Last Friday’s enormous cyber attack that brought down popular websites and online services like Amazon (AMZN) and Netflix (NFLX) was likely caused by a non-state actor, otherwise known as hackers without ties to any specific state or government.
Based on data investigators have been accumulating, it’s likely a “non-state actor” rather than a particular government group carried out the hacking, according to a Wall Street Journal article quoting Director of National Intelligence James R. Clapper’s comments on Tuesday in New York at the Council on Foreign Relations.
The Wall Street Journal also cited other cybersecurity experts who have concluded that it’s less likely national governments or “online blackmailers” were involved with the attack. The report cited once such expert, Allison Nixon of security firm Flashpoint, who said it could be a “loosely knit social circle of kids and young adults” looking to make some sort of statement.
Get Data Sheet, Fortune’s technology newsletter.
During last week’s attack, hackers were able to use publicly available source code to help crack into millions of Internet-connected devices, such as cameras and printers. With the collected power of millions of these devices working in tandem, the hackers sent wave after wave of web request to Internet service company Dyn. The influx of requests overloaded Dyn, which essentially acts as a sort of gateway and switchboard between Internet users and the websites they want to access.
As Fortune’s Jeff Roberts wrote, it’s likely that many lawsuits will arise out of this first major hack on the Internet of things, a catch-all term for devices such as thermostats and washing machines that are connected to the web. Roberts wrote that the security community is pointing fingers at some device makers that failed to secure their products. These makers include small, relatively unknown Chinese manufacturers, and even familiar brands like Xerox (XRX) and Panasonic (PCRFY).
Security researchers have long argued that if not properly architected with cybersecurity precautions, connected devices pose a risk if hackers are able to crack them.
Still, not all connected devices are totally hackable, as IoT expert and former Fortune senior editor Stacey Higginbotham wrote. Although many Internet-connected devices, including cameras and routers, were affected in the attack, they represent just a fraction of the many Internet-powered devices on the market.
For more about cybersecurity, watch:
Additionally, consumers can link Internet-connected lightbulbs and refrigerators into a so-called hub that’s not directly connected to the open web, thus acting as a security buffer. IoT devices like lightbulbs, she explained, also don’t come packed with the type of computing power necessary to help criminals carry out their hacks.
