Cyber Attack

Oct. 24, 2016
More from this show

A denial-of-service attack shut down major web sites such as Netflix, Twitter, CNN and others recently by attacking a service provider for those companies. The attack took place by overloading servers via gadgets or appliances that are connected to the internet, known as the Internet of Things. Mark Pribish, vice president and ID theft practice leader for Merchants Information Solutions, a Phoenix company that is a leading provider of corporate identity theft management and data breach solutions, and Evelyn Pidgeon, the Arizona State University Information Security Program director, will talk about the cyber-attack

Transcript:


TED: GOOD EVENING AND WELCOME TO "ARIZONA HORIZON." I'M TED SIMONS. GOVERNOR DOUG DUCEY TODAY SIGNED AN EXECUTIVE ORDER THAT LIMITS THE FIRST PRESCRIPTION OF OPIOID DRUGS TO A SEVEN-DAY SUPPLY FOR ADULTS AND THE ORDER ALSO ALLOWS FOR NO MORE THAN A SEVEN-DAY TOTAL SUPPLY FOR CHILDREN UNLESS THEY HAVE CANCER OR OTHER CHRONIC DISEASES OR SERIOUS INJURIES. THE ORDER ONLY AFFECTS THOSE WITH STATE-PROVIDED INSURANCE, INCLUDING THE STATE EMPLOYEE INSURANCE PLAN AND MEDICAID. A MAJOR ATTACK ON THE INTERNET LAST FRIDAY MANAGED TO SHUT DOWN MAJOR WEBSITES LIKE NETFLIX, CNN AND OTHERS. THE ATTACK TOOK PLACE BY OVERLOADING SERVERS BY WAY OF GADGETS OR DEVICES THAT ARE CONNECTED TO THE INTERNET. WE'LL TALK ABOUT THIS WITH MARK PRIBISH, FROM MERCHANTS INFORMATION SOLUTIONS, A PHOENIX COMPANY THAT PROVIDES CORPORATE IDENTITY THEFT MANAGEMENT AND DATA BREACH SOLUTIONS AND ALSO EVELYN PIDGEON, ASU'S INFORMATION SECURITY PROGRAM.
TED: SO MARK, WHAT EXACTLY HAPPENED FRIDAY, HOWD THIS GO ABOUT?

MARK PRIBISH: ESSENTIALLY YOU HAVE A COMPANY THAT SUPPORTS THE INTERNET AND WHEN YOU AND I GO TO THE INTERNET AND WE GOOGLE USA TODAY, IT TAKES US TO USA TODAY.COM. BUT THERE'S AN I.P. ADDRESS THAT CAN BE A 10-DIGIT NUMBER AND THAT'S WHAT DNS CREATED. THEY WERE OVERWHELMED WITH BOTNETS AND THEY WERE PRETENDING TO BE ACTIVITY TO THEIR SERVERS THAT WAS NOT GOOD INFORMATION AND THAT IS OVERWHELMED -- THOSE OVERWHELMED SERVERS CREATED AN OVERLOAD WHERE THEY HAD TO SHUT DOWN.

TED: SO BASICALLY PERSONAL DEVICES TURNED AND ATTACKED, HUH?

EVELYN PIDGEON: THAT'S EXACTLY WHAT HAPPENED. PERSONAL DEVICES THAT. THAT HAD BEEN COMPROMISED BY THE HACKERS, THAT MANAGED TO GAIN CONTROL OF THEM AND USE THE BOTS TO ALLOW THEM TO SEND THE TENS OF THOUSANDS OF ATTACKS AGAINST THE DOMAIN NAMED SERVER CREATING A TRAFFIC JAM, SO THAT PEOPLE LIKE YOU AND I COULDN'T GET TO WHAT WE NEEDED.

TED: WHEN WE HEAR ABOUT THE DISTRIBUTED DENIAL OF SERVICE ATTACKS, WHAT DOES THAT MEAN?

EVELYN PIDGEON: IT MEANS EXACTLY WHAT MARK WAS TALKING ABOUT. IT'S OVERWHELMING A SYSTEM OR SERVICES WITH SO MUCH INFORMATION. USUALLY BAD DATA, JUST JUNK. THAT IT CAN'T HANDLE ALL OF THE REQUESTS COMING IN.

TED: SO HOW DO THEY MANAGE TO DO THIS? I READ THAT COMMON PASSWORDS WERE USED AND THEN -- DID THAT HAVE SOMETHING TO DO IT.
MARK PRIBISH: LET'S GO TO THE INTERNET OF THINGS, FIRST OF ALL, THE INTERNET OF THINGS, SO FAR, APPEARS TO BE A PRETTY GOOD THING. WE GET EXCITED ABOUT A SMART REFRIGERATOR AND A SMART WASHER AND DRYER, PRINTER THAT COMMUNICATES TO THE RETAIL STORE I NEED NEW INKJET CARTRIDGES AND EVEN SMART CARS AND THERE'S EFFICIENT AND SAFETY IN SECURITY BUT WITH THE SAFETY AND SECURITY, WE HAVE MANUFACTURERS OF SMART DEVICES WHO ARE SO EXCITED TO CREATE NEW PRODUCT THAT THEIR CONCERN FOR SECURITY AND SAFETY IS MINIMAL. AND SO TYPICALLY WHEN WE GET A NEW IPHONE OR NEW LAPTOP OR SMART DEVICE WE HAVE A SECURITY CODE AND THE SECURITY CODE IS A BASIC TEMPLATE SECURITY CODE IT. COULD BE AS SIMPLE AS SECURITY OR 12345. AND AS INDIVIDUAL CONSUMERS WE NEED TO CHANGE THOSE SECURITY CODES AND WHAT THE BOTNETS DID, THEY TOOK ADVANTAGE -- THE BAD GUYS, TOOK ADVANTAGE OF THE MAJORITY OF THE SECURITY CODES OF THE INTERNET DEVICES NOT BEING CHANGED.

TED: WE'RE LECTURED TO CHANGE YOUR PASSWORD. SO MUCH SO IF YOU CAN'T FIND THEM ON A INDEX CARD, YOU'RE OUT OF LUCK. ARE YOU SAYING WHEN THESE DEVICES ARE MADE, THEY HAVE THEY HAVE THEIR OWN -- SO NO MATTER WHAT I DO, YOU CAN BREAK INTO THE PHONE SECURITY CODE?

EVELYN PIDGEON: YOU CAN BREAK INTO IT IF YOU HAVEN'T CHANGED WHAT THE DEFAULT CODE WAS OF THE MANUFACTURE. THEY HAVE A DEFAULT PASSWORD ON EVERY DEVICE THEY MANUFACTURE. IF YOU DON'T CHANGE IT TO SOMETHING OF YOUR OWN CHOOSING, THOSE PASSWORDS ARE READILY AVAILABLE AND THE BAD GUYS CAN LOOK THEM UP AND THEY HAVE A LIST AND GO SEARCHING AND LOOK FOR EVERY DEVICE OUT THERE AND AS SOON AS THEY GET ONE THEY'RE ABLE TO ACCESS, THEY ADD THAT TO THEIR LIST.

TED: ARE YOU TELLING ME THAT THERE ARE SO MANY PEOPLE OUT THERE WHO WONT CHANGE THEIR PASSWORD. THEY OPEN THEIR IPHONE BOX AND IT SAYS 12345, THAT'S GOOD!

EVELYN PIDGEON: I THINK MOST PEOPLE KNOW ON THEIR PHONES TO CHANGE THE PASSWORD, BUT WILL YOU DO THAT FOR YOUR REFRIGERATOR? SO THERE'S A COMPUTER IN YOUR REFRIGERATOR TO TELL YOU HOW MANY EGGS TO ORDER WHEN YOU RUN LOW.

TED: DOES IT TELL YOU TO CHANGE YOUR PASSWORD?

EVELYN PIDGEON: IF IT'S A COMPUTER IT'S GOING TO HAVE A PASSWORD. IT SHOULD HAVE THAT INFORMATION. ITS SOMETHING THAT YOU CAN TALK TO YOUR MANUFACTURER AND LOOK UP IN YOUR INSTRUCTIONS AND IT SHOULD HAVE THAT INFORMATION FOR YOU.

TED: YOU BOTH MENTIONED THESE ARE BAD GUYS -- WHO ARE THE BAD GUYS?

MARK PRIBISH: IT DEPENDS, IT COULD BE NATION-STATES. IT WOULD BE TEENAGE HACKERS, IT COULD BE JUST CRIMINALS WHO ARE LOOKING -- CRIMINAL RINGS FROM AROUND THE WORLD LOOKING TO MAKE A DOLLAR. WHAT'S INTERESTING ABOUT THIS STORY IS THERE'S THIS OVERNIGHT-EXCITEMENT HOW BAD FRIDAY WAS. IT COULD ACTUALLY BE A VERY GOOD THING TO HEIGHTEN OUR AWARENESS ABOUT THE FUTURE SECURITY. AND SO FOR EXAMPLE, IF I'M AN INDIVIDUAL CONSUMER, I'M GOING TO WANT TO READ THE PRODUCT GUIDE THAT COMES WITH MY SMART FAN AND REFRIGERATOR AND PRINTER. AND I'M GOING TO WANT IT CHANGE THAT DEFAULT PASSWORD. SO THAT'S A GOOD THING FOR THE CONSUMER. IT'S GOING TO HEIGHTEN AWARENESS, SO YOU HAVE A CONSUMER RISK MANAGEMENT PERSPECTIVE HERE BUT THERE'S A ENTERPRISE OR DATA BREACH RISK MANAGEMENT PERSPECTIVE FOR ORGANIZATIONS. AND ORGANIZATIONS THEMSELVES. IT'S GOING TO HEIGHTEN THE AWARENESS FOR THEM. AND EVELYN IS A SPECIALIST -- AN EXPERT IN SECURITY AND GOVERNANCE AND THAT'S A BIG TREND FOR BUSINESSES AND ENTERPRISES.

TED: INDEED, AND A LOT OF FOLKS ARE WORRIED ABOUT THE ELECTION AND THAT THAT COULD SOMEHOW BE COMPROMISED. COULD IT BE COMPROMISED?

EVELYN PIDGEON: I THINK THE THING WE SEE TRENDING IS INFLUENCE OF THE ELECTION. COMPROMISING TRENDS ON FACEBOOK. OR ON OTHER SOCIAL MEDIA THAT MAKES IT LOOK LIKE THERE'S A LOT MORE LIKES TO A CERTAIN CANDIDATE OR CERTAIN OPINION. AND THEN -- THAN THERE ACTUALLY ARE.

TED: THIS DOES SHOW THE VULNERABILITY OF LIVING IN A CONNECTED WORLD, DOES IT NOT?

EVELYN PIDGEON: YES, IT DOES.
TED: WHAT LESSON DO DID WE LEARN.
EVELYN PIDGEON: WEL WE TALKED ABOUT THE PASSWORD LESSON. WE TALK ABOUT, DO YOU REALLY NEED AN INTERNET CONNECTED DEVICE. AT ASU, WE TAKE A HARD LOOK AT THE THINGS WE HAVE CONNECTED AND CONVENIENT FOR OUR STUDENTS AND FACULTY AND STAFF AND SAY, DOES THAT DEVICE REALLY NEED TO BE CONNECTED TO THE INTERNET OR NOT. DOES IT NEED TO BE SOMETHING THAT ANYONE ON THE INTERNET CAN FIND OR MAKE IT SO IT'S ONLY FOUND BY PEOPLE AT ASU. THOSE ARE THINGS YOU CAN DO TO PROTECT YOURSELF.

TED: LIVING IN A WORLD WHERE EVERYTHING IS IN THE CLOUD. FIRST OF ALL, IT'S ON THE NET AND NOW IN THE CLOUD. CAN YOU -- HOW FAR CAN YOU GO -- HOW MUCH CAN THIS BE PROTECTED -- IN OTHER WORDS, IS THIS INEVITABLE, THIS KIND OF ATTACK?

MARK PRIBISH: IT IS, BUT WHILE IT APPEARS THE BAD GUYS ARE ALWAYS SIX MONTHS AHEAD, HOMELAND SECURITY, THAT'S THE STATE ORGANIZATION OF THE FEDERAL GOVERNMENTS THAT RESPONSIBLE FOR PROTECTING THE INTERNET. AND WHEN PEOPLE ASK ME ABOUT WHAT CAN I DO OR WHAT SHOULD I DO TO GET MORE EDUCATED, EVELYN AND I WERE TALKING ABOUT THE BLACK HAT CONFERENCE, IN LAS VEGAS, IT WAS THE 18TH OR 19TH BLACK HAT CONFERENCE AND I TELL THE CONSUMERS INTERESTED IN LEARNING MORE ABOUT SECURITY AND VULNERABILITY. GOOGLE BLACK HAT 2013, '14, '15, AND '16 AND THERE ARE DEMONSTRATIONS ON STAGE BY SOME OF THE BRIGHTEST IN THE WORLD, GOOD HACKERS, WHO ARE DEMONSTRATING HOW I CAN START A CAR, STEER A CAR, BREAK A CAR, FROM OUTSIDE OF THE HOTEL OF A CAR THAT'S ON THE STAGE.

TED: I'M SORRY, THAT JUST CAN'T HAPPEN. THESE SMART CARS ARE HAPPENING BUT -- YOU -- THEY'VE GOT TO BE -- I MEAN, THEY'VE GOT TO BE SECURE. YOU CAN'T HAVE CARS DOING THEIR OWN THING OUT THERE.

EVELYN PIDGEON: WITH ANY COMPUTER, TO YOU MAKE SURE IT'S SECURE. I KNOW THERE'S SOME SECURITY CONSCIOUSNESS RAISING GOING ON. AND IT'S UP TO THE CONSUMER TO MAKE THEMSELVES AWARE. WHAT ARE THE POSSIBILITIES AND RISKS? YOU KNOW, WHAT ARE THE THINGS THEY NEED TO DO TO PROTECT THEMSELVES AND THERE'S LOTS OF INFORMATION OUT THERE. MARK MENTIONED SECURITY, THEY HAVE LOTS OF INFORMATION ONLINE THAT YOU CAN LOOK AND RESEARCH.

TED: WITH SMART CARS, I CAN DO ALL OF THE RIGHT THINGS BUT IF ANOTHER PERSON USES 12345, AND THE CAR GOES BARRELING DOWN THE HIGHWAY -- COULD THAT HAPPEN.

MARK PRIBISH: THESE ARE REALLY BRIGHT PEOPLE DOING IT ON A ONE-OFF BASIS, THERES NO MASS TAKING OVER OF CARS ON HIGHWAYS BUT THE FACT THAT THAT CAN BE DONE ON A ONE-OFF BASIS, SHOWS FOR THE SECURITY CONSCIOUS MANUFACTURERS, WE HAVE TO WORK ON THIS.

TED: QUICKLY, WAS THIS -- DO YOU THINK THIS WAS SOME KIND OF TEST RUN FOR ANOTHER EVENT?

MARK PRIBISH: I -- IT CAN BE A TEST RUN. IT MIGHT BE A TEST RUN. BUT I DON'T THINK WE'VE SEEN ANYTHING YET. I THINK FOR EXAMPLE, THE ELECTION YOU ASKED ABOUT THE ELECTION, COULD THIS IMPACT THE ELECTION, COULD IT BE A TEST RUN FOR THE ELECTION? POSSIBLY, BUT I THINK THE BIGGER ISSUE GOING FORWARD IN THE FUTURE, WHEN YOU LOOK AT MAJOR CITIES IN THE UNITED STATES, IF SOMEONE HAS BEEN INTO THE WATER SUPPLY, THE UTILITY, IF WE LOSE ELECTRICITY FOR A WEEK.

TED: YEAH.

MARK PRIBISH: OR ACCESSES TO WATER FOR A WEEK OR SOMEONE HAS BEEN IN A NUCLEAR POWER PLANT, THAT'S THE TRUE TEST OF RESPONDING TO A HACKING EVENT.

TED: QUICKLY, SHOULD WE EXPECT A COPYCAT HERE SOMETIME IN THE NEAR FUTURE?

EVELYN PIDGEON: I THINK WE ALWAYS EXPECT SOMEONE ELSE IS GOING TO TRY IT. WE DO OUR BEST TO TAKE A LOOK AT THE EVENT, LESSONS LEARNED AND HOW CAN WE BOLSTER OURSELVES AGAINST FUTURE ATTACKS.

TED: GOOD INFORMATION. THANKS FOR JOINING US. WE APPRECIATE IT.

In this segment:

Mark Pribish, vice president & ID theft practice leader for Merchants Information Solutions; Evelyn Pidgeon, director, Arizona State University Information Security Program

Also in this episode:

Water Video Reaction

SPOTLIGHT
Illustration of columns of a capitol building with text reading: Arizona PBS AZ Votes 2024
airs April 18

Arizona PBS presents candidate debates as part of ‘AZ Votes 2024’

Earth Day Challenge graphic with the Arizona PBS logo and an illustration of the earth

Help us meet the Earth Day Challenge!

Graphic for the AZPBS kids LEARN! Writing Contest with a child sitting in a chair writing on a table and text reading: The Ultimate Field Trip
May 12

Submit your entry for the 2024 Writing Contest

The Capital building with text reading: Circle on Circle: Robert Lowell's D.C.
May 2

An evening with ‘Poetry in America’

Subscribe to Arizona PBS Newsletters

STAY in touch
with azpbs.org!

Subscribe to Arizona PBS Newsletters:


LATEST CONTENT
MORE EPISODES
Rita Marko, President / CEO of Phoenix Sister Cities
  April 15

The first Phoenix Global Forum

Rep David Cook /(R) AZ District 7
  April 15

Arizona Supreme Court abortion ruling

Roy Herrera/ Founding Partner, Herrera Arellano LLP
  April 15

Former President Donald Trump’s criminal trial

Camryn Sanchez, KJZZ; Howie Fischer, Capitol Media Services; Mary Jo Pitzl, the Arizona Republic & azcentral.com
  April 12

Journalists’ Roundtable: Supreme Court rules on abortion case, rancher shooting bill, chaos at legislature

Johnathan Nez
  April 11

Former Navajo Nation President is running for Arizona’s Congressional District 2

Dana Marie Kennedy/ State Director, Arizona AARP
  April 11

A new bill could give Arizona assisted living facilities more protection

Stephen Montoya/ Attorney, Montoya, Lucero, & Pastor
  April 11

Texas law could allow arrest of migrants suspected of illegally entering U.S.

Paula Pedene, executive director of Honoring, America’s Veterans; Tim Taylor, Iraq War veteran and was the community engagement Director for Arizona with concerned Veterans for America
  April 10

Veteran Affairs Wait Time Scandal 10 years later

Dr. Kathryn Sorensen/Director of Research, Kyl Center for Water Policy
  April 10

New report on groundwater use for Phoenix homes

Cathi Herrod, Center for Arizona Policy
  April 10

Arizona Supreme Court limits abortions, activist supports decision

Jennifer Piatt, J.D. Research Scholar, Sandra Day O'Connor College of Law
  April 9

Arizona Supreme Court announces statewide abortion ban

Stacy Pearson, Co-founder of Lumen Strategies Doug Cole, Chief Operating Officer of HighGround, Inc.
  April 9

Re-enacted Arizona abortion ban expected to have major political repercussions

Senator Eva Burch (D), District 9
  April 9

Response from Senator Eva Burch on statewide abortion ban

Dr. Madappa Kundranda, Gastrointestinal Medical Oncologist at Banner MD Anderson Cancer Center
  April 8

New study highlights potential of colon cancer blood test

Dale Rogers, Professor of Business, W. P. Carey School of Business, at ASU
  April 8

Semiconductor factory plans to expand in northwest Phoenix

Steve Chucri, President & CEO of Arizona Restaurant Association
  April 8

The restaurant industry in Arizona is booming