Doug Jacobson. (ISU photo)

An Iowa State University expert on cybersecurity says the hacker attack on the southern gas pipeline could have been a lot worse.

Professor Doug Jacobson says the attack could have done more than create gas lines. “The good news with this pipeline is they didn’t get control of the pipeline. If they had gotten control of the pipeline they cold have overpressurized the pipe. You could paint a hundred bad, bad scenarios,” he says.

Media reports say the pipeline company paid five million dollars to the hackers. Jacobson says technology has made hacking more tempting. “Early forms of ransomware have been around for probably 15 years. We didn’t see it much because we didn’t have Bitcoin — so it was hard to make a transaction without being traced. Bitcoin enabled anonymous transactions,” Jacobson says.

He says instantly backing up data helped fight ransomware, as companies could wipe computers and install the backed up data and get back to work. He says now those who use ransomware are saying they will release the sensitive data to get companies to pay.

Jacobson says the introduction of malware has changed too as the defense against it has gotten better. He says that’s led to other ways of getting employees to be fooled into letting hackers in.

“We actually don’t see this stuff come in too much as attachments anymore, because we’ve done a good job of creating tools to detect that,” according to Jacobson. “So it migrated away from a lot of email attachments, and have moved to drive you to a website where you end up downloading this malware.”

He says hacks against individuals are very uncommon for one reason. “They are not worth enough money to make it worth it to these organizations to do this. It’s a pretty sophisticated tool they employ and they are after the big score,” Jacobson says.

Jacobson says the hackers have focused on businesses that need their computer systems to operate,  such as hospitals, to look for that big payoff.