In our first episode on hacking we talked with author Phil Lapsley about the original practitioners the teenagers and nerdy outlaws who in the 1950s and 1960s hacked into the telephone system they explored it tinkered around and avoided paying for long-distance calls today the term hacking has grown to encompass much darker exploits hackers who we believe now we’re Russian.
Hackers took down the power for a quarter million Ukrainians and three regions of the country and it’s not only that but their attacks are evolving Phil Lapsley.
Us he recognized the continuum stretching from the phone phreaks of sixty years ago to modern computer hackers I very much see the phone freaks of the 1950s and 60s as being the grandparents of computer hackers today but as.
We know a lot can change in a few generations sure some computer hackers hacked for fun like the phone freaks.
Did exploring a system simply out of curiosity some even do ethical hacking tapping into computer systems to expose vulnerabilities before criminals exploit them in fact you may hear the terms white hat and black hat hackers but it’s the black hats.
That grab our attention and provoke our fears they say that in cyber warfare there are no rules countries attack each other’s infrastructure utilities and transport systems without setting a boot or a tank on foreign soil but.
The attacks need not be state-run a group of individuals even one person can hack a financial institution and grab Social Security numbers or take down a network with denial of service attacks the.
Number of potential victims from any one breach can be in the millions the May 2017 hack on the consumer credit reporting agency Equifax compromised sensitive information on 143 million Americans it’s part of a very worrisome pattern one computer security expert told us that there are two types of companies those.
Those that don’t know that they’ve been hacked we may not have anticipated these threats in 1950 but by 2012 they were so dire that Defense Secretary Leon Panetta warned that the United States was facing a cyber Pearl Harbor we know that foreign cyber actors are probing America’s critical infrastructure networks these kinds of attacks could be a cyber Pearl Harbor an attack.
That would cause physical destruction and the loss of life in sac that would paralyze and shock the nation former head of the CIA Leon Panetta.
I think was right that were not prepared when you consider how much of what we value is now stored digitally and connected to the Internet were not prepared for the type of attack that could occur through cyber enable means john carlin is an attorney in the chair of morrison and foresters crisis.
And risk management practice prior to that he was assistant attorney general for national security during.
The obama administration the department was responsible for protecting the country against many security threats including cyber crimes if you look at it in the big sweep over a twenty 30 year period as a society we invested enormous amounts of money and ingenuity in moving almost everything we value from the brick and mortar world from paper and notes to digital form and then we connected it to the Internet the system that wasn’t designed for security.
And we did so without taking into account risks that all the same bad guys the crooks the spies the terrorists that were attacking us in the old world are gonna move to attack us in the new world well I don’t know if you ever wake up in the middle.
Of the night worried about a specific threat but if you were to do that which one do you think it would be what what aspect of this most worries you other than the if.
You will the ensemble of threats say there’s two main things one is it’s not a future worry it’s a right now worry we’re seeing a mass booming black-market in the sale of stolen goods that were stolen through cyber enable means so that means the most personal information.
About someone an information that’s used to determine whether you are you when you’re trying to do all sorts of transactions from your taxes to your healthcare to your credit card payments that’s out there and being sold right now in a.
Also seeing right now what I’ll call cyber weapons of mass destruction so botnets hundreds of.
Thousands of compromised computers that with a single command can be used to overwhelm a system with requests for information and these.
Are for rent on the dark web often they’re used by criminal syndicates but one can easily imagine them getting into the hands of a terrorist group so that’s the right now and for the future what I worry about is as vulnerable as we are now we’re hurtling towards a new future the so-called Internet of Things well you speak of the.
Bots and the hijacking of personal computers are you suggesting that my home.
Computer could be used in a giant malevolent hacking scheme yes exactly this is how sophisticated.
This dark market is if you went on there today.
And someone showed you where to look what you could see you could click on a site and it would look like you’re looking at Amazon and when.
I say it looks like Amazon I mean it’s bad guys posting they have something like a botnet and then you have customer reviews sometimes with five-star rating saying hey I’ve used this crook before and I found that he’s always reliable when he gives me stolen information or to stores this crook acts really like.
A crook and you can’t trust them so that’s out there now and so your computer could be part of.
One of these botnets that’s on this Amazon look-alike on the dark web where a crook could rent it and decide to send a command that said I’m gonna overwhelm a site with requests for information unless they pay me $50,000 and we’re seeing that type of attack.
Now let me get back to the kind of attack that could have real consequences for security in 2013 there was a small team of Iranian like half dozen people are something working for the Revolutionary Guards in Iran and they tried hacking a.
Small dam about a dozen miles north of the Brock’s in New York I mean the dam wasn’t big it was about the size of a handball court if you look at it but maybe this was just a training exercise I mean the dam itself wasn’t so important yeah it’s two fascinating things about that case number one we were just talking about botnets and using them to COO to do these denial of service attacks these mass requests for information that charge.
That you’re talking about came in a criminal case that was a group affiliated.
With the Iranian Revolutionary Guard Corps.
And they attacked over 47 different US financial institutions and what they attacked was the public facing website that we all use as customers to access our bank account they affected tens of millions of dollars for the banks and hundreds of thousands of customers who were unable to access their website what we saw was that wasn’t all the group was doing what they also had done as you say was hack until the so-called sluice.
Control systems of the Bowman dam which means if the dam had been working properly they could have lifted.
Up the flood gates and flooded the surrounding area now luckily that Dam happened to be down for maintenance at the time but I think you’ll agree with me our crumbling infrastructure should not be the first line of defense when it comes to cyber attacks and I think what you can learn there is no that is not the only foreign actor trying to get into our critical infrastructure and I think what they’re looking for if it’s the type of foreign actor you.
Know a Russia or China they’re not going to cause our lights to go out they’re not going to cause mass flooding unless we were in a serious dispute.
Because they recognize that that’s crossing a red line what happens though if a terrorist group were to gain that same type of access or a actor like North Korea who’s unstable that was something that worried me when I was running the National Security Division every day and continues to worry me now just a.
Semantic point can you define the difference between a cyber attack and a cyber hack that the latter sounds somehow less threatening you know people differ on their terminology but some might say if you hack so you gain unauthorized access.
To a system that you a might not do.
It with bad intent B you might do it your intense bad but your bad intent is to spy on.
Information and not to take action whereas a cyberattack actually causes destruction so to use one that most people remembered the North Korean attack on Sony Motion Pictures because they didn’t like a movie they did a cyberattack which actually wiped the drives and so they were not usable at all for Sony in addition to stealing information so to contrast that with the.
Hack of the Bowman dam where they gained access to the dam.
Actually see them use that access to either destroy the integrity of the data or caused the dam to flood but I want to get back to what you just said here that we’ve.
Moved so much of what we value from analog to digital and use a medium which was never designed with security in mind how did we manage to do that how did we put everything we value onto the internet without.
Apparently thinking about security you.
Know it’s a fascinating transformation that’s already occurred and you’re just seeing now when I was prosecuting these cases 10.