Non-state actor suspected in massive cyberattack: Is that less scary? (+video)
Director of National Intelligence James Clapper discussed internet security on Tuesday at the Council on Foreign Relations.
Last week's major cyberattack, which affected millions of computer users, was probably the work not of a foreign government but of a non-state actor, Director of National Intelligence James Clapper said Tuesday.
"But I wouldn't want to be conclusively definitive about that yet," Mr. Clapper added, during an interview at the Council on Foreign Relations think tank offices in New York.
Since the White House has recently accused Russia of carrying out a politically motivated hack on the Democratic National Committee, some might be relieved to learn the latest incident seems to be largely apolitical, despite its proximity to the American presidential elections.
But should the discovery that a non-state actor can stage such a large-scale attack be greeted with relief?
"It's going to happen again," Martin McKeay, an analyst with network security firm Akamai Technologies Inc., told The Wall Street Journal. Mirai, the malware program that caused Friday's disruptions, can be overcome, but it will not be the last of its kind.
"I would be surprised if Mirai lasted in its current iteration for more than a few months, but something else will replace it," Mr. McKeay said.
Mirai took over a variety of Internet-connected devices, including security cameras and household items, to bombard targeted websites with automated requests that crowded out humans seeking to connect to Netflix, Twitter, certain news publications, and a number of other websites on Friday, as The Christian Science Monitor reported.
The sites affected by the disruptions, which came in three waves, were all customers of Dyn, a New Hampshire-based Domain Name Server (DNS) provider, as the Monitor's Story Hinckley explained:
These servers are the equivalent of an internet phone book, holding a directory of domain names. Each time a web surfer searches for a web address via a domain name, the internet provider instantaneously searches that website’s DNS provider, which then instantaneously translates the domain name into a computer-friendly IP address.
In other words, if it weren’t for DNS, internet users would have to know the IP address for a site (such as 18.104.22.168) instead of the simple domain name (such as csmonitor.com).
While foreign governments hostile to the United States could interfere with this flow of information across the internet, network experts studying the attack agree with the intelligence community's preliminary analysis.
"All the arrows point away from any sort of political motivation," Allison Nixon, a researcher with the online security firm Flashpoint, told the Journal, describing claims by Wikileaks, the New World Hackers, and other online groups as "dubious."
The Mirai source code – which was posted publicly online – is primarily written in English, but it uses Russian as well, as CNN Money reported.
"It's not the best code I've ever seen, but it's pretty good," Ohio-based application security architect Bill Sempf said. "This could take North Korea or Turkey offline."
During his Tuesday interview, Clapper pointed to the takeover of everyday devices as one of the important takeaways from last week's attack.
"There are some fundamental cyber hygiene things that, surprisingly, people – individuals and institutions – don’t attend to," Clapper told PBS journalist Charlie Rose. "Increasingly, though, I think there’s an awareness, particularly in the commercial sector."
Clapper said everyone is playing catch-up, paying the price for a widespread failure during the early days of the internet to adequately anticipate the need for cybersecurity.
"As long as we have this dependency on the internet, we’re always going to have this fundamental challenge of how to promote security in the cyber domain," he added.
That's on the defense side. On offense, Clapper said, officials can't publicly assign blame for a particular attack, let alone prosecute, until researchers have verified the claim, which is a delicate process. And the appropriate response in any given scenario could differ based on whether the attacker was a sophisticated nation state, a non-state actor, or somewhere in between.
In any event, Clapper said, the United States is still working out the best policies for deterrence efforts in cyberspace. That applies whether a hostile actor is backed by a government or not.
Material from The Associated Press was included in this report.