Experts Suspect Russia Is Using Ukraine As A Cyberwar Testing Ground Wired's Andy Greenberg says Ukraine has been the victim of a "cyber-assault unlike any the world has ever seen." Cybersecurity experts think Russia is perfecting attacks that could be used on the U.S.
NPR logo

Experts Suspect Russia Is Using Ukraine As A Cyberwar Testing Ground

  • Download
  • <iframe src="https://www.npr.org/player/embed/533951389/533968515" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Experts Suspect Russia Is Using Ukraine As A Cyberwar Testing Ground

Experts Suspect Russia Is Using Ukraine As A Cyberwar Testing Ground

Experts Suspect Russia Is Using Ukraine As A Cyberwar Testing Ground

  • Download
  • <iframe src="https://www.npr.org/player/embed/533951389/533968515" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Wired's Andy Greenberg says Ukraine has been the victim of a "cyber-assault unlike any the world has ever seen." Cybersecurity experts think Russia is perfecting attacks that could be used on the U.S.

TERRY GROSS, HOST:

This is FRESH AIR. I'm Terry Gross. If you want to know what kind of cyberattacks Russia is willing to launch, look at Ukraine. My guest, journalist Andy Greenberg, writes that for the past three years, Ukraine has been the victim of a sustained cyber-assault unlike any the world has ever seen, undermining practically every sector of Ukraine - media, finance, transportation, military, politics, energy. Intrusions have deleted data, destroyed computers and in some cases, paralyzed organization's most basic functions.

Greenberg reports that many cybersecurity experts believe Russia is using Ukraine as a cyber-war testing ground, a way to perfect attacks that could be directed against the U.S. This is the subject of Greenberg's July cover story for Wired Magazine titled "Lights Out: How An Entire Nation Became Russia's Test Lab For Cyberwar." Greenberg is a senior writer at Wired and covers security, privacy, information, freedom and hacker culture. A few years ago, he wrote a book about Julian Assange and WikiLeaks called "This Machine Kills Secrets."

Andy Greenberg, welcome to FRESH AIR. So you think we should be looking at cyberattacks on Ukraine because Ukraine is kind of a testing ground for Russian cyberattacks. Why do experts think of Ukraine as a testing ground?

ANDY GREENBERG: Well, for one thing, Russia is in actual, physical war with Ukraine. So it seems like they believe they can get away with cyberattacks there that they wouldn't try on the rest of the world. They sort of already have gotten their sanctions for invading the Crimean Peninsula in the eastern part of Ukraine. So they can basically try things with impunity.

And they have, starting with the hack of the Ukrainian election after the revolution in 2014 in which what appeared to be hacker activists - that kind of grass-roots organization but we now know has links to a Russian military hacker group - took over the website or infiltrated the website of the central election committee and rigged it to show the wrong winner of the election, this far-right candidate who actually got a tiny percentage of votes instead of the actual winner, the current president, Poroshenko. So you can see that as a kind of precursor to the Russian hacking and meddling in the 2016 U.S. presidential election.

GROSS: Did the wrong candidate actually win in Ukraine, the candidate who did not get the most votes?

GREENBERG: So hackers tampered with the website of the Central Election Commission in Ukraine to try to make it appear momentarily - to confuse the media and the public - that the wrong candidate had won. In fact election officials found out about this tampering with only hours to go before the results were announced. They managed to fix it, but in fact the Russian media announced the wrong winner anyway, which shows that they were probably collaborating with the hackers.

So you know, once you start to go back into that history, you can see that there's a kind of syllogism here that Russia hacked the Ukrainian election, and then when they got away with that, they tried it in the U.S. And then Russia hacked the Ukrainian power grids. And then you have to wonder, is the next step that they're going to try that sort of attack on the West or on the United States?

GROSS: So your Wired cover story about Russian hacking in Ukraine starts with a cybersecurity expert at home in Ukraine watching Oliver Stone's film about Edward Snowden when at midnight his building loses power. What happened?

GREENBERG: So Oleksii Yasinsky is this cybersecurity researcher for a Ukrainian firm. I'd seen him give a talk about the forensic analysis of the blackout attacks in Ukraine. And so I - when I finally went to Kiev, I met with him to ask him technical questions really about how he'd tracked these hackers and figured out how they pulled off these really unprecedented attacks. But then I had discovered that he had actually experienced one of those attacks himself, that he and his family in his north Kiev apartment had actually had their own power turned off in the second of those two attacks which happened in December of 2016.

And that was a chilling moment for him. He'd been tracking these hackers for more than a year, and they had essentially reached into his own home, his own private space. And it became very real for him suddenly that these hackers had the ability to breach that sort of illusory zone of privacy, that they were not confined to the Internet, that they could attack physical infrastructure including his own home.

GROSS: But this, you know - fortunately for the people in Ukraine, this was the kind of hack where the engineers at the power station were able to turn the electricity back on, to switch it back on. But that doesn't mean that next time it might not be more devastating. So what are some of the fears about what Russian hacks can do to the power grid in Ukraine or in the U.S.?

GREENBERG: So both of these power grid attacks were really just a matter of hours. The first one was around six hours in these three regions of Ukraine. The second one was only one hour before the Ukrainian utility that runs the power and the capital of Kiev was able to turn the power back on. So the actual effects of those attacks themselves - they weren't catastrophes. But they're more disturbing when you think of them as experiments, as kind of dry runs for larger attacks.

In fact the second one, we now know, was caused by this very sophisticated piece of malware - malicious software - that's come to be known as CrashOverride. And it was basically a fully automated power grid attack. It could have been done, for instance, on more than one grid company at a time. It could have caused 10 or 15 different utilities to go out simultaneously. It could be adapted to work outside of Ukraine.

There are these modular components that could be swapped out to make it adaptable to other parts of Europe or the United States. So what that implies is that whoever built this piece of malware has created a kind of reusable, adaptable, evolving cyber-weapon that they will probably want to use again.

GROSS: So does this cyber-weapon turn off electricity, or can it actually damage the electricity grid, the power grid?

GREENBERG: So so far, we've only seen them turn it off. And what that means is that they basically take over the remote control systems, switch off the power. And then engineers have been able to sort of drive out to the substations and switch the power back on manually. But there was one hint in this new piece of malware, CrashOverride, that it might have the ability to cause permanent damage or, you know, to destroy equipment.

It contains this - what hackers call an exploit, a way of attacking a piece of Siemens equipment that is a protective device that's meant to function as a kind of kill switch if lines get overcharged so that if grid equipment is about to be damaged, it can basically turn off the power. If that device is disabled, as this malware seems like it's capable of doing, that could cause actual damage. It could cause lines to melt. It could possibly destroy these transformers that form the backbone of country's power grids.

GROSS: So there were cyberattacks on the Ukraine electric grid two years in a row - 2015 and 2016. Was the 2016 one worse than the one the year before?

GREENBERG: Well, at a glance, it seems not as serious because it only took down the power for about a fifth of the city of Kiev for about an hour, which is very, you know - not a serious thing. But then it's only kind of come to light very recently as the attack was analyzed how it worked. And it used this CrashOverride malware to essentially automate all the steps of the attack that were done in 2015 manually.

You know, in 2015, the hackers step-by-step broke in and manually took over the mouse controls of some of the engineers, even. And you could see them clicking circuit by circuit, turning them off. All of that in 2016 was automated. So it was essentially like a puppet where you cut the strings, and it continues the attack. It could be done on multiple targets at once. It could be adapted and used in other parts of the world.

And the other thing about the 2016 attack is that it kind of moved up the circulatory system of the Ukrainian power grid. In 2015, the attacks were on these regional energy companies, and they were attacking the distribution system, which are kind of like the capillaries of the electric system. In 2016, they were attacking a transmission station, which is kind of like an artery. So if you continue that progression, then you - logically, the next thing to attack would be the power generation, an actual power plant, which is one of the real nightmares that the cybersecurity industry has been warning about for decades.

GROSS: So in the past couple of years, there's been a barrage of attacks on Ukraine companies as well as government agencies, including Ukraine's pension fund, the country's treasury, its Sea Port Authority, its Ministries of Infrastructure, Defense and Finance. What kind of damage has been done?

GREENBERG: Well, there have been dozens or hundreds of computers destroyed in these - among these victimized organizations. There's been data deleted. The Ukrainian treasuries lost terabytes of data just as they were preparing the budget for the next year in 2016. But the - yeah, the power grid attacks were sort of a climax to what, you know, I think is fair to call a cyberwar. And after all, Russia is at war with Ukraine, so this is kind of the digital part of what Ukrainians call a hybrid war - that they're trying to humiliate the Ukrainian government, to destabilize a society, to give a general impression that things are going badly in Ukraine, to prevent foreign investment in Ukraine.

So all of this kind of chaos contributes to what Ukrainians tell me - you know, they believe Russia is trying to create a perception of a failed state. And the dysfunction that they're able to inflict certainly contributes to that perception.

GROSS: Do we know how the hackers got into the systems that they hacked?

GREENBERG: In the first of these two power grid attacks, we do have a sense of how that happened. And that's in part because the Ukrainian government brought in whole teams of Americans to analyze it who then published their results. And they found that the attacks, which is - this pretty common - started with a phishing email that had an infected attachment. It purported to be from the Ukrainian parliament, and it had a document that claimed to be a list of types of Ukrainian citizens who were eligible or who were subject to the draft, which is something that nobody can afford not to open in the middle of a war.

So that infected attachment then would run on the victim's computer, and it would plant this piece of malware that's really kind of just, like, spyware called BlackEnergy that's able to basically watch what you're doing on your computer. And then when BlackEnergy was able to grab the usernames and passwords of those victims, they were then able to use them to log into this VPN, a virtual private network, that provided access to the actual connections to control systems, the ability to start messing with the actual grid equipment like circuit breakers that can turn off the power.

GROSS: In one attack - and I think this was attack - an attack on a private company - hackers exploited the company's IT Helpdesk tool to take control of the mouse movements of the station's operators. And you actually have a video on the Wired website of this computer that's been taken over. And you just see the mouse being moved (laughter). It's opening things, and it's going places. And it's really scary.

GREENBERG: Yeah, and you have to wonder if the hackers were doing that because it's the most efficient way. This was actually the first power grid attack that - what you're talking about is an attack on one of these electric companies. And you have to wonder if that was the most efficient way to turn off the power or just the scariest. It is...

GROSS: Because you're seeing yourself lose complete control.

GREENBERG: Right. This is called a phantom mouse attack, or at least some hackers call it that. And the hackers - after they, you know, use that VPN to gain access to the control systems, they took over the IT Helpdesk tool and literally locked people out of their computers. And they had to - the engineers were watching their own mouse cursors click through the grid software and turn off - open these circuit breakers one by one, each of which turned off the power to thousands of Ukrainian citizens. And they were helpless to do anything about it. So I think that that was an effective kind of psy-op as well, that it definitely strikes fear into the - not only the Ukrainian populous but the electric company that was the victim of that attack.

GROSS: Are people in Ukraine worried that whole systems are going to be destroyed?

GREENBERG: To be honest, I didn't find that the Ukrainian citizens were effectively terrorized by these attacks. I think that they are experiencing an actual war that's killing people, that's killed 10,000 Ukrainians in the east. They have bigger problems in a way. I think that the electric companies - this was a disaster for them. The other targets like the government agencies, the media companies - all of them were thrown into chaos by these attacks when they were individually victimized. So you know, there are very real consequences.

But you know, another motive here for Russia - you know, if this is in fact Russia, and it seems to be by every measure - is a kind of practice grounds. They can get away with things in Ukraine that they can't try elsewhere. And they may be honing attacks that they'll use on Western Europe or the United States.

GROSS: If you're just joining us, my guest is Andy Greenberg, who's a senior writer for Wired Magazine. And his new Wired July cover story is titled "Lights Out: How An Entire Nation Became Russia's Test Lab For Cyberwar." We'll be back after a break. And when we come back, we're going to talk about Russian hacking in the U.S. This is FRESH AIR.

(SOUNDBITE OF AHMAD JAMAL'S "THE LINE")

GROSS: This is FRESH AIR. And if you're just joining us, my guest is Andy Greenberg, a senior writer for Wired magazine. He has Wired's July cover story which is titled "Lights Out: How An Entire Nation Became Russia's Test Lab For Cyberwar." And that entire nation is Ukraine. Experts think that the cyberattacks that Russia is doing in Ukraine might be or have already been turned on other countries, including the U.S. Andy, let's talk about Russia cyberattacks in the U.S. Just give an overview of some of the aspects of the American cyber infrastructure that we know or suspect have been hacked by Russians. There's, of course, the election system.

GREENBERG: So as I dug into these Ukrainian hacks, I was surprised to learn that the cybersecurity community actually had a hint that the same hacker group which was called Sandworm had started the process of pulling off the same attacks targeting the U.S. grid, that they had in 2014 infected U.S. electric utilities with the same piece of malware called BlackEnergy. And that at the time had been a kind of, you know, minor alarm. When you see that this was actually a group that went on to cross that line and turn off actual power to cause actual blackouts, then that seems much more serious.

So we have the sense that Russia has at least taken the first step in these attacks that would cause infrastructure disruption in the United States as well. But, of course, the presidential election is when all of Russia's hacking abilities really came to light and caused much more serious real chaos in American politics and in a way that we're all now aware of, has made, you know, the cybersecurity community and I think the entire U.S. population aware of the abilities of Russian hackers. And those attacks include the breach of the Democratic National Committee, other Democratic organizations.

Now we know that the Russian hackers also penetrated the voter registration organizations and I think more than 20 U.S. states, that they tried to compromise a voting technology company in Florida. So all of that points to Russia targeting the U.S. electoral system. And in some ways they were effective. They did absolutely cause us to question that process in ways that we're still investigating.

GROSS: If the Russians could do what they tried to do in Ukraine, what else could they do here? And how worried is the cyber expert community about that?

GREENBERG: I think it's the brazenness of Russia's activities in the 2016 election that have scared people the most. The fact that Russia is willing to insert itself into our electoral process I think has made the political community but also the cybersecurity community wonder how far Russia will go. I don't think it's a surprise that Russia has also tried to mess with or infect or lay the groundwork for attacking American infrastructure.

The U.S. has certainly done the same thing to other countries. It probably has tried to lay the groundwork for attacking the Russian grid as well. But it's a sense that the Putin regime is brazen enough, bold enough to actually try to pull off these attacks, to go forward and not fear the diplomatic consequences that I think has Americans scared.

GROSS: But there also could be cyber consequences for Russia. I mean, the U.S. could decide to fight back and disable some Russian systems. And you say some experts are calling this a kind of cyber deterrence because both sides know if they did a really super major hack on the other side, the other side would retaliate.

GREENBERG: Right. To be clear, you know, the U.S. was the first country to develop a real cyberweapon. This piece of malware called Stuxnet was designed and effectively did destroy nuclear enrichment centrifuges in Iran. So it's possible that Russia is pulling off these attacks on Ukraine to show what it can do, to signal to the U.S. and the rest of the world, don't mess with us. Don't launch your own cyberattacks on our infrastructure, that we have the ability to retaliate. And that hems in American capabilities to, you know, to unleash the full power of our very, very capable and skilled and well-resourced hacking teams.

GROSS: My guest is Andy Greenberg. He wrote the cover story in July's Wired magazine titled "Lights Out," how Russia is using Ukraine as a testing ground for cyberattacks. After a break, we'll talk about how he drove a car whose electronic control system was hacked. And David Bianculli will review the new TV shows "GLOW" and "Prime Suspect: Tennison." I'm Terry Gross, and this is FRESH AIR.

(SOUNDBITE OF ABDULLAH IBRAHIM'S "CALYPSO MINOR")

GROSS: This is FRESH AIR. I'm Terry Gross back with Andy Greenberg, a senior writer for Wired magazine. He wrote the July cover story titled "Lights Out" about how Russia appears to be using cyberattacks against Ukraine as a testing ground for larger cyberattacks in other countries like the U.S. He covers security, privacy, information freedom and hacker culture. He covered the WannaCry ransomware attacks in the spring, which he said became the worst digital disaster to strike the Internet in years, crippling transportation and hospitals globally.

Let's get to the global ransomware attack that happened in May. About 300,000 machines in 150 countries were affected. Would you describe the attack?

GREENBERG: Yeah. So this piece of ransomware, a kind of malware that locks up your computer, then encrypts all your files and demands you pay a ransom for them spread through hundreds of thousands of machines around the world using a leaked NSA hacking tool. It was basically a hacker group which may or may not have been associated with Russia stole a bunch of NSA hacking tools through means we still can't identify, published a bunch of them. And they included a way to basically break into Windows machines.

And, in fact, that hacking method was so effective that it could be used in a kind of worm where it spreads from one computer to the next automatically. And so another group of hackers, which we're starting to believe may have been based in North Korea, used that tool, combined it with ransomware and then unleashed this worm that took over more than 300,000 computers around the world and locked them up and demanded a ransom in the cryptocurrency bitcoin. And I know that all that probably kind of - like, a sci-fi novel. I'm happy to explain parts of it in more detail.

GROSS: Well, just describe what people saw on their computers when they were hacked.

GREENBERG: So if you were a victim of this ransomware which was called WannaCry, then you just see a message that says your files have been encrypted, send a bitcoin ransom to this address. And then you have seven days to do so or the files will be lost forever. Basically the key that could unlock those files would be deleted. And, in fact, there is no evidence that even paying the ransom would guarantee that your files would be unlocked. As the cybersecurity industry has helped people who have been infected, they've discovered that there is no very organized system, that the ransomware creators weren't even closely monitoring or with any automated system monitoring who was paying ransoms and unlocking files for them.

So lots of people paid and didn't actually have their files unlocked. And when that became clear, people stopped paying. And the creators of this massive digital catastrophe only made something like $150,000 total through this really awful epidemic that despite not being very profitable did shut down important systems in the U.K. health care infrastructure, lots of government systems in Russia and in China and some U.S. targets as well.

GROSS: So what stopped the WannaCry ransomware from damaging even more machines?

GREENBERG: Well, there was this kind of quirk of the ransomware that it contains its own kill switch. And we still don't know exactly why. But basically whenever it infected a system, it would reach out to this long random-seeming web address. And that seemed like maybe it was designed to be a check to see if it was running in a simulation. Or maybe it was used while the malware was being tested before it was released. But when it reached out to that long web address, if it connected to it successfully, it wouldn't actually encrypt the person's files. It was basically neutered.

And when this one security researcher in the United Kingdom discovered that, he simply registered the web address. And from then on, whenever the malware infected a new system, it would connect to that address, the kill switch would flip and it would essentially not be triggered. He kind of inadvertently prevented a global ransomware plague. But, you know, the thing is that the next time this happens, it may not contain a kill switch. There's nothing sort of inherent about the ransomware epidemic that it had to have that very lucky vaccine built into it.

GROSS: So what is the scope of that attack say to you?

GREENBERG: Well, I think if nothing else, it just points to the vulnerability of global computer systems. This was an NSA hacking tool, but it was one that the NSA actually had helped Microsoft to put out a patch for months earlier. So if you had been a very careful administrator of your system, you would have implemented those software patches and made your system protected from this ransomware before it even appeared. But clearly, many hundreds of thousands of computers were not protected because it's just difficult to do this kind of simple blocking and tackling of cybersecurity.

Cybersecurity is just kind of like health care, globally a difficult and complex thing that we're still trying to figure out. And the fact that even though there was a kind of vaccine for this ransomware that wasn't used points to the fact that there are big security vulnerabilities that loom in these systems that probably will be exploited again.

GROSS: So cybersecurity experts think that North Korea was behind the WannaCry ransomware attacks. North Korea hacked Sony a couple of years ago. How would you compare the North Korea hacks with, say, Russia hacks?

GREENBERG: Well, the very strange and unique thing about North Korea's hackers is that in addition to these kind of like cyberterrorism operations like the one against Sony which was I think designed to prevent Sony from releasing its movie "The Interview" which was about, you know, the assassination of Kim Jong-un, they're also just trying to make money by hacking organizations around the world. They're hacking into financial companies and stealing tens of millions of dollars which just seems like it actually is just motivated by profit. They're trying to fund their impoverished governments, to fund their nuclear development, for instance.

And WannaCry, this ransomware, we're still trying to figure out if in fact North Korea created it. It seems likely they did and why. But I think the running theory right now is that it was created as a money-making tool, that it was still in development in some North Korean test lab. And because it is a automated worm that can spread from computer to computer, it leaked out by accident, that it was running on a test computer and it managed to infect another one and then got out of control and beyond North Korea's control before it was ready. And that's why it was kind of botched. It made very little money, $150,000 is very little for a government, but nonetheless caused massive disruption around the world.

GROSS: If you're just joining us, my guest is Andy Greenberg. He's a senior writer for Wired magazine. And he has the July cover story which is titled "Lights Out: How An Entire Nation Became Russia's Test Lab For Cyberwar." And that nation is Ukraine. We'll be back after we take a short break. This is FRESH AIR.

(SOUNDBITE OF TIM DELAUGHTER'S "DEBATE MONTAGE")

GROSS: This is FRESH AIR. And if you're just joining us, my guest is Andy Greenberg. He's a senior writer for Wired magazine, covering security, privacy, information freedom and hacker culture. He has the cover story in July's Wired magazine, called "Lights Out: How An Entire Nation Became Russia's Test Lab For Cyberwar." And it's about the Russian cyberattacks on Ukraine and how that could be a test for what they could do even here in the United States.

So let me get to an experience that you had with hacking. And it's one that you kind of volunteered for (laughter). I don't know how you feel about it now. But you wrote an article for Wired not long ago called "Driving In A Hacked Car: Hackers Remotely Kill A Jeep With Me In It." And you actually asked hackers to hack a Chrysler Jeep that you were driving. What was the point of this?

GREENBERG: Well, for three years, I've been working with these two automotive cybersecurity researchers who had been, first with a grant from the U.S. government actually, trying to find ways to hack into the internet-connected systems of cars. And that kind of culminated in 2015 with this hack they developed, an over-the-internet hack on the digital systems of a 2014 Jeep Cherokee. And they invited me to, you know, drive this Jeep while they demonstrated the attack and asked me to drive onto the highway.

I thought that they were going to just kind of mess with - I didn't think they would mess with, like, actual driving systems while I was on the highway. I figured it would just be attacks on the radio and the windshield wipers, the air conditioning - which they did do. But then they escalated to actually shutting down my transmission on the highway, and I was stuck on the highway. There was no shoulder. I couldn't get out of traffic, and the vehicle was disabled. And it - this was all done over the internet to an unaltered Jeep, and it really drove home the vulnerability of internet-connected vehicles, not to mention the internet-connected autonomous vehicles that we probably have in our near future.

GROSS: How frightening was it to lose control of the Jeep that you were driving?

GREENBERG: It was very scary. I (laughter) - you know, I knew something was going to happen. I didn't know something that serious was going to happen. The hackers were miles away. They didn't know that there was no shoulder on the highway, so they felt I could just pull off. And I couldn't.

GROSS: Oh.

GREENBERG: So...

GROSS: Yeah.

GREENBERG: ...It was - yeah, it was pretty stressful. There was like a big rig truck coming up in my rearview mirror at one point. And I joked with them that I had got post-traumatic stress disorder from it.

GROSS: (Laughter).

GREENBERG: I think I was half-joking. But...

GROSS: Really, yeah.

GREENBERG: ...It was a very effective demonstration, too. We did it all on video, of course. I didn't know what we were going to capture on video. But the - you know, that helped to lead to a recall of 1.4 million Chrysler vehicles to fix a digital vulnerability that allowed hackers to access their computers over the internet and take control of their driving systems because these guys could do more than just shut down transmissions. They could turn the steering wheel. They could disable the brakes at certain speeds. So this is very real, and there are probably other vulnerable cars out there.

GROSS: So what was the hackers' goal? Did they want Jeep to fix the problems? Or is there goal to correct the vulnerabilities or to make a different point?

GREENBERG: These were definitely what we call white-hat hackers. These guys, Charlie Miller and Chris Valasek, were trying to demonstrate vulnerabilities in cars, in this Jeep Cherokee specifically, to get them fixed but then, I think more broadly, to make the automotive industry and American regulators aware of the looming vulnerabilities of cars as they're increasingly internet-connected, as they have more and more kind of automated systems as well because, you know, the more automation you have in a car, the more that computers can control them.

And when we have fully autonomous vehicles, they're fully controlled by the computers in their dashboards. And that means that, you know, if you can take over that computer, you can completely take over the car. And that's not hyperbole. So that's the future they're trying to prevent. And they both actually got hired by Uber to help to secure their autonomous vehicles that are still in the works.

GROSS: So Jeep fixed its vulnerabilities, yes?

GREENBERG: That's right, yeah.

GROSS: OK. And...

GREENBERG: At least those vulnerabilities.

GROSS: At least those vulnerabilities. And did your article also lead to some kind of legislation or proposed legislation?

GREENBERG: Well, legislation was introduced the same day as my article came out. (Laughter) And the legislators swore that it was not timed to my article. But they'd also been working with the researchers, so it seemed pretty clear that they were trying to use the publicity around our story, around this really excellent, you know, work that these two researchers had done to spur changes and create a kind of buyer's guide based on security for cars, a new regulatory system that would make it clear whether your car has decent cybersecurity or not.

And that legislation has certainly not been passed. I don't know how far it ever got. But I don't think that regulators have actually done much to solve this problem. I think the automotive industry really woke up and has taken big steps to test their systems, to bring in outside hackers to test them, to create systems where they can send security patches over the internet to vehicles remotely and fix problems before they can be exploited by real hackers.

GROSS: What are your - what's your level of enthusiasm now about the internet of things - about the idea that your whole home, all the appliances in your home, could talk to each other? You could talk to them and have everything basically be run like an iPhone or something, you know. So are you less enthusiastic about that, seeing how easily so many things can be hacked? Do you want to stay manual (laughter)?

GREENBERG: Well, I don't think that security should prevent us from building cool things. You know, I think that it's great that cars have internet connections. I think autonomous vehicles will save, you know, millions of lives probably. And I think - I don't know if, like, internet-connected light bulbs are going to save anybody's life. But we shouldn't be forced to, you know, stymie our - the cool things we want to build because we're worried about hackers.

But I do think we need - as we build these things, we need to be aware that we're inviting new security vulnerabilities - that when you connect light bulbs to the Internet, they will be attacked. And that can occasionally be catastrophic. And we've already seen Internet of things, devices, hacked to take them over and turn them into botnets of - you know, what we call botnets, these collections of zombie computers that can then be used to fire junk traffic, web traffic at websites and take them down.

That future has already arrived. The Internet of things is being hacked even today. The notion that it'll be used to take over cars on the highway hasn't happened yet, but that's a real possibility, too. And as we develop these cool Internet-connected things, we just need to build security into the process from the start.

GROSS: Have you been hacked yourself?

GREENBERG: Well, I think maybe the worst I have experienced was when I was working for Forbes magazine a few years ago and the Syrian Electronic Army attacked Forbes starting with a spear-phishing attack, as always, took over some parts of our network. They - I believe - I'm sorry to say this for my Forbes colleagues, but I think we had to announce at the time that they stole a million usernames and passwords from the site that were encrypted but not encrypted particularly strongly.

And they defaced a bunch of blogs, including my blog on the site. And so I had hacked by the Syrian Electronic Army plastered across the top of my personal page on forbes.com next to my face. And that kind of got screenshotted (ph) and passed around the cybersecurity community who, you know, who knew me. It was a little bit embarrassing, but I survived.

GROSS: Andy Greenberg, thank you so much for talking with us.

GREENBERG: It's been a pleasure. Thanks.

GROSS: Andy Greenberg is a senior writer for Wired Magazine and wrote the July cover story "Lights Out: How An Entire Nation Became Russia's Test Lab For Cyberwar." After a break, David Bianculli reviews two new TV shows - "GLOW" and "Prime Suspect: Tennison." This is FRESH AIR.

(SOUNDBITE OF TERRY SLINGBAUM'S "WATER GAMES - RAVEL RE-IMAGINED")

Copyright © 2017 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.