The head of U.S. intelligence, James Clapper, said Tuesday that a non-state actor was likely behind the cyberattack that caused a massive internet outage Friday. Speaking at the Council on Foreign Relations, Clapper said the investigation was still underway but that it “appears to be preliminarily the case” that the attack was the work of an individual or group not affiliated with a foreign government.
When asked again if a non-state actor launched the DDoS attack that shut down sites like Amazon, Twitter, and Pinterest for millions of users, Clapper said, “Yes, but I wouldn’t want to be conclusively definitive about that yet. That’s an early call.”
The intelligence firm FlashPoint also believes this to be the case, based partly on the fact that “the infrastructure used in the attack also targeted a well-known video game company.” FlashPoint wrote Tuesday that “the targeting of a video game company is less indicative of hacktivists, state-actors, or social justice communities, and aligns more with the hackers that frequent online hacking forums.”
In the CFR discussion with CBS’s Charlie Rose, Clapper said these “non-nation-state actors” were “even more nefarious” than countries like Russia and China that are known for carrying out cyberattacks.
“We’ve had this disparity or contrast between the capability of the most sophisticated cyber actors, nation-state cyber actors, which are clearly Russia and China, but have to this point perhaps more benign intent,” he said. “And then you have other countries who have a more nefarious intent. And then even more nefarious are non-nation-state actors.”
Clapper, who oversees the FBI, CIA, NSA, and Homeland Security, said they haven’t yet “figured out” how to employ the “psychology of deterrence against all those potential actors.”
Clapper also noted that the internet is inherently hard to secure. “When the internet was first—as an experiment and then when it—as it mushroomed, security was never an integral part of what the internet was designed for,” he said. “I mean, it just didn’t—wasn’t a consideration.”
In Slate, Fred Kaplan wrote about this idea, calling vulnerability “the internet’s original sin.”
But Clapper also added that the commercial sector is “increasingly” paying more attention to cybersecurity. He said, “Of course the attention-getter there is always how does this affect my bottom line. And that is what I think is motivating increasingly to private sector and private sector companies, to pay more attention to cybersecurity.”