Update: Colonial Pipeline Co. is putting its system back on line after reports of hoarding behavior, supply shortages, and rising gas prices in the southeast. Bloomberg reported that the company paid nearly $5 million in cyrptocurrency as ransom to eastern European hackers. The company generated $1.4 billion in revenue last year.
More: Colonial Pipeline's four main lines to the northeast remain closed after the ransomeware attack
launched by a gang known as DarkSide on Friday. Officials scrambled to contain the damage to northeastern markets by allowing emergency transportation of fuels by road. Despite the emergency declaration relaxing rules, it will not be enough to replace lost capacity. DarkSide released a statement saying it was "apolitical", and only trying to "make money". A London cyber security firm says the organization operates as a business, licensing encryption software it develops to "affiliates" who pay a percentage of their extortion gains. DarkSide is not adverse to publicity about its activities. When it developed improved encryption software, it invited journalists in March to review the product. The gang even has a website where it lists all of the companies it has hacked, and those types of companies it will refrain from attacking.
{13.05.21}The security firm went on to tell BBC that the pandemic aided DarkSide, when engineers with access to the company's data work from home. It could have bought account login details for remote desktop software such as TeamViewer and Microsoft Remote Desktop. There are so-called "access brokers" who steal login details on active users and sell them to the highest bidder. According to the security firm, it is likely that DarkSide is based in a Russian-speaking country, as it avoids attacking companies in post-Soviet states including Russia, Ukraine, Belarus, Georgia, Armenia, Moldova, Azerbaijan, Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan. Joe Biden will be meeting with Valdimir Putin soon. Undoubtedly the issue of criminal cyber attacks, which is becoming a major on-line problem for infrastructure firms, will be discussed.
{07.05.21}For the first time in US history a major energy infrastructure system was shut down by a cyber attack. The Friday attack on Colonial Pipeline, which supplies half of the East Coast's fuel supply through 5,500 miles of pipe, affected its IT network. The resulting shut down is expected to drive fuel prices above $3.00/gal. in the southeast. Officials say ransomware was used by a gang known as "Darkside". The group depicts itself as a sort of "Robin Hood" organization that targets deep corporate pockets and donates to charities via bitcoin. "I’m unaware anything approaching this magnitude in the U.S.," said Bob McNally, president of energy consultancy Rapidan Energy, who served on the National Security Council during the George W. Bush administration. If so, the strike represents an escalation of attacks on vital infrastructure in the US. It also reveals the vulnerability of national infrastructure owned and operated by private companies. Imports through eastern ports should buffer the outage at Colonial Pipeline, which makes deliveries to terminals every five days. If the outage is prolonged, shortages may occur as customers begin to hoard. What the demand for ransom is, has not been made public.
Colonial Pipeline is the largest refined products pipeline in the United States, transporting 2.5 million barrels per day, and about 45 percent of all fuel consumed on the East Coast, including gasoline, diesel, jet fuel and heating oil. The attack will add pressure on congressional negotiators who are debating Biden's $2+ trillion infrastructure plan, which so far lacks funds for improving cyber security. Cyber security is clearly lacking at some facilities: last year a leak that spilled 1.2 million gallons of gasoline into a nature reserve in Charlotte, North Carolina went undetected for a week. In February, hackers busted into a Tampa, FL water treatment facility and attmepted to raise the level of sodium hydroxide, lye, used to purify water. Russian GRU hackers have played havoc with Ukraine's computer systems attacking banks, airports, energy firms and government officials. Fortunately, that has not yet happened in the US. But you do not have to be a leftist hot-head to imagine the worse.