ORLANDO, Fla. – In a world where hackers never sleep there are companies tracking and anticipating their next move, waiting to see if this time it’s the big one or simply another test looking for cracks in the system. Ready, if, and when they blink and hackers always blink. It’s like a game of chess only this is no queen’s gambit. These hackers are constantly creating and looking for new opening moves. So how do you track what you can’t immediately see?
This week on Florida’s Fourth Estate, Ginger Gadsden and Matt Austin talk to a cyber intelligence expert and the CEO of a cyber intelligence company.
These companies are the tasked with hunting hackers before the damage is done by sending out a warning beacon and highlighting the vulnerable spots a cyber security company may have missed.
Karim Hijazi is the CEO of Prevailion and an expert on cyber-attacks targeting critical industries.
Hacker recently gained access into the water treatment system in Oldsmar, Florida and tried to increase levels of sodium hydroxide in the city’s water by more than 100 times its normal levels. The result could have been devastating.
It’s precisely this kind of brazen attempt by hackers Hijazi says, keeps him up at night. Oldsmar is just a small example of what could have happened on a broader scale.
“A lot of our customers are big, corporate, huge enterprises, governments,” he said. “Those are very, very important organizations to protect. But believe it or not, what we are talking about today, be it Oldsmar and a small little water utility or not it’s the critical infrastructure hacks and the concerted takedown of one system after another that I think scares all of us in the industry.”
Hijazi says systems like a water utility were not built with security in mind so everything to keep it safe must now be bolted onto the back end and constantly updated.
Luckily for the nearly 16,000 people in Oldsmar, these hackers did not appear to be very sophisticated.
An operator watching the computer screen could actually see the cursor being controlled remotely. This is not a savvy move of a hacker ready to take down the world-wide power grid.
Hijazi said Pervailion’s focus is on nation-state hackers whose moves wouldn’t be detected right away. But he explained there could be a more sinister side to a hacker who knows his moves are being watched.
“If they have total control of the system, it doesn’t matter if you can see them because there is nothing the operator can do to stop it,” he said.
It’s the real-life scenario that played out in the Ukraine in 2015 in what is known as the world’s first power grid to be taken down in a cyber-attack.
“This is very much what happened overseas in places like the Ukraine. Where they did and it was the Russians and they were very overt about what they were doing to these power grids and the operators simply couldn’t control their machines and they had to leave their power station and give up,” Hijazi said.
It is the job of cyber intelligence companies like Prevailion to make sure this kind of massive hack does not happen by warning big entities when danger is approaching.
It’s pretty heady stuff for the average consumer.
While you may not be in charge of providing water and electricity to millions, your home system needs protection, too.
We asked Hijazi what anyone can do to fortify our personal network at home.
He says you can start with the router and changing the default password as soon as you purchase it.
Hijazi says hackers will try every door to your home to gain access.
“They are getting the last gateway of your home in a way that you can’t guard it,” he explained. “You can’t put antivirus on your router. Usually they will get in because no one changed the default password on their routers when they buy them. It’s usually admin or admin password or whatever you can look at it on Google.”
Another helpful home tip, Hijazi says once you’ve set everything at home you should turn off the broadcast of your Wi-Fi networks name.
He says it won’t let everyone driving by your house or a nosey neighbor gain access to your Wi-Fi.
Hijazi says there is a ton of PII or personal identifiable information contained in your Wi-Fi network. While it won’t stop someone from hacking into your system at least you’re not broadcasting that information to make it easier for any further nefarious activity.
If you want to hear more about what it’s like to be a hacker hunter, click the links below to listen to the full interview with Karim Hijazi.
Florida’s Fourth Estate looks at everything from swampy politics to a fragile environment and even the crazy headlines that make Florida the craziest state in the Union.
Ginger Gadsden and Matt Austin use decades of experience as journalists to dissect the headlines that impact Florida. Each week they have a guest host who helps give an irreverent look at the issues impacting the Sunshine State. Big influencers, like Attorney John Morgan, renowned Florida journalists and the scientists protecting Florida’s ecosystem, can often be found as guests.
Look for new episodes every Friday on iTunes, Stitcher or wherever you listen to your favorite podcasts.
Listen to the full episode of Florida’s Fourth Estate on iTunes here or on Sticher here.