National Intelligence Director Clapper Addresses National Security Summit
Director of National Intelligence James Clapper speaks about threats to the US during the Defense One annual Summit November 2, 2015 in Washington, DC. Photograph by Mark Wilson—Getty Images

Top U.S. Intelligence Chief Says Non-State Actors Behind Massive Web Hack

Oct 26, 2016

Last Friday’s enormous cyber attack that brought down popular websites and online services like Amazon (amzn) and Netflix (nflx) was likely caused by a non-state actor, otherwise known as hackers without ties to any specific state or government.

Based on data investigators have been accumulating, it’s likely a “non-state actor" rather than a particular government group carried out the hacking, according to a Wall Street Journal article quoting Director of National Intelligence James R. Clapper’s comments on Tuesday in New York at the Council on Foreign Relations.

The Wall Street Journal also cited other cybersecurity experts who have concluded that it’s less likely national governments or “online blackmailers” were involved with the attack. The report cited once such expert, Allison Nixon of security firm Flashpoint, who said it could be a “loosely knit social circle of kids and young adults” looking to make some sort of statement.

Get Data Sheet, Fortune’s technology newsletter.

During last week’s attack, hackers were able to use publicly available source code to help crack into millions of Internet-connected devices, such as cameras and printers. With the collected power of millions of these devices working in tandem, the hackers sent wave after wave of web request to Internet service company Dyn. The influx of requests overloaded Dyn, which essentially acts as a sort of gateway and switchboard between Internet users and the websites they want to access.

As Fortune’s Jeff Roberts wrote, it’s likely that many lawsuits will arise out of this first major hack on the Internet of things, a catch-all term for devices such as thermostats and washing machines that are connected to the web. Roberts wrote that the security community is pointing fingers at some device makers that failed to secure their products. These makers include small, relatively unknown Chinese manufacturers, and even familiar brands like Xerox (xrx) and Panasonic (pcrfy).

Security researchers have long argued that if not properly architected with cybersecurity precautions, connected devices pose a risk if hackers are able to crack them.

Still, not all connected devices are totally hackable, as IoT expert and former Fortune senior editor Stacey Higginbotham wrote. Although many Internet-connected devices, including cameras and routers, were affected in the attack, they represent just a fraction of the many Internet-powered devices on the market.

For more about cybersecurity, watch:

Additionally, consumers can link Internet-connected lightbulbs and refrigerators into a so-called hub that’s not directly connected to the open web, thus acting as a security buffer. IoT devices like lightbulbs, she explained, also don’t come packed with the type of computing power necessary to help criminals carry out their hacks.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions