Non-state actor suspected in massive cyberattack: Is that less scary?

Director of National Intelligence James Clapper discussed internet security on Tuesday at the Council on Foreign Relations.

Brendan McDermid/Reuters
Director of National Intelligence James Clapper speaks at the Council on Foreign Relations in New York City on Tuesday, when he said officials suspect a non-state actor was behind last week's massive cyber attack. 'But I wouldn't want to be conclusively definitive about that yet,' he added.

Last week's major cyberattack, which affected millions of computer users, was probably the work not of a foreign government but of a non-state actor, Director of National Intelligence James Clapper said Tuesday.

"But I wouldn't want to be conclusively definitive about that yet," Mr. Clapper added, during an interview at the Council on Foreign Relations think tank offices in New York.

Since the White House has recently accused Russia of carrying out a politically motivated hack on the Democratic National Committee, some might be relieved to learn the latest incident seems to be largely apolitical, despite its proximity to the American presidential elections.

But should the discovery that a non-state actor can stage such a large-scale attack be greeted with relief?

"It's going to happen again," Martin McKeay, an analyst with network security firm Akamai Technologies Inc., told The Wall Street Journal. Mirai, the malware program that caused Friday's disruptions, can be overcome, but it will not be the last of its kind.

"I would be surprised if Mirai lasted in its current iteration for more than a few months, but something else will replace it," Mr. McKeay said.

Mirai took over a variety of Internet-connected devices, including security cameras and household items, to bombard targeted websites with automated requests that crowded out humans seeking to connect to Netflix, Twitter, certain news publications, and a number of other websites on Friday, as The Christian Science Monitor reported.

The sites affected by the disruptions, which came in three waves, were all customers of Dyn, a New Hampshire-based Domain Name Server (DNS) provider, as the Monitor's Story Hinckley explained:

These servers are the equivalent of an internet phone book, holding a directory of domain names. Each time a web surfer searches for a web address via a domain name, the internet provider instantaneously searches that website’s DNS provider, which then instantaneously translates the domain name into a computer-friendly IP address.

In other words, if it weren’t for DNS, internet users would have to know the IP address for a site (such as 216.168.224.70) instead of the simple domain name (such as csmonitor.com).

While foreign governments hostile to the United States could interfere with this flow of information across the internet, network experts studying the attack agree with the intelligence community's preliminary analysis.

"All the arrows point away from any sort of political motivation," Allison Nixon, a researcher with the online security firm Flashpoint, told the Journal, describing claims by Wikileaks, the New World Hackers, and other online groups as "dubious."

The Mirai source code – which was posted publicly online – is primarily written in English, but it uses Russian as well, as CNN Money reported.

"It's not the best code I've ever seen, but it's pretty good," Ohio-based application security architect Bill Sempf said. "This could take North Korea or Turkey offline."

During his Tuesday interview, Clapper pointed to the takeover of everyday devices as one of the important takeaways from last week's attack.

"There are some fundamental cyber hygiene things that, surprisingly, people – individuals and institutions – don’t attend to," Clapper told PBS journalist Charlie Rose. "Increasingly, though, I think there’s an awareness, particularly in the commercial sector."

Clapper said everyone is playing catch-up, paying the price for a widespread failure during the early days of the internet to adequately anticipate the need for cybersecurity.

"As long as we have this dependency on the internet, we’re always going to have this fundamental challenge of how to promote security in the cyber domain," he added.

That's on the defense side. On offense, Clapper said, officials can't publicly assign blame for a particular attack, let alone prosecute, until researchers have verified the claim, which is a delicate process. And the appropriate response in any given scenario could differ based on whether the attacker was a sophisticated nation state, a non-state actor, or somewhere in between.

In any event, Clapper said, the United States is still working out the best policies for deterrence efforts in cyberspace. That applies whether a hostile actor is backed by a government or not.

Material from The Associated Press was included in this report.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.