Consider This from NPR - How The Biden Administration Is Confronting A Surge In Cyberattacks
Episode Date: June 7, 2021Cyberattackers have recently targeted a crucial fuel pipeline, a global meat distributor and a water treatment plant. The Biden administration likens the surge in cyberattacks to terrorism — and say...s they plan to treat it like a national security threat. NPR National Security Correspondent Greg Myre details the administration's plans. When businesses are targeted by ransomware, someone like Bill Siegel steps in to help companies figure out if they have any options but to pay up. Siegel runs Coveware, a company that responds to ransomware attacks and often negotiates with hackers. He spoke to NPR's Rachel Martin. In participating regions, you'll also hear a local news segment that will help you make sense of what's going on in your community.Email us at considerthis@npr.org.Learn more about sponsor message choices: podcastchoices.com/adchoicesNPR Privacy Policy
Transcript
Discussion (0)
A month ago, a pipeline carrying roughly 45% of fuel supplies for the entire East Coast went offline.
Pipeline cyber attack. A major source of our nation's fuel shut down by hackers demanding ransom.
5,500 miles of a pipeline run by Colonial Pipeline Company were shut down after hackers broke into the company's computer systems,
encrypted certain data, and demanded a ransom to unlock them.
That's what's known as a ransomware attack.
Across the southeast and up the east coast, gas prices are going up and pumps are going dry.
The pipeline's week-long shutdown led to panic buying, which caused widespread fuel shortages and temporary price hikes.
And the hackers, well, they got what they wanted.
Of course, the initial thought is you don't want to pay the ransom.
You don't want to encourage.
You don't want to pay these contemptible criminals.
Colonial Pipeline CEO Joe Blount told NPR his company agreed to pay hackers,
believed to be Russian, a ransom of nearly $4.5 million to get its pipeline back online.
When you know that you have 100 million gallons of gasoline and diesel fuels and jet fuels that are going to go across the southeastern and eastern seaboard of the United States,
it's a very critical decision to make.
And if owning that e-encryption tool gets you there quicker,
then it's the decision that had to be made.
Consider this. Attacks like the Colonial Pipeline hack are on the rise,
and now the U.S. government says it will start treating them like terrorism.
From NPR, I'm Adi Cornish. It's Monday, June 7th.
This message comes from NPR sponsor Hyundai. They questioned everything to create the all-new Hyundai Tucson,
available as a hybrid and plug-in hybrid,
which both switch from electric to gas without you even noticing.
Learn more at Hyundai.com.
This message comes from NPR sponsor TalkDesk.
TalkDesk offers a better way to do customer experience.
With TalkDesk's innovative solution, you can get superior contact centers up and running fast.
So if you're customer obsessed, visit TalkDesk.com.
What happens to police officers who get caught stealing, lying, or tampering with evidence?
Each week, we open up an internal affairs investigation that used to be secret
to find out how well the police police themselves.
Listen to On Our Watch, a podcast from NPR and KQED.
It's Consider This from NPR.
The director of the FBI says this is a moment like 9-11 when the U.S. had to face a new reality about an existential threat.
In a print interview this week with The Wall Street Journal, Christopher Wray said, quote,
There's a shared responsibility, not just across government agencies, but across the private sector and even the average American.
He wasn't just talking about the colonial pipeline hack.
Right now, Wray told the Journal, the FBI is
investigating around 100 different types of ransomware, many tracing back to hackers in
Russia. We are learning more about the scale of the hack into Microsoft's Exchange server
email software. Hundreds of thousands of government offices, small businesses and
schools could be affected. In recent months, Microsoft's email service was compromised and
left the company scrambling to push out software fixes to customers. Another attack happened in
Florida, where hackers targeted a water treatment plant using remote access to increase levels of
dangerous chemicals in the water supply. City officials have disabled that remote access system
that was used in the hack. There are several safeguards in place that would have prevented
that contaminated water from ever entering the supply.
And just last week.
Another U.S. company victimized by a cyber attack.
JBS, the world's largest meat supplier, was targeted with ransomware.
Here in the U.S. they've got processing facilities that do chicken, beef and pork.
All of those facilities were shut down for a few days.
And the FBI later said that it appeared a Russian-linked group of hackers was behind the attack.
JBS plants are back up now, and it's unclear if the company paid any ransom to hackers.
Ransomware is a difficult problem. Neuberger, the senior White House advisor in charge of the cyber response, acknowledged that some companies simply are not equipped to defend themselves from ransomware
attacks. We discourage the payment of ransoms. And we also understand that sometimes companies
are in a difficult place if they don't have backups. I hope that each company, each government
agency that looks at the number of incidents that have occurred, recognize the need for us to build secure and resilient digital infrastructure.
And how will the Biden administration help companies do that? Well, that's the question
our national security correspondent Greg Myrie has been looking into.
President Biden received no grace period when it came to cyber.
The cyber pressures that this administration has faced so far have been relentless. President Biden received no grace period when it came to cyber.
The cyber pressures that this administration has faced so far have been relentless.
April Falcon Doss is a former National Security Agency official who now heads a technology program at Georgetown's law school.
As the cyber breaches pile up, cyber experts say it's important to note the two distinct threats.
Glenn Gerstel was a senior NSA official until last year. There clearly is a dividing line between cyber hacks for intelligence
gathering purposes and these ransomware attacks that are designed principally for financial
benefit. On one side of that line is the SolarWinds attack uncovered last December. This was
intelligence gathering by Russian spies quietly stealing U.S. government secrets. On the other
side is ransomware, which is surging. These require different responses, Gerstel says,
but he's quick to add, both the intelligence attacks and some of the most significant
ransomware attacks we have have one thing in common, and that's Russia. Biden says he'll raise the cyber issue with Russian
leader Vladimir Putin at a June 16 summit in Switzerland. Despite all the evidence,
Putin denies Russian involvement in the intelligence hacks and shrugs his shoulders
when asked about the ransomware attacks from criminals based in Russia. Gerstel says the U.S. shouldn't accept this answer.
It's almost impossible to believe that a major criminal gang would operate inside of Russia
and have real-world effects in the United States, and Putin wouldn't know about it.
FBI Director Christopher Wray told the Wall Street Journal
that many of the 100 ransomware variants under investigation are linked to Russia.
Last month, Biden laid out his cyber strategy in an executive order.
April Falcon Doss says it's a good start.
There are many departments and agencies across government that really have cybersecurity postures that lag behind where they should be.
The government does face real limits when it comes to ransomware in private companies.
The government won't be able to actively protect the private sector from any possible ransomware
attack because, thankfully, the government doesn't control the internet, right? We wouldn't want that.
Protecting the private sector falls to
people like Adam Myers, vice president for intelligence at the cyber security firm CrowdStrike.
These companies can't put their head in the sand and hope it's not going to happen to them.
It is going to happen to them. It's going to be a matter of when. Myers says too many companies
aren't keeping their cyber defenses up to date. He cites the attack on the meat company, JBS, carried out with a malware known as R-Evil.
Myers knows it well, but says many potential victims don't.
I guarantee lots of organizations in the food processing world right now
Googling how to find what is R-Evil.
And if you need to look it up when it's happening, you're in a real bad spot.
How bad? I ask what the current ransom demand is for an attack on a large company.
I see the payments going out and the payments are just, you know, stomach churning figures,
you know, two, four, eight, 10, 30 million dollars.
It's a price he believes many more companies will have to pay.
NPR's Greg Myhre.
Now, as we mentioned, at least one company already has paid a big price to ransomware hackers.
Colonial Pipeline Company, which paid more than $4 million in cryptocurrency to hackers.
As of Monday, the Justice Department announced that
the majority of that money has since been recaptured by FBI investigators who'd been
tracing the group behind the attack. In any event, it's true that not all cyber extortion attacks
end with a ransom payment. It's not a foregone conclusion that a company has to pay a ransom
for sure. Bill Siegel runs Coveware.
It's a company that responds to ransomware attacks and sometimes negotiates with hackers.
He spoke to NPR's Rachel Martin about what ransomware negotiations look like from the inside.
Well, at the end of the day, the goal is to find a way for the company to recover without having to pay at all.
Does that ever happen?
Oh, yeah, absolutely.
A lot of times when an attack happens, it's very difficult for a big company to determine immediately what the situation is. Because if you're a large company, and you've got, you know,
10,000 servers globally, and you've got backups at, you know, 15 different locations throughout
the globe, it can take days sometimes to actually safely check the integrity of those backups.
And so when we're managing a large enterprise incident, you don't want to start negotiating
when you realize you need it. You want to be done. And so we'll kick off negotiation knowing
that a very likely outcome is that we actually don't end up paying.
So you can be negotiating just to buy time. So the company can figure out if they have a backup
and they can say, sorry, your threat's not good here because we're safe.
Of course. Yeah, that's the goal, right?
The cost for a large company being down is so substantial that hours can mean the difference in millions or tens of millions of dollars of lost profit.
Or in the case of a hospital or something, it can mean the difference between life and death.
So you don't want to waste any time. You want to basically get to the finish line and be ready, even if the conclusion is, well, we don't need to do anything. And that's the best conclusion.
Are you able to tell us the origin country of most of the cyber attacks that you see? We don't do very detailed attribution. What I would say is that the contributory factors that have led us to where we are today are as much socioeconomic
as they are other things. There are such low barriers to entry to cybercrime. And there are
lots of well-educated, sometimes STEM-educated individuals in lots of parts of the world.
They don't have the job prospects that will pay them the money that they aspire to make.
And sometimes their local jurisdictions are kind of out of the reach of Western law enforcement.
And it's, you know, while it may be sort of frowned upon, it's sort of condoned by wherever
they live, right? Because the local economy actually benefits from the laundered proceeds
of these attacks filtering back in.
These people are buying houses and buying Starbucks and buying cars,
and that's a good thing for the local economy, so they sort of look the other way.
If a situation occurs, a cyber attack happens, the company is forced to pay ransom,
what's to prevent those same hackers from six months, a year later,
just coming back and doing the same thing again? Yeah, there's absolutely nothing is the answer.
One of the biggest fallacies and misunderstood aspects of these attacks is that they are like
lightning strikes, right? It's like, oh, it happened once, it's not going to happen again.
That's just, that's not the way it works. The groups that are carrying this out are part of a very well organized and a very large
industry.
If it is cost effective, i.e.
cheap to attack a company and has a high likelihood of being profitable at low risk, they will
do it and they will do it over and over and over again, just like any other business would do the exact same thing
if they found a very cheap way to sell very high profit products.
You've seen this?
Yeah, of course.
If a company does not take it seriously and they don't fix the vulnerabilities that allowed
it to happen in the first place, there's a 100% chance it happens again.
Bill Siegel, the CEO of Coveware. He spoke to NPR's Rachel Martin on
Morning Edition. It's Consider This from NPR. I'm Audie Cornish.