NICK EICHER, HOST: Next up is The World and Everything in It: Cyber Attacks.
The fuel supply in parts of the east coast is still not back to normal. And it’s nearly two weeks after a ransomware attack forced the shutdown of the country’s largest pipeline.
Colonial Pipeline reportedly paid millions of dollars in Bitcoin to cyberhackers to regain control of their own computer systems.
The US secret service believes that Russian hackers were behind the pipeline attack. However, they do not suspect that the Russian government was involved.
MARY REICHARD, HOST: And it’s not just a national problem. It’s a global one.
The Irish health system is still struggling to recover from a recent cyber attack. And an insurance company in France is investigating a similar attack on its business in several countries.
Professor Paul Poteete is here to help us understand what happened and what are the risks for the future. He teaches cybersecurity at Geneva College. Professor, good morning!
POTEETE: Good morning. Thank you for having me online.
REICHARD: I’m glad to have you. Let’s just start with a very basic question. How does a ransomware attack work?
POTEETE: Well, there are three different types. There is encryption versus non-encryption, there are blocking ransomware attacks, and there are information exfiltration ransomware attacks – they are just trying to get at your information. But usually the way it works is that you click something, and that’s what we call a trojan. It seems to be something else. But you click on it and it gets into your system. And of course it’s vicious. When you have a trojan that is ransomware that encrypts your files or blocks your access to certain things or exfiltrates data. Or all of the above – there will be a hybrid solution there. So they can be pretty nasty from all kinds of places.
REICHARD: Describe how vulnerable our infrastructure is to attacks like this.
POTEETE: We have a number of weak points in our infrastructure. And these would come from physical weaknesses, administrative weaknesses, and technical weaknesses. You can ask a hacking company or a penetration testing company, “Have you ever been to a company that you couldn’t hack?” And probably 100 percent of them will say that we could find something with every company we went to. Every time we tried to hack someone, eventually we could do it. And that’s something to keep in mind when we talked about making things safe. You know, you really can’t have perfect security in technology. You know, if you’re looking for perfect security, that’s going to come in Jesus Christ, and technology, we’re always going to come up short.
REICHARD: It is unsettling to realize that. What about reports that the Colonial Pipeline has had serious security problems? And what problems did reviewers find?
POTEETE: Well, the exam report – I think you are referring to it – was probably done about three years ago and you said an eighth grader or eight year old could hack into the system. And that’s absolutely stereotypical for any company that’s been around for a few years. If you look at the Colonial Pipeline, it has been added, merged, expanded, and reduced. They have had new acquisitions, new technology, and all kinds of solutions that have come up. It is involved with several different companies across the east coast of the United States. It’s a very difficult infrastructure to manage.
REICHARD: Do you think the government will be able to track down these hackers and bring them to justice?
POTEETE: I think you have. That’s one of the problems. For example, when we talk about the hackers, are we really talking about the dark side? You know Dark Side is ransomware as a service. So they provide a cloud-based platform on the dark web that other people can deposit into, use their systems, and then deploy ransomware to other businesses. So who is actually the culprit here? Do you know someone is using the dark side or was they part of the dark side group themselves? Or are we considering someone using their software as part of Dark Side now?
However, from a United States perspective, we have a very solid group on cybersecurity and critical infrastructure security. And they will likely have tracked these perpetrators down in a matter of hours. And if they haven’t tracked them down yet, we tend to hold onto something for decades. So you will track them down for a long time.
REICHARD: I know that a large part of the American infrastructure is controlled by private companies. There’s a patchwork of mom and pop businesses and big companies like Colonial. What security support, if any, will these companies receive from the federal government with regard to the infrastructure?
POTEETE: Well, that’s one of the special cases with infrastructure. So when you are talking about finance or critical infrastructure, you are actually getting special protection from the United States government. If you just look at a regular corner shop, you won’t get this protection. If you look at anything where we look at the river system, or if you look at the gas pipelines, electricity or financial districts, etc., then you get extra protection with critical infrastructure protection. And it usually starts with the FBI. And so they will deal with the issues there and branch out from that point.
REICHARD: Last question and practical applications. What do small businesses and individuals like us need to know about protecting against ransomware attacks?
POTEETE: It’s a game of cat and mouse. We’re talking about individual wellbeing in cybersecurity and the use of two-factor authentication. Just don’t use a password. Don’t leave your security to just one password on a system to protect your data. Use two factors. And two factors are like a password and a key fob or password. And it will send you a message to an authentication app or password. You will receive a message on your mobile phone. That way you have two factors. It’s a lot harder to crack. Now, looking at it, the next thing you need to do is shut down any unnecessary services that you are running. This is from a business point of view, and we as individual users can do this for any services that are running on our network so that we can close those things down.
The last part is patching your systems. Patch your computer regularly. Make sure you are up to date with all security patches. These patches are often overlooked. And that’s one of the main reasons the exploits are working because people haven’t patched their systems in a timely manner, often years.
REICHARD: Such useful information. Professor Paul Poteete of Geneva College was our guest. Professor, thank you very much for your insight.
POTEETE: Thank you for having me here.
WORLD radio transcripts are made on a rush hour. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative recording of WORLD radio programming is the audio recording.