On Friday, a series of cyberattacks temporarily crippled internet access on much of the East Coast, taking down popular websites from PayPal to Amazon.
According to the security firm Flashpoint, the hackers carried out their attack by commandeering web-enabled security cameras to choke critical pieces of web infrastructure with erroneous information. Many experts say it’s only a matter of time until another attack exploits the same security flaws common throughout the so-called “internet of things.”
Here & Now‘s Jeremy Hobson talks with Allison Nixon, director of security research for Flashpoint, about Friday’s attack, and what it means for the future of cybersecurity.
Interview Highlights: Allison Nixon
On who or what was behind last Friday’s cyberattack
“Right now the exact identity is not clear yet. But we’ve found some signs that point in a certain direction. I know the initial speculation was that it was politically motivated, maybe Russian, maybe something like that. But in reality, the information that we discovered really pointed towards non-state actors, amateurs, hackers that are motivated by attention more than anything else.”
On what kind of devices were affected
“There’s been a lot of incorrect information lately about what kind of devices there are affected by this. The type of device affected by this are basically industrial grades CCTV systems, and a lot of these are systems that are plugged in directly into the modem. Most of them are located in other countries — Vietnam has the largest portion of them, but also Brazil, Turkey, Taiwan and China. So a lot of people in the western world have been wondering, ‘Oh, am I infected? How do I know if I am infected?’ Well, the fact that you’re in the western world probably means that you’re not, and if you are, your network is gonna keep going down, because you’re gonna be DDoSing something.”
On what can be done to prevent such cyberattacks
“I would say that, in the community of people that maintain the internet, this event has gotten a lot of attention, and people are working on their own counter-measures. Long-term, the solution needs to involve making devices that are less susceptible to these worm-type of malware. And really, even just basic security will prevent a situation like this. The real problem is default passwords that are accessible over the internet. So if you can remotely log into a device and get full control over it, with a default password that’s posted in some user manuals somewhere, that is really the root of this problem. And devices should not be made with this type of feature anymore.”
On whether or not Friday’s attack was a “test run”
“The attacks that come from these type of attention-motivated groups, every non-successful attack is a test run. Every successful attack is a successful attack. As we’ve been watching them over, I would say years now, they iterate on their past successes, and the behavior that we saw last Friday was really just n plus-one of what we’ve been seeing in the past.”