NICK EICHER, HOST: Coming up next on The World and Everything in It: cyberattacks.
The fuel supply in parts of the East Coast still is not
back to normal. And it’s almost two weeks after a ransomware attack
forced the shutdown of the largest pipeline in the country.
Colonial Pipeline reportedly paid millions of dollars in
Bitcoin to cyberhackers in order to regain control of its own computer
U.S. intelligence believes Russian hackers were behind the pipeline
attack. But they do not suspect the Russian government was involved.
MARY REICHARD, HOST: And it’s not only a nationwide problem. It’s a global one.
health system is still struggling to recover from a recent cyberattack.
And an insurance company in France is investigating a similar attack on
its operations in several countries.
Here now to help us understand what happened and what the risks are
going forward is Professor Paul Poteete. He teaches cybersecurity at
Geneva College. Professor, good morning!
POTEETE: Well, good morning. Thank you so much for having me online.
REICHARD: Glad to have you. Well, let’s just start with a very basic question. How does a ransomware attack work?
POTEETE: Well, they’re about three different kinds there. There are encrypting versus non encrypting, there are
blocking ransomware attacks, and there’s information exfiltration
ransomware attack—they’re just trying to get at your information. But
the way it works is usually, you’ll click on something, and that’s what
we call a Trojan. It appears to be something else. But you click on it,
and it gets into your system. And of course, it’s malicious. When you
have a Trojan that is ransomware, that one’s going to encrypt your
files, or it’s going to block your access to certain things, or it’s
going to exfiltrate data. Or all of the above—it’s going to be a hybrid solution there. So they can be pretty nasty from all kinds of all kinds of places.
REICHARD: Describe how vulnerable our infrastructure is to attacks like this one.
POTEETE: We do have a number of vulnerabilities in our
infrastructure. And those would be from physical vulnerabilities,
administrative vulnerabilities, and technical vulnerabilities. You can
ask a hacking firm or a firm that does penetration testing, “Have you
ever been to a firm that you could not hack?” And probably 100 percent
of them are going to say, we were able to find something with every firm
that we went into. So with every time we tried to hack somebody, we
were able to do it eventually. And that’s something to keep in mind
there as we talked about making things secure, is, you know, you can’t
really have perfect security in technology. You know, if you’re looking for perfect security, that’s going to come in Jesus Christ, and technology, we’re always going to fall short.
REICHARD: That’s unsettling to realize it. Well, what about reports that Colonial Pipeline had glaring security issues? And what kinds of problems did auditors find?
POTEETE: Well, the audit report is—I think you’re referring to—was done probably about three years ago, and they said
like an eighth grader or an eight year old could hack into the system.
And that is absolutely stereotypical of any firm that’s been around for a
number of years. If you look at the Colonial Pipeline, they’ve been
added, merged, expanded, reduced. They’ve had new acquisitions, new
technology, all kinds of solutions that have come across. It’s all over
the East Coast, United States with several different companies involved
in it. It’s, that is a very difficult infrastructure to manage.
REICHARD: Do you think the government will be able to track down these hackers and bring them to justice?
POTEETE: I think they have. That’s one of the problems. When we talk
about the hackers, for instance, are we really talking about Dark Side?
You know, Dark Side is ransomware as a service, so what they’re really
doing is providing a cloud based kind of platform on the dark web that
other people can pay into, use their systems, and then go provide
ransomware to other companies. So who is actually the perpetrator here?
You know, is it someone using dark side or was it part of the Dark Side
group themselves? Or are we considering anybody who uses their software
now part Dark Side?
However, from the United States standpoint, we have a very
solid cybersecurity and critical infrastructure security group. And they
will probably have tracked down those perpetrators in just a few hours.
And if they haven’t tracked them down yet, then we have a tendency to
kind of stick on something for decades. So they’ll be tracking them down
for a long period of time.
REICHARD: I know a lot of American infrastructure is
controlled by private companies. There’s a patchwork of mom and pop
companies along with great big corporations like Colonial. What security
support do these companies receive, if any, from the federal government
as it relates to infrastructure?
POTEETE: Well, that’s one of the cases that’s special with
infrastructure. So when you talk about finances, or you’re talking about
critical infrastructure, you actually do get special protections from
the United States government. If you’re looking at just a regular mom
and pop store, they don’t get those protections. If you’re looking at
something where we’re looking at the river system or, or if you’re
looking at the gas pipelines, or electricity or financial districts,
etc, then they get special protections with critical infrastructure
protection. And it usually starts with the FBI. And so they’ll they’ll
look into the issues there, and they’ll branch off from that point.
REICHARD: Final question and practical applications. What
do small businesses and individuals like us need to know about
protecting against ransomware attacks?
POTEETE: It is a cat and mouse game. We talk about
individual well being in cybersecurity, and things like use two factor
authentication. That’s just don’t use a password. Don’t leave your your
security up to just a single password on a system somewhere to protect
your information. Use two factors. And two factors is like a password
and a key fob, or a password. And it’s gonna send you a message to an
authenticator app or password. It’s gonna send you a message over to
your cell phone, that way you have two factors. It’s a lot harder to
crack that. Next, if you look at it, you need to close all of your
unneeded services that you’re running. This is from a company
standpoint, and us as individual users can do this to any services we
have running on our network that we can close those things down.
The last part is patch your systems. Patch your computer on
a regular basis. Be sure that you’re up to date with all of the
security patches. Those patches are often overlooked. And that’s one of
the leading causes of, well, the exploits working is people have not
patched their systems in a reasonable amount of time, often years.
REICHARD: Such useful information Professor Paul Poteete
with the Geneva College has been our guest. Professor, thanks so much
for your insight.
POTEETE: Thank you so much for having me here.
WORLD Radio transcripts are created on a rush deadline. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of WORLD Radio programming is the audio record.