Cybersecurity Lawyer Who Flagged The WHO Hack Warns Of 'Massive' Remote Work Risks : Coronavirus Live Updates Many companies' employees are working from home during the coronavirus. Alexander Urbelis, hacker-turned-information-security attorney, says the remote working environment is a hacker's paradise.
NPR logo

Cybersecurity Lawyer Who Flagged The WHO Hack Warns Of 'Massive' Remote Work Risks

  • Download
  • <iframe src="https://www.npr.org/player/embed/822687397/823742205" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Cybersecurity Lawyer Who Flagged The WHO Hack Warns Of 'Massive' Remote Work Risks

Cybersecurity Lawyer Who Flagged The WHO Hack Warns Of 'Massive' Remote Work Risks

  • Download
  • <iframe src="https://www.npr.org/player/embed/822687397/823742205" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

RACHEL MARTIN, HOST:

A lot of the global workforce is working remotely right now. And according to cybersecurity experts, that shift is a hacker's paradise. Steve Inskeep talked with Alexander Urbelis. He's a former hacker-turned-information security lawyer. And he explained how he discovered an attack on the World Health Organization. He told Steve that a group of hackers created a website in an attempt to steal passwords from health officials.

ALEXANDER URBELIS: The manner in which we picked up this particular attack is that the group that targeted the WHO, we have been watching for quite a while. And then - we have been monitoring the Internet for indications that the group has re-awoken. And that's what we detected on 13 March with respect to a live attack against the World Health Organization.

STEVE INSKEEP, BYLINE: To the best of your knowledge, who is this group?

URBELIS: There are some indications that a group by the name of DarkHotel - which is known for targeting executives, checking into hotels and hotel Wi-Fi and things like that - may be responsible for this particular type of attack. This group that we have been watching is very sophisticated. Their attacks are very sleek. The attackers perform a significant amount of reconnaissance, and they painstakingly create portals that look exactly like the victims' portals.

INSKEEP: What does that mean - create a portal that looks exactly like? That means I'm here at home trying to log into my company's server. I have to effectively go through the door of the company, in Internet terms, and they create a fake door and trick my computer into going through that door? Is that what you mean?

URBELIS: That's almost exactly right, Steve. Yes. And that's what we saw happening with the WHO on the 13 of March.

INSKEEP: I suppose this is an especially dangerous attack at a moment when everybody is being told to work from home and log in from home?

URBELIS: Oh, no doubt. Absolutely. People are very used to seeing these portals that are asking for their usernames and passwords. And if you look at the Web address or the URL that's associated with this particular type of attack, it was very, very convincing.

I'll tell you, there is a massive amount of security issues surrounding working from home. For most organizations, this is really a problem of degree. Our entire workforce has gone from maybe 5% to 10% of off-premises work to 100% off-premises work. So this means that we have more personal devices, more off-premises endpoints, so to speak, being used to handle and process business data, including highly sensitive data like trade secrets and business plans.

INSKEEP: One of the things with so many people working from home - and I would presume in many cases, working a lot more on computers even than they normally would be - we're all washing our hands for proper hygiene to secure ourselves. Is there a computer equivalent of washing your hands that you would recommend to people to avoid hacking?

URBELIS: (Laughter) Yes. I mean, where to start? We can't underestimate the importance of multifactor authentication. Small businesses may want to implement this really quickly. They can do so by using services like Google and Duo. Even personal accounts should be upgraded with multifactor authentication.

Another thing - absolutely - training is key here - understanding what scams are going to look like, understand that the psychological trigger points during a health crisis like this are things like vaccines, treatments, money rebates, anything that has to do with this $1,200 that's going to be coming back to persons and people in need, workplace-related guidance - these are all things that are going to be phishing lures. And phishing is the biggest problem that an organization is going to face right now. But phishing scams are just old wine in a new bottle.

Good cyber-hygiene, together with a skeptical and rigorous mind, are the best defenses. And honestly, no technological defense is going to be 100% effective. The gray matter in between our ears and our instincts are going to be what matters most.

INSKEEP: Alexander Urbelis, thanks so much for the time - really appreciate it.

URBELIS: Absolutely. It's my pleasure, Steve. And I wish you the best of luck and best of health.

Copyright © 2020 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.