•   
  •   
  •   

Politics Colonial Pipeline wasn't the first and won't be the last cyber pirate attack

01:50  11 may  2021
01:50  11 may  2021 Source:   cnn.com

Major US pipeline halts operations after ransomware attack

  Major US pipeline halts operations after ransomware attack WASHINGTON (AP) — The federal government is working with the Georgia-based company that shut down a major pipeline transporting fuel across the East Coast after a ransomware attack, the White House says. The government is planning for various scenarios and working with state and local authorities on measures to mitigate any potential supply issues, officials said Saturday. The attack is unlikely to affect gasoline supply and prices unless it leads to a prolonged shutdown, experts said. Colonial Pipeline did not say what was demanded or who made the demand.

The fact that an apparent group of cyber pirates -- a secret criminal nerd syndicate -- can take down the aorta of fuel for the East Coast should be sending shockwaves through the country.

a close up of a wire fence: WOODBRIDGE, NEW JERSEY - MAY 10: Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. © Michael M. Santiago/Getty Images WOODBRIDGE, NEW JERSEY - MAY 10: Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey.

We've all read this year about the pandemic threatening supply chains and about climate change causing more freak weather that threatens power grids. Meanwhile, hackers have also gotten more brazen, locking companies key to the US infrastructure.

What is ransomware? Everything you need to know about one of the biggest menaces on the web

  What is ransomware? Everything you need to know about one of the biggest menaces on the web Updated: Everything you need to know about ransomware: how it started, why it's booming, how to protect against it.What is ransomware?

This week it's Colonial Pipeline. But it's been hospital systems. Cities. Schools. Everything from the city of Atlanta to the DC Police Department has been hit by ransomware.

And while they can't be tied in all or even most cases to foreign governments, that should not distract us from the fact that the US appears to be under attack.

For more straight reporting on Colonial Pipeline, read this CNN report from Zachary Cohen, Geneva Sands and Matt Egan explaining the broad strokes and business implications. This one from Kevin Liptak focuses on what the US government, and specifically President Joe Biden, is going to do about it.

Here are my takeaways:

The Colonial Pipeline is a vital piece of US infrastructure.

Spanning more than 5,500 miles, it transports about 45% of all fuel consumed on the East Coast. It transports 2.5 million barrels per day of gasoline, diesel, jet fuel and home heating oil. No disruptions have yet been felt from the shutdown of the pipeline, but this is not something that should be able to be shut down.

EXPLAINER: Why the Colonial Pipeline hack matters

  EXPLAINER: Why the Colonial Pipeline hack matters NEW YORK (AP) — A cyberattack on a critical U.S. pipeline is sending ripple effects across the economy, highlighting cybersecurity vulnerabilities in the nation's aging energy infrastructure. The Colonial Pipeline, which delivers about 45% of the fuel used along the Eastern seaboard, shut down Friday after a ransomware attack by gang of criminal hackers that calls itself DarkSide. Depending on how long the shutdown lasts, the incident could impact millions of consumers. © Provided by Associated Press FILE - In this Sept. 20, 2016 file photo vehicles are seen near Colonial Pipeline in Helena, Ala.

This sounds like an underground criminal syndicate.

The ransomware group claiming credit for the Colonial Pipeline attack is called DarkSide, originates from Russia and is thought to rent out its software to other hackers. The US has not specifically tied DarkSide to the Russian government, but rather thinks the group is operating for profit.

Related: More on DarkSide

This is apparently going to get worse.

"All of our industries are going through some form of digital transformation, which means they're becoming more connected and taking advantage of things like cloud resources. That connectivity allows adversaries to come into those systems and compromise them in these ways," Rob Lee, the CEO of Dragos, a cybersecurity firm, told CNN 's Jim Sciutto on Monday.

There are big targets and small targets.

A good portion of the country could feel the pinch of higher gas prices and potential jet fuel shortages as Colonial Pipeline races to bring itself fully back online. That is a very big attack.

Overnight Energy: 5 takeaways from the Colonial Pipeline attack | Colonial aims to 'substantially' restore pipeline operations by end of week | Three questions about Biden's conservation goals

  Overnight Energy: 5 takeaways from the Colonial Pipeline attack | Colonial aims to 'substantially' restore pipeline operations by end of week | Three questions about Biden's conservation goals HAPPY MONDAY. Welcome to Overnight Energy, your source for the day's energy and environment news.Please send tips and comments to Rachel Frazin at rfrazin@thehill.com . Follow her on Twitter: @RachelFrazin . Reach Zack Budryk at zbudryk@thehill.com or follow him on Twitter: @BudrykZack . Signup for our newsletter and others HERE. Today it's pipelines all the way down as we examine what you need to know about the cyberattack that's haltedToday it's pipelines all the way down as we examine what you need to know about the cyberattack that's halted operations at a pipeline serving 45 percent of people on the East Coast, plus a look at President Biden's conservation plan.

Fewer people were directly hurt when the DC Police Department was targeted and hackers threatened to release information on confidential informants.

The range of targets is extensive.

"Everybody is vulnerable," said Lee. "We are going to experience attacks. The real question is how we're going to be more responsive and more resilient in the face of those attacks so that the consequence doesn't impact our daily lives."

There's a lot we don't know.

The exact nature of the Colonial Pipeline attack, whether there were demands or it was discovered, is not clear from the company's statements. PC Mag reported in April on how communications from ransomware extortionists can read and how they exert pressure on companies to pay ransom rather than have sensitive data released to customers.

For every attack you hear about, there are others you don't.

More than two dozen government agencies in the US have been hit this year alone, according to experts. Homeland Security Secretary Alejandro Mayorkas raised the alarm about these attacks just last week, in a speech before the US Chamber of Commerce before Colonial Pipeline was hit, calling them an "existential threat" to businesses.

Russia Denies Involvement in Colonial Pipeline Cyber Attack: Kremlin

  Russia Denies Involvement in Colonial Pipeline Cyber Attack: Kremlin President Joe Biden said that although U.S. intelligence had found no evidence to link the attack with the Russian government, he believed the country had "some responsibility to deal with" the issue.The pipeline, which stretches more than 5,500 miles and carries 45 percent of the East Coast's supply of diesel, petrol and jet fuel, was taken offline over the weekend, disrupting fuel supply across eastern parts of the country and pushing prices up.

More than $350 million in victim funds -- ransom, essentially -- was paid as a result of ransomware in the past year, and the rate of ransomware attacks increased over the prior year by more than 300%, he said.

This will influence the debate over Biden's plan to update US infrastructure.

Look for a coming debate over whether Biden's $2 trillion plan to update the country's infrastructure does enough to protect it from cyberattacks. Politico wrote in April about concerns that there was not enough attention in the plan to securing the new infrastructure. On the other hand, the existing infrastructure is clearly susceptible to attack.

Government hacks vs. ransomware attacks.

Before this Colonial Pipeline ransomware attack, the main recent US breach this year had come not from ransomware pirates seeking a payday, but from Russian hackers potentially seeking intelligence, who got in by hacking software from a Texas company, SolarWinds. They infiltrated at least nine US government agencies, including the Department of Homeland Security, and scores of private companies.

Separately, a Chinese-linked hack of Microsoft Exchange servers across the globe likely compromised data that could lead to more attacks.

There's may be little functional difference between ransomware pirates and foreign governments hacking US systems.

Colonial Pipeline launches restart after six-day shutdown

  Colonial Pipeline launches restart after six-day shutdown The Colonial Pipeline launched the restart of its operations Wednesday evening following a six-day shutdown caused by a ransomware attack, but the pipeline's operators warned it will take several days for service to return to normal. © Samuel Corum/Bloomberg/Getty Images A Colonial Pipeline Co. storage tank at a facility in the Port of Baltimore in Baltimore, Maryland, U.S., on Tuesday, May 11, 2021. Fuel shortages are expanding across several U.S. states in the East Coast and South as filling stations run dry amid the unprecedented pipeline disruption caused by a criminal hack.

Here's an excellent quote from Chris Krebs, who until last November was director of the Cybersecurity and Infrastructure Security Agency at DHS. He told CNN that the distinction between a Russian state actor and a crime network operating inside Russia is "increasingly irrelevant."

"Ransomware crews have been operating out of Russia for years, with great effect on our schools, on our state and local government agencies, on our health care facilities," he said. "They have effectively the tacit approval of the Russian government, and it has to end."

A lot of the infrastructure we rely on is privately owned.

I am struck in CNN's reports at the bright line between Colonial Pipeline, the private company carrying fuel through the pipeline, and the US, whose infrastructure depends on it.

The tidbit in Liptak's story that caught my eye is that Colonial Pipeline has not asked the government for help.

"This weekend's events put the spotlight on the fact that our nation's critical infrastructure is largely owned and operated by private sector companies," said Elizabeth Sherwood-Randall, the White House homeland security adviser. "When those companies are attacked, they serve as the first line of defense and we depend on the effectiveness of their defenses."

Anne Neuberger, the top official responsible for cybersecurity on the National Security Council, said Colonial Pipeline had not asked for "cyber-support" from the federal government but that federal officials were ready and "standing by" to provide assistance if asked.

Neuberger would also not say if Colonial Pipeline had paid ransom, but noted that companies are in a "difficult situation."

Fact check: Viral image of plastic bags filled with gas is from 2019 .
An image claiming to show gas-filled plastic bags amid the shutdown of the Colonial Pipeline was actually taken in 2019 in Mexico.The 5,500-mile Colonial Pipeline, which delivers about 45% of fuel for the East Coast, shut down on May 7 following a ransomware attack by a hacking group called DarkSide. Pipeline operations resumed on May 12.

usr: 2
This is interesting!