The Daily - Who is Hacking the U.S. Economy?

Episode Date: June 8, 2021

In the past few weeks, some of the biggest industries in the U.S. have been held up by cyberattacks.The first big infiltration was at Colonial Pipeline, a major conduit of gas, jet fuel and diesel to ...the East Coast. Then, J.B.S., one of the world’s largest beef suppliers, was hit.The so-called ransomware attacks have long been a worry. But who are the hackers and how can they be stopped?Guest: Nicole Perlroth, a reporter covering cybersecurity and digital espionage for The New York Times. Sign up here to get The Daily in your inbox each morning. And for an exclusive look at how the biggest stories on our show come together, subscribe to our newsletter. The Daily is doing a live online event: We follow up with students and faculty from our series Odessa. And we hear from the team who made the documentary. Times subscribers can join us June 10.Background reading: The Biden administration has taken steps to counter the growing threat of cyberattacks on U.S. businesses. The F.B.I. director compares the danger of ransomware to the 9/11 terror threat.As the ransomware industry exploded, a Russian-speaking outfit called DarkSide offered would-be computer criminals not just the tools, but also customer support. Here’s how the group became a hacking powerhouse.It’s been almost a decade since Leon Panetta, then the secretary of defense, warned of an impending “Cyber Pearl Harbor.” He didn’t want to be right.For more information on today’s episode, visit nytimes.com/thedaily. Transcripts of each episode will be made available by the next workday. 

Transcript
Discussion (0)
Starting point is 00:00:00 Hey, it's Michael. This has been a year unlike any other. And throughout it, we've tried to tell the story of just how profoundly people's lives have changed. In places like Odessa, Texas, where we followed one school's attempt to reopen during the pandemic. Now, as the school year comes to a close, I'll be hosting a live virtual event, taking you behind the scenes of the making of that powerful series. You'll hear from the producers who created it, the teachers and students who were documented in it, and a performance by the Odessa High School Marching Band.
Starting point is 00:00:41 Plus, there'll be a commencement address from a surprise speaker. band. Plus, there'll be a commencement address from a surprise speaker. So join us this Thursday night, June 10th, at 6 p.m. Eastern. Times subscribers can RSVP at nytimes.com slash graduation. And thanks. From The New York Times, I'm Michael Barbaro. This is The Daily. Over the past few weeks, hackers demanding exorbitant ransoms have repeatedly held hostage vital segments of the American economy, threatening everything from the energy industry to the food supply. Today, Sabrina Tavernisi spoke with our colleague, Nicole Perrott,
Starting point is 00:01:46 about why the attacks are becoming so common. And who exactly is behind them. It's Tuesday, June 8th. Nicole, I keep seeing these headlines about ransomware attacks. But I don't actually have a very good sense of what is happening. Explain to me what's been going on in the last few weeks. So we've actually been seeing this never-ending onslaught of ransomware attacks. But what happened over the last few weeks is that two key industries were hit with ransomware. Colonial Pipeline. Colonial ransomware. Colonial Pipeline.
Starting point is 00:02:25 Colonial Pipeline. Colonial Pipeline. So there was a ransomware attack on Colonial Pipeline. It targeted the Colonial Pipeline that runs from the Texas Gulf Coast through the Southeast up to the Northeast, 5,500 miles. So workers showed up to work, turned on their computers, but instead of being able to access their email or other key operations, they were met with a ransomware note. And the note basically said, we've held your data and your systems hostage until you pay us millions of dollars. The company notified authorities and hired an outside firm to investigate all of it. You can imagine this may have an impact on already rising gas prices.
Starting point is 00:03:03 an outside firm to investigate all of it. You can imagine this may have an impact on already rising gas prices. So at Colonial, the company just shut down the pipeline because with its billing systems frozen, it had no way to charge customers. And as a result, this gas station behind me is out of regular gas. And there are thousands of gas stations just like this one up and down the East Coast. You saw panic buying at the pump. You saw nonstop flights have to ground themselves to pick up fuel en route to their destinations. This had a really big visceral effect. The FBI is investigating another major cyber attack affecting a key part of our economy.
Starting point is 00:03:38 Now it's the meat industry. And then the second big attack was on JBS, which is one of the world's biggest beef suppliers. JBS was forced to bring all of its U.S. plants to a halt after this crippling cyber attack. And there, ransomware criminals hit the company in the middle of a beef shortage. The attack hitting as summer celebrations ramp up, with Father's Day and July 4th just around the corner. And so with that attack, you just started seeing the price of beef go up on menus and you start seeing a lot of panic buying around beef supplies. we're seeing these ransomware attacks, which look like attacks just on individual companies,
Starting point is 00:04:31 actually have an effect on the entire infrastructure of the American economy. So as a cybersecurity reporter, what did you think when you saw the news of these recent attacks? Well, for one, I wasn't surprised. You know, We have been seeing ransomware attacks on all kinds of industries. Just in the last couple of months, we've seen ransomware attacks on American mainstays, not just gas and meat, but television networks, police departments, NBA basketball teams, minor league baseball, ferries to Martha's Vineyard, hospitals. And what's happening in the background is that these ransomware groups have been coming for our businesses and municipalities and cities and towns for a long time. But all of a sudden, they're hitting these industries that Americans are feeling for the first time. We have this very
Starting point is 00:05:19 potent, powerful image of gas running out and people not being able to get meat ahead of their 4th of July vacations. And so suddenly, you know, you're seeing this big freak out among government agencies who have worried about ransomware for a long time. But suddenly the problem is really catching up to them. Welcome back. We've got some breaking news. The Justice Department is elevating ransomware attacks to a similar priority level as terrorism following last month's Colonial Pipeline attack. You had FBI Director Christopher Wray last week who said dealing with ransomware is like dealing with the challenge of global terrorism after 9-11. Wow. I want to update everyone on the ransomware cyber attack that impacted on the colonial...
Starting point is 00:06:07 You saw Biden get up to the podium and for the first time, an American president was speaking to the threat of ransomware. And our Justice Department has launched a new task force dedicated to prosecuting ransomware hackers to the full extent of the law. hackers to the full extent of the law. So suddenly you see this scramble to deal with something that's been a pretty constant problem for the last couple years. Okay, so what you've been describing is a billion-dollar industry that most of us didn't even realize exists. How did we get to this point? So ransomware has been going on for a long time, but when I first started covering this about 10 years ago, it looked very different. How did we get to this point? So ransomware has been going on for a long time. But when I first started covering this about 10 years ago, it looked very different. This was something that was hitting people's individual computers in Europe.
Starting point is 00:07:02 People would log onto their computer and they would see a ransomware note, only it purported to come from Interpol or the FBI. And it said, hey, we've locked up your computer. We know you've been looking at some illegal sites. Sometimes it's pornography. And we need you to pay this fine. And the fines were something like 100 to 200 euros in those days. And at the time, cybersecurity experts warned me that eventually this would come for the United States.
Starting point is 00:07:23 And when it did, it didn't look that different. It was ransomware groups holding up individual PC users and demanding $100 to $200 in fines. But then something happened in 2017 that really brought ransomware to the next level. And that was the year we started seeing nation states use ransomware to bring entire companies and industries to their knees. So just to back up, that year we had seen this group come out of nowhere.
Starting point is 00:07:55 We still don't know who they are, but someone started showing up on Twitter. They called themselves the Shadow Brokers. This week, a group called Shadow Brokers released what purports to be top secret computer code that the NSA has reportedly used to break into foreign government systems. And they claim to have hacked the NSA. And over a period of several months between 2016 and 2017, they started dribbling out some of the NSA's best kept hacking tools. dribbling out some of the NSA's best-kept hacking tools. These are tools that you use to break into an entire firewall for an entire computer network. This allows you to bypass all the defenses to simply walk in and be able to get into that network, more importantly, undetected. And in 2017, we actually saw North Korea pick up one of the NSA's own tools and use it in a global ransomware attack that
Starting point is 00:08:48 the industry called WannaCry. Cyber security experts are scrambling to recover from a massive cyber attack that hit nearly every corner of the world. WannaCry has paralyzed computers and banks and government agencies and factories in 150 countries since it was unleashed. And really the lasting legacy of WannaCry was that it didn't just come for individual PC users. It hit entire businesses and hospitals. So I was all ready to go. And then at half past one, the surgeon turned up and said, unfortunately, we've been hacked and there's nothing we can do. We can't operate on you today.
Starting point is 00:09:27 It actually hit the British health system. Our focus at the moment is making sure that we end the disruption being caused by this particular attack. And so we had these very powerful images of ambulances that were getting turned away from hospitals in the UK that had been held up with this North Korean ransomware. And it was the first time that you could see that ransomware wasn't just something that would hold up an individual's computer. It was something that could cripple an
Starting point is 00:09:57 entire hospital or entire industries. And it actually got worse. So one month after the North Korean attack, we saw Russia pick up the same NSA tools and use them in their own attack, this time just at Ukraine. It hit every major Ukrainian government agency. It hit their railways. It hit their post offices. It hit ATMs. People couldn't get money out of ATMs. And not only that, it actually ended up hitting any business that had any operation in Ukraine, even a single employee working from Ukraine.
Starting point is 00:10:42 So it actually hit FedEx. FedEx suffered something like $400 million in damages. It hit Merck. Merck actually had to tap into the CDC's emergency supplies of the Gardasil vaccine that year. It hit Cadbury egg factories in Tasmania. All told, it actually cost $10 billion in damages. It was, to this day, the most destructive cyber attack that we've seen. But the legacy from that attack is that it really opened up cyber criminals' eyes to just how vulnerable these American businesses, some of our most critical businesses, were to ransomware. And that these were really ripe targets. We'll be right back.
Starting point is 00:12:05 Nicole, what is it about American companies in particular that made them so vulnerable to these ransomware attacks? Well, it's a host of things, but I think it really just comes down to incentive models for businesses. You know, I'm based in Silicon Valley and the operating MO here among big tech companies and startups is still very much Mark Zuckerberg's move fast and break things. Get your software to market before the competition and you will win and you can fix the bugs in your software and security glitches later. And at the same time, we've all bought into the Silicon Valley promise of a frictionless society.
Starting point is 00:12:41 We have just been baking this buggy software into so many of our core industries like gas, like meat, like our factory production, like hospitals. And we never stopped to think that maybe we were creating the world's right best attack surface. And so these ransomware groups realized that they could hold up entire businesses hostage and not just charge them $100 or $200, but millions of dollars to get their data back. And you start seeing businesses, even police departments, be willing to pay these fines just to get their data back.
Starting point is 00:13:21 We are learning that Colonial Pipeline did pay a ransom, and the hackers had demanded about $5 million in cryptocurrency from the company. Well, just in the past hour, NBC News has confirmed reports that Colonial Pipeline did pay nearly $5 million in ransom to those hackers. Were you briefed on the fact that the company did pay the ransom? I have no comment on that. Is it company did pay the ransom? I have no comment on that. Is it legal to pay these groups? I mean, isn't paying them essentially making the problem worse?
Starting point is 00:13:53 Yeah, so it's not illegal. The FBI has come out and said, we really advise you not to pay these ransoms. But the reality on the ground is that when a company gets held hostage with this ransomware, oftentimes the cost of the ransom is still cheaper than the cost of rebuilding their systems and data from scratch. So there was actually a ransomware attack in Baltimore that was pretty bad a couple of years ago. And the hackers were demanding something like $75,000 in Bitcoin
Starting point is 00:14:26 to hand them their data back. Baltimore refused to pay. And ultimately, the cost to rebuild all of those services that had been destroyed and held hostage in the ransomware attack was $18 million. And so over and over again, you see businesses and their insurers really calculate that they should just go ahead and pay the ransom because the ransom demand is still so much cheaper than the cost to rebuild. Wow, that's amazing. $18 million versus $75,000. Yeah, that's a lesson I would take from that. Right. And who's getting all of this money?
Starting point is 00:15:05 Who are carrying out these attacks, like the one against Baltimore and the one against the oil pipeline? So these are just people looking to make money. Usually these are people who were working out of offices, almost like startups. And they're holding these businesses hostage for ransom. But the more companies and victims that were willing to pay their ransoms, the more money they were getting. And these became pretty sophisticated enterprises. Some of them are making hundreds of millions of dollars just over the past year. Right now, the FBI says it's tracking about 100 different ransomware groups. Some of those are based in
Starting point is 00:15:43 North Korea and Iran. They popped up in Turkey, but the vast majority of them are in Eastern Europe. And we think most of them are actually based in Russia. And why Russia? Well, Putin has actually given Russia's cyber criminals safe harbor. He won't arrest them and he won't extradite them when we indict them here. And really, we think Putin has only two rules for Russia's cybercriminals. The first is don't hack targets inside the motherland. And we actually see that in the code. In a lot of these ransomware attacks, the groups will go out of their way to search your computer for its default language setting. And if you are a Russian language
Starting point is 00:16:25 speaker, it won't infect you. It'll move right along. The second rule we think Putin has is when we ask you to do a favor, you do whatever we ask. And that allows Russia to basically tap into these cyber criminals for some of its more sensitive operations so that should they get caught, the government can always say, we had nothing to do with this. We had no idea. These are cybercriminals. They operate on their own. And we've actually seen Putin come out and say something to this effect. A few years ago, he said, listen, hackers are like artists. They just get up in the morning and start painting. We have no say over what they do or don't do. And that gives the government cover should it need to use these cyber criminals for some of these more sensitive operations.
Starting point is 00:17:18 So from the perspective of the United States, this seems like it creates a real national security threat. You have ransomware attacks coming for the bedrock of our economy, and they could be coming from the Russian state or from these groups of cyber criminals. What can we do about this? It's not an easy ask, and it's pretty complicated. But at the international level, it really starts with Biden getting up on that podium and speaking to the threat of ransomware for the first time as an American president. It's working with other allies to come up with cohesive policy around our response to ransomware attacks. to ransomware attacks. And then domestically, it's things like, should Treasury have a rule that makes it illegal for victims of ransomware attacks to pay these ransoms? But the hardest thing we need to do is cyber hygiene. It's making ourselves less vulnerable. It's all the things that we've been told we needed to do for a very long time,
Starting point is 00:18:22 creating different passwords for different websites, turning on two-factor authentication, running your software updates and your security updates. And that's where the focus really needs to go. So a lot of it is really just on us, the boring, quiet, slow work of turning on two-step authentication. That's right. You know, they have this saying that security is only as good as your weakest link. And individuals and employees continue to be the weakest links.
Starting point is 00:18:53 And, you know, when you think about the colonial pipeline attack, think of it as almost this massive attack on our country. But what it came down to was an employee who had this old inactive account whose password had been stolen and they hadn't turned on two-factor authentication. So as long as we're making it that easy for these ransomware groups, these ransomware attacks will continue. And it doesn't matter what we're doing at the international level. When it's so easy to just hack an American company using a stolen password, these attacks won't go away. Nicole, thank you. Thank you so much for having me. The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge.
Starting point is 00:20:02 But the old adage, follow the money, still applies. On Monday afternoon, the Department of Justice said that it had recovered much of the ransom paid by Colonial Pipeline to end the ransomware attack staged by DarkSide. During a news conference, federal officials said they had seized $2.3 million worth of Bitcoin held by DarkSide, a little more than half of the ransom paid by Colonial. Today, we turned the tables on DarkSide. We'll be right back. Here's what else you need to nerdy. I want to be clear to folks in this region who are thinking about making that dangerous trek to the United States-Mexico border.
Starting point is 00:21:10 Do not come. Do not come. During her first foreign trip as vice president, Kamala Harris traveled to Guatemala, where she bluntly warned immigrants across Central America against illegally crossing into the United States. The United States will continue to enforce our laws and secure our border. There are legal methods by which migration can and should occur. The trip marks the beginning of a broader U.S. effort, led by Harris, to break the cycle of poverty and migration in the region, and ultimately, to stop the flow of migrants to the U.S. border. Today's episode was produced by Robert Jimison, Daniel Guimet, and Annie Brown.
Starting point is 00:22:07 It was edited by M.J. Davis-Lynn, engineered by Chris Wood, and contains original music by Dan Powell. That's it for The Daily. I'm Michael Barbaro. See you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.