NICK EICHER, Host: Coming soon to The World and Everything in It: Cyberattacks.
Fuel supply in parts of the east coast is not yet back to normal. And it’s almost two weeks after a ransomware attack forced the closure of the country’s largest pipeline.
According to reports, Colonial Pipeline paid millions of dollars in Bitcoin to cyber hackers to regain control of their own computer systems.
U.S. intelligence believes Russian hackers were behind the pipe attack. But they do not suspect that the Russian government was involved.
MARY REICHARD, HOST: And it’s not just a national issue. It is global.
Ireland’s healthcare system is still struggling to recover from a recent cyberattack. And an insurance company in France is investigating a similar attack on its operations in several countries.
Here, now, to help us understand what happened and what the future risks are, is Professor Paul Poteete. He is a professor of cybersecurity at the College of Geneva. Teacher, good morning!
POTEETE: Well, good morning. Thank you so much for having me online.
REICHARD: Glad to have you. Well, let’s start with a very basic question. How does a ransomware attack work?
POTEETE: Well, there are about three different types. There are encryption versus non-encryption, blocking ransomware attacks and ransomware attack of information leakage – they just try to get your information. But the way it works is usually clicking on something and that’s what we call a Trojan. It seems to be something else. But click on it and enter your system. And, of course, it’s malicious. When you have a Trojan that is ransomware, it will encrypt your files or block you from accessing certain things or filtering data. Or all of the above: there will be a hybrid solution. Therefore, they can be quite nasty from all sorts of places.
REICHARD: Describe the vulnerability of our infrastructure to attacks like this.
POTEETE: We have a number of vulnerabilities in our infrastructure. And these would be of physical, administrative and technical vulnerabilities. You can ask a hacking company or a penetration testing company, “Have you ever been in a company that you couldn’t hack?” And probably 100 percent of them will say we were able to find something with all the companies we went into. So every time we tried to hack someone, we were finally able to do it. And that’s one thing to keep in mind when we talk about making things safe, is that you really can’t have perfect security in technology. You know, if you are looking for perfect security, this will come to Jesus Christ and technology, we will always fall short.
REICHARD: It’s disturbing to notice. Well, what about the reports that Colonial Pipeline had obvious security issues? And what kind of problems did the auditors encounter?
POTEETE: Well, the audit report is — I think it refers — it was probably done about three years ago and they said an eighth-grader or an eight-year-old could hack the system. And this is absolutely stereotypical of any company that has been around for a few years. If you look at the colonial pipeline, they have been added, merged, expanded and reduced. They have had new acquisitions, new technologies, all kinds of solutions that have been found. It is located along the east coast of the United States and involves several companies. It is a very difficult infrastructure to manage.
REICHARD: Do you think the government will be able to locate these hackers and bring them to justice?
POTEETE: I think so. This is one of the problems. When we talk about hackers, for example, are we really talking about Dark Side? You know, Dark Side is a ransomware as a service, so what they’re really doing is providing a cloud-based platform on the dark web where other people can pay, use their systems, and then offer ransomware to other companies. So who is the author here? You know, does anyone use the dark side or was he part of the Dark Side group? Or are we considering someone using their software to be part of Dark Side?
However, from a U.S. perspective, we have a very strong cybersecurity and critical infrastructure security group. And they will probably have located these authors in a few hours. And if they haven’t located them yet, we have a tendency to stare at something for decades. Therefore, they will be tracked for a long period of time.
REICHARD: I know a lot of American infrastructure is controlled by private companies. There is a mosaic of mom and pop companies along with big big corporations like Colonial. What security support do these companies receive, if any, from the federal government in terms of infrastructure?
POTEETE: Well, this is one of the special cases in infrastructure. So when you talk about finance or critical infrastructure, you get special protections from the U.S. government. If you’re just looking for a regular mom and pop store, they won’t get these protections. If you are looking for something in which we are looking at the river system or, or if you are looking at gas pipelines, electrical or financial districts, etc., you will get special protections with critical infrastructure protection. And it usually starts with the FBI. So, they will examine the problems that exist and will branch out from that moment on.
REICHARD: Final question and practical applications. What should small businesses and people like us know about protection against ransomware attacks?
POTEETE: It is a game of cats and mice. We talk about individual well-being in cybersecurity, and things like that use two-factor authentication. This does not use a password. Don’t leave your security up to a single password on a system somewhere to protect your information. Use two factors. And two factors are like a password and a key, or a password. And it will send you a message to an authentication application or password. It will send you a message on your mobile, this way you will have two factors. It’s much harder to break it. Then, if you look at it, you’ll need to close all unnecessary services you’re running. This is from the company’s point of view, and we, as individual users, can do that to any service we have on our network and we can close these things.
The last part is the patch of your systems. Stick to your computer regularly. Make sure you are up to date with all security patches. These patches are often overlooked. And this is one of the main causes of, therefore, that the exploits that work are people who have not corrected their systems in a reasonable time, often years.
REICHARD: This useful information has been our guest Professor Paul Poteete with the College of Geneva. Professor, thank you very much for your understanding.
POTEETE: Thank you so much for having me here.
WORLD radio transcripts are created within a deadline. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. WORLD Radio’s programming authority record is the audio record.