Experts: Everyday internet-ready devices susceptible to cyberattacks

 Below is an excerpt from a Pittsburgh Tribune-Review article by reporter Andrew Conte. Click here to read the complete article. Conte, recently named Point Park University’s Director for the Center for Media Innovation, moderated the Council’s October 26th “Exploring Cybersecurity Through a Legal Lens” luncheon discussion.

A recent massive computer hacking incident that blocked traffic to many popular online sites offered just a taste of how bad future attacks could be, a top national cybersecurity expert said Wednesday in Pittsburgh.

Computer criminals turned ordinary Internet-connected devices into a weapon, called a denial of service attack, that prevented users from reaching popular sites such as Twitter, CNN and Spotify, among many others.

With the so-called “Internet of things,” in which basic items such as lightbulbs, refrigerators and coffeemakers are online, hackers have so many more opportunities for attacking victims, said Matt LaVigna, interim president and CEO of the National Cyber-Forensics & Training Alliance. The Second Avenue nonprofit brings together government and corporate computer security experts to track online threats.

“Nobody’s thinking about security, and this is a big wake-up call,” LaVigna said. “Even the actors that claimed to have perpetrated it have said that this is just a taste of what’s possible, which is true. It’s absolutely just a taste. There are so many things connected to the Internet now that, one, don’t need to be, and that, two, are manufactured and nobody is speaking up to say there should be security in this.”

LaVigna joined two federal cybersecurity officials from Pittsburgh for a panel discussion hosted by the World Affairs Council of Pittsburgh at The Rivers Club, Downtown. Moderated by Andrew Conte, the panelists addressed a wide variety of computer security topics but spent several minutes talking about the most-recent high-profile incident.

Unidentified computer hackers Friday targeted Dyn, a New Hampshire company that manages a key piece of internet infrastructure known as a DNS server. The server takes words users submit to access the internet, such as , and connects them to the website’s real, numeric address.

A Chinese maker of surveillance cameras has since acknowledged that its devices and technology had been corrupted to launch the attack. The problem with having so many ordinary devices online is that few people will take the time to update software against vulnerabilities as they are discovered, said Keith Mularski, supervisory special agent in charge of the cyber squad at the FBI’s Pittsburgh field office.

A similar problem exists with computers still using out-of-date Microsoft operating systems, but it could become exasperated with household items as they begin to age.

“With your (Internet-ready) refrigerator, who’s taking the time right now to update something that’s 20 years old?” he said. “So that’s going to make it vulnerable, and that’s going to make it an issue as we’re going forward that absolutely is going to need to be addressed.”

If even a refrigerator gets hacked, that’s a federal crime, said James Kitchen, a national security cyber specialist in the office of the U.S. attorney for Western Pennsylvania. That idea once seemed absurd, but federal prosecutors have a broad definition of what constitutes a computer, and it includes many everyday gadgets, he said.

“What this case illustrates is that just because it doesn’t have a screen and a keyboard, that doesn’t mean it’s not a computer,” Kitchen said. “As far as whether it’s your (fitness tracker) or whether it’s your refrigerator, those are all computers, and they all connect back to the Internet, and because they do that, they function in many of the same ways.”