next on The World and Everything in It: cyberattacks.
The fuel supply in parts of the East Coast still is not back to normal. And it’s almost two weeks after a ransomware attack forced the shutdown of the largest pipeline in the country.
Colonial Pipeline reportedly paid millions of dollars in Bitcoin to cyberhackers in order to regain control of its own computer systems.
U.S. intelligence believes Russian hackers were behind the pipeline attack. But they do not suspect the Russian government was involved.
MARY REICHARD, HOST: And it’s not only a nationwide problem. It’s a global one.
Ireland’s
health system is still struggling to recover from a recent cyberattack.
And an insurance company in France is investigating a similar attack on
its operations in several countries.
Here now to help us understand what happened and what the risks are going forward is Professor Paul Poteete. He teaches cybersecurity at Geneva College. Professor, good morning!
POTEETE: Well, good morning. Thank you so much for having me online.
REICHARD: Glad to have you. Well, let's just start with a very basic question. How does a ransomware attack work?
POTEETE: Well, they're about three different kinds there. There are encrypting versus non encrypting, there are blocking ransomware attacks, and there's information exfiltration ransomware attack—they're just trying to get at your information. But the way it works is usually, you'll click on something, and that's what we call a Trojan. It appears to be something else. But you click on it, and it gets into your system. And of course, it's malicious. When you have a Trojan that is ransomware, that one's going to encrypt your files, or it's going to block your access to certain things, or it's going to exfiltrate data. Or all of the above—it's going to be a hybrid solution there. So they can be pretty nasty from all kinds of all kinds of places.
REICHARD: Describe how vulnerable our infrastructure is to attacks like this one.
POTEETE: We do have a number of vulnerabilities in our infrastructure. And those would be from physical vulnerabilities, administrative vulnerabilities, and technical vulnerabilities. You can ask a hacking firm or a firm that does penetration testing, "Have you ever been to a firm that you could not hack?" And probably 100 percent of them are going to say, we were able to find something with every firm that we went into. So with every time we tried to hack somebody, we were able to do it eventually. And that's something to keep in mind there as we talked about making things secure, is, you know, you can't really have perfect security in technology. You know, if you're looking for perfect security, that's going to come in Jesus Christ, and technology, we're always going to fall short.
REICHARD: That's unsettling to realize it. Well, what about reports that Colonial Pipeline had glaring security issues? And what kinds of problems did auditors find?
POTEETE: Well, the audit report is—I think you're referring to—was done probably about three years ago, and they said like an eighth grader or an eight year old could hack into the system. And that is absolutely stereotypical of any firm that's been around for a number of years. If you look at the Colonial Pipeline, they've been added, merged, expanded, reduced. They've had new acquisitions, new technology, all kinds of solutions that have come across. It's all over the East Coast, United States with several different companies involved in it. It's, that is a very difficult infrastructure to manage.
REICHARD: Do you think the government will be able to track down these hackers and bring them to justice?
POTEETE: I think they have. That's one of the problems. When we talk about the hackers, for instance, are we really talking about Dark Side? You know, Dark Side is ransomware as a service, so what they're really doing is providing a cloud based kind of platform on the dark web that other people can pay into, use their systems, and then go provide ransomware to other companies. So who is actually the perpetrator here? You know, is it someone using dark side or was it part of the Dark Side group themselves? Or are we considering anybody who uses their software now part Dark Side?
However, from the United States standpoint, we have a very solid cybersecurity and critical infrastructure security group. And they will probably have tracked down those perpetrators in just a few hours. And if they haven't tracked them down yet, then we have a tendency to kind of stick on something for decades. So they'll be tracking them down for a long period of time.
REICHARD: I know a lot of American infrastructure is controlled by private companies. There's a patchwork of mom and pop companies along with great big corporations like Colonial. What security support do these companies receive, if any, from the federal government as it relates to infrastructure?
POTEETE: Well, that's one of the cases that’s special with infrastructure. So when you talk about finances, or you're talking about critical infrastructure, you actually do get special protections from the United States government. If you're looking at just a regular mom and pop store, they don't get those protections. If you're looking at something where we're looking at the river system or, or if you're looking at the gas pipelines, or electricity or financial districts, etc, then they get special protections with critical infrastructure protection. And it usually starts with the FBI. And so they'll they'll look into the issues there, and they'll branch off from that point.
REICHARD: Final question and practical applications. What do small businesses and individuals like us need to know about protecting against ransomware attacks?
POTEETE: It is a cat and mouse game. We talk about individual well being in cybersecurity, and things like use two factor authentication. That's just don't use a password. Don't leave your your security up to just a single password on a system somewhere to protect your information. Use two factors. And two factors is like a password and a key fob, or a password. And it's gonna send you a message to an authenticator app or password. It's gonna send you a message over to your cell phone, that way you have two factors. It’s a lot harder to crack that. Next, if you look at it, you need to close all of your unneeded services that you're running. This is from a company standpoint, and us as individual users can do this to any services we have running on our network that we can close those things down.
The last part is patch your systems. Patch your computer on a regular basis. Be sure that you're up to date with all of the security patches. Those patches are often overlooked. And that's one of the leading causes of, well, the exploits working is people have not patched their systems in a reasonable amount of time, often years.
REICHARD: Such useful information Professor Paul Poteete with the Geneva College has been our guest. Professor, thanks so much for your insight.
POTEETE: Thank you so much for having me here.
WORLD Radio transcripts are created on a rush deadline. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of WORLD Radio programming is the audio record.
Please wait while we load the latest comments...
Comments
Please register, subscribe, or log in to comment on this article.