Ransomware Attack Shuts Down American Fuel Pipeline - Politics Forum.org | PoFo

Wandering the information superhighway, he came upon the last refuge of civilization, PoFo, the only forum on the internet ...

Talk about what you've seen in the news today.

Moderator: PoFo Today's News Mods

#15171748
Ransomware Cyber Attack on Colonial Fuel Pipeline

I think this article lays bare two important things the United States must start taking seriously:

  • Cybersecurity for the nation
  • The need to upgrade our aging infrastructure

I know the democrats want to address these issues. However, I am curious what kind of plan do the republicans have to address these issues? Anybody? Another question I have for republicans is if they are still in denial about the Russian state hacking of our elections and how they feel about the fact this hack appears to have been done by a Russian criminal group (though not the Russian state this time)?

Will republicans be in denial about this too and be negligent in defending our nation as well as ensure it has the infrastructure it needs to function and operate? Will the republicans remain in denial about these very serious threats to the defense of our nation as well as our economy? Do they even have a real plan?

Zachary Cohen, Geneva Sands and Matt Egan of CNN wrote:One of the largest US fuel pipelines remained largely paralyzed Monday after a ransomware cyberattack forced the temporary shutdown of all operations late last week -- an incident that laid bare vulnerabilities in the country's aging energy infrastructure.

The victim of the attack, Colonial Pipeline is a company that transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor.

Over the weekend, the pipeline operator began working to develop a restart plan for its pipeline system, and was able to start operations for some of its ancillary lines. On Monday, Colonial acknowledged it will take time to restore all of its systems and said hopes to substantially restore operational service by the end of the week.

Here's what to know about the attack:

Ransomware locks out the rightful user of a computer or computer network and holds it hostage until the victim pays a fee. Ransomware gangs have also threatened to leak sensitive information in order to get victims to meet their demands.

The Colonial Pipeline attack comes amid rising concerns over the cybersecurity vulnerabilities in America's critical infrastructure following a spate of recent incidents, and after the Biden administration last month launched an effort to beef up cybersecurity in the nation's power grid, calling for industry leaders to install technologies that could thwart attacks on the electricity supply.

It follows a string of other ransomware attacks and other high-profile and deeply damaging cyber breaches, including the SolarWinds related supply chain breach and the Microsoft Exchange Server hack -- both tied to nation state actors.

While the latest incident is believed to be tied to a criminal group, it underscores the cybersecurity risk to critical infrastructure and threatens to impact gas prices ahead of the summer travel season.

Senior White House officials repeatedly said Monday their roles in addressing the latest ransomware incident were limited because Colonial Pipeline is a private company, even though it controls the gasoline supply to most of the eastern US.

"This weekend's events put the spotlight on the fact that our nation's critical infrastructure is largely owned and operated by private sector companies," said Elizabeth Sherwood-Randall, the White House domestic security adviser. "When those companies are attacked, they serve as the first line of defense and we depend on the effectiveness of their defenses."

Anne Neuberger, the top official responsible for cybersecurity on the National Security Council, said Colonial Pipeline had not asked for "cyber-support" from the federal government but that federal officials were ready and "standing by" to provide assistance if asked.

The FBI confirmed Monday that a criminal group originating from Russia, named "DarkSide," is responsible for the Colonial pipeline cyberattack.

"The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation," the FBI said in a statement.


https://www.cnn.com/2021/05/10/politics ... index.html
Last edited by Politics_Observer on 11 May 2021 00:22, edited 1 time in total.
#15171757
@Goranhammer

They need to make sure that the compromise is first contained so that it doesn't spread further to other systems. It's not going to do you any good to have backups if that compromise is left uncontained and continues to spread to other systems. Then get digital forensic copies of all the effected systems volatile and non-volatile memory. Then they need understand how that breach occurred and conduct an investigation that way they can shore up weaknesses in their defenses (that is after scrubbing infected systems if that is even possible and being sure they are no longer a threat because if they are, they can start to spread that malware again). What sort of exploit was used?

Or was it a social engineering attack exploiting human weakness that enabled the attack (my bet was the hackers relied on social engineering to penetrate into the company's systems to plant the ransomware but I could be wrong)? Was this malware already known? Or was this custom built malware that could evade traditional anti-malware scanners? Can the attackers be traced? If so, who specifically are they (this is so the justice department can indict them and put out a warrant for their arrest, which could effectively make it difficult for these attackers to travel outside of Russia)? Did this company have a Security Incident Response Team on hand? Was this compromise detected immediately or did it go undetected for some time (the longer it goes undetected the more damage this breach could have done)? They might have done more than just plant ransomware for all we know.

Edit:
Here, check this out @Goranhammer

Maria Korolov of CSO wrote:Cyber extortionists know that backups are their number one enemy and are adapting their ransomware to look for them.

"Several ransomware families destroy all Shadow Copy and restore point data on Windows systems," said Noah Dunker, director of security labs at RiskAnalytics "Many ransomware families target all attached drives, and happen to encrypt the backups as well, though not likely by design."

Any file system that's attached to an infected machine is potentially vulnerable, as well as attached external hard drives and plugged-in USB sticks.


Maria Korolov of CSO wrote:It's not just about the data

If losing files and getting locked out of mission-critical systems wasn't bad enough, ransomware might be doing even more damage.

It might be covering up other attacks.

"Advanced hackers are using ransomware as a secondary infection or to counter incident response," said Tom Kellermann, CEO at Strategic Cyber Ventures.

And they may even hijack a company's communications or website to spread the ransomware further.


https://www.csoonline.com/article/30753 ... mware.html

See a lot of hackers have just as much knowledge and in many cases more knowledge IT wise than the system administrators running the targeted network.
#15171760
Politics_Observer wrote:See a lot of hackers have just as much knowledge and in many cases more knowledge IT wise than the system administrators running the targeted network.


Oh I know they do. They essentially prey on the stupid. Like in your article:

as well as attached external hard drives and plugged-in USB sticks


I mean, damn. That's just a fool move.

On the silver lining side, this could create a niche market for white-hats to go around and consult major corporations for a pretty nice fee. It's always existed, but demand may go up.

Might even be able to get someone who was on the wrong side of the hack, once upon a time. Makes for an interesting story. Reminds me of that movie Catch Me If You Can, arguably DiCaprio's finest, in my book.
#15171764
@Goranhammer

I don't know if companies or organizations would be eager to hire a former black hat. They might be willing to hire a white hat for consulting or to conduct penetration testing or red team/blue team exercises. There is definitely plenty of money to be made, that's for sure. Most companies that hire this sort of talent probably has already been a victim of a hack. It's like home security systems. The people who are buying home security systems are those who have already suffered a break in not those who haven't.
#15171768
Politics_Observer wrote:I don't know if companies or organizations would be eager to hire a former black hat.


Every sinner has a future.

We're always complaining about how ex-cons can never get a job. This would be for the people who want to have faith in second chances. It's definitely a risk, that's for sure. But you have to figure that the person who knows how to stop something the best is the one who has done it before.

Besides, there can always be safeguards in place to make sure that the black-turned-white has limited access to sensitive data until trust is established.

C'mon, who doesn't love a comeback story?
#15171786
Goranhammer wrote:Or....just perform daily backups.

This way, if they hit, you lose a day's data, tops.


From my understanding (so likely wrong) is they were unable to operate their computer network which I guess means they could not operate the gas pipeline. Backing up data, which I can only assume gets done daily anyway, doesn't mean much if you cannot operate which is the whole point of the pipeline.

I think people underestimate national cyber security given there is no causalities. It should be treated with the same respect as self defence warfare given it should be seen as an attack against the US - despite it being a private company. And yes, if Americas cyber infrastructure isn't up to date, they need to invest in it, or certainly have better standards if they insist on the private sector operating important infrastructure (I guess this is down to profits again).

Also, what next for cyber security in the age of quantum supremacy? Perhaps I am being naive on the difficulties and maybe totally wrong here given I don't know much on cyber security, but I have never understood why national security infrastructure and secrets are on the same bloody telecom network as the World wide Web as that invites hacking. Surely you can create a new telecom network that communicates only within specific sectors of the US that need the data as as such defecto locks out anyone from outside the US from entry to that data.
#15171799
@B0ycey

You have to consider that this cyber attack was an attack on the life blood of the U.S. economy. What if this attack was much more successful and broad? What would the implications for the U.S. economy be? What about the possibility that future hacks could effect the global economy?

@Goranhammer

So, I am interested, what is the republican plan to deal with these latest hacks coming out Russia? Is it to pretend it's all a hoax like they did with the 2016 Russia hacks? Pretend these hacks don't exist or to encourage more hacks out of Russia like Trump did before? Or to actually do something about it and stop these hacks coming out of Russia?

Whose side are the republicans on? You see, this is some of the consequences of republicans ignoring these hacks and pretending they don't exist and of Trump actually encouraging the Russians to hack. It could start directly effecting the lifeblood of our economy in a big way. That could effect your pocketbook Goran as well as the pocketbooks of other republicans. And I don't know about you, but I wouldn't want my pocketbook to be effected by something that is preventable such as updating our infrastructure and cyber security.
#15171800
Politics_Observer wrote:@B0ycey

You have to consider that this cyber attack was an attack on the life blood of the U.S. economy. What if this attack was much more successful and broad? What would the implications for the U.S. economy be? What about the possibility that future hacks could effect the global economy?

@Goranhammer

So, I am interested, what is the republican plan to deal with these latest hacks coming out Russia? Is it to pretend it's all a hoax like they did with the 2016 Russia hacks? Pretend these hacks don't exist or to encourage more hacks out of Russia like Trump did before? Or to actually do something about it and stop these hacks coming out of Russia?

Whose side are the republicans on? You see, this is some of the consequences of republicans ignoring these hacks and pretending they don't exist and of Trump actually encouraging the Russians to hack. It could start directly effecting the lifeblood of our economy in a big way. That could effect your pocketbook Goran as well as the pocketbooks of other republicans. And I don't know about you, but I wouldn't want my pocketbook to be effected by something that is preventable such as updating our infrastructure and cyber security.


Just to make the record clear, you do understand that I am not a Republican, correct? My voting record leans heavily Republican, but that's mainly out of a "lesser of two evils" scenario usually placed in front of me. Seeing as how I'm pro-choice, pro-SSM, as well as other pretty liberal social standpoints, I'd make a poor Republican by today's standards.

I personally think that cybersecurity is very important, but I feel that mega-rogues like Russia and China are the clear and present danger, and what they wish to do to us extends long beyond simple ransomware. Now these nations are probably the source of a lot of that, but I think it's more of individuals, rather than state-sponsored hacking.

My main hope is that America stop being the prey and start being the predator. We're too busy staying on the defensive that we forget to go for their throats. Treat the disease, not the symptoms.
#15171811
Somebody may have already said this, Putin is not just a dictator, he's also like a mob boss.

It is quite unlikely a major move like that happened without approval from the boss. Our security guys don't want to say that until they get to roughly 80% sure that's the way it went down.

But that's the way it went down.
#15171812
Unthinking Majority wrote:As a company called 'Colonial Pipeline', they may want to upgrade their company name along with their infrastructure.

I think 'Imperialist Bastards Pipeline' has more of a ring to it, don't you? :)
#15171814
@Goranhammer

So you are telling me you don't want to take ownership of your voting record given you stated your vote leans heavily republican but yet you don't consider yourself a republican. Do you find a personality cult that has a great disdain for freedom and democracy as well as the national interests of the United States to be "the lesser of two evils?"

The republicans today are not a party but a personality cult that has a great disdain for freedom, democracy and the national interests of the United States and the American people. Heck, the republicans don't even believe in free trade in a global economy given the trade wars and tariffs Trump has levied during his time in office.

These republicans don't get into power without somebody voting for them and allowing this personality cult that has a disdain for American freedom and democracy to be in power has now costed us. The Russians think it's OK now to attack the life blood of our economy with cyber attacks.

And as @late has pointed out, Putin is not just a dictator, but a criminal mob boss and I agree with late, these criminal groups don't operate in Russia unless they have the OK and approval of Putin. So let's not try to white wash the reality here. Russia shares some responsibility for this.

Gas prices at the pump can start going up if these cyber attacks on our fuel pipelines are left unchecked and that will certainly pick your pocket as well as the pockets of those who chose this when they voted republican. Those who voted republican knew that they were voting for people (and a personality cult) who denied these hacks in the past were coming out of Russia.
#15171836
Politics_Observer wrote:@Goranhammer

So you are telling me you don't want to take ownership of your voting record given you stated your vote leans heavily republican but yet you don't consider yourself a republican. Do you find a personality cult that has a great disdain for freedom and democracy as well as the national interests of the United States to be "the lesser of two evils?"

The republicans today are not a party but a personality cult that has a great disdain for freedom, democracy and the national interests of the United States and the American people. Heck, the republicans don't even believe in free trade in a global economy given the trade wars and tariffs Trump has levied during his time in office.

These republicans don't get into power without somebody voting for them and allowing this personality cult that has a disdain for American freedom and democracy to be in power has now costed us. The Russians think it's OK now to attack the life blood of our economy with cyber attacks.


Well, push for another solution then. I'm a libertarian by nature (less so with today's idiot populace), but your view of Republicans is fine. You should see how I view the other side. Every time immigrants bleed the system, that's on you Democrat voters. Every time a criminal is killing someone on the street and not in prison, that's on you Democrat voters. Every time a building burns or a store is looted for "social justice", that's on you Democrat voters.

If you want to assign blame by proxy, I have no problem going along with it.

It should also be known that Biden is very, very deep into Xi's and China's pocket, so let's not act like international complacency to bad actors is a one-side only fight.
#15171837
Goranhammer wrote:
Well, push for another solution then. I'm a libertarian by nature (less so with today's idiot populace), but your view of Republicans is fine. You should see how I view the other side. Every time immigrants bleed the system, that's on you Democrat voters. Every time a criminal is killing someone on the street and not in prison, that's on you Democrat voters. Every time a building burns or a store is looted for "social justice", that's on you Democrat voters.

If you want to assign blame by proxy, I have no problem going along with it.

It should also be known that Biden is very, very deep into Xi's and China's pocket, so let's not act like international complacency to bad actors is a one-side only fight.


I fail to see this "Biden in the pocket of Xi JIngping" stuff conservatives like to say. Last I checked, Biden openly said that the next battle front is basically Democracy/Freedom, versus Autocracy/Authoritarianism. He made specific references to China. His infrastructure bill actively pushes for moving our technology supply chain away from China (he even openly stated that silicon/chips is infrastructure, and critical to national security, thus why those are included in the bill). How is Biden in China's pocket if he's doing these things. How is he in China's pocket if he's trying to form an economic front with other nations to counter China? :?:

How is he in their pocket while actively pushing for decoupling away from China? How is he in their pocket, by entertaining the idea of having more direct relations with Taiwan (bad idea, at least for now)? :?: These are all things that rub China the wrong way. How is he in their pocket by reiterating his commitment to help/defend allies in the pacific? :?:

Just because he's not brash and beating his chest like Trumpsky did, doesn't mean he's in China's pocket. Relations with the CCP are tricky, it's not going to be won by being a brute. In fact, maneuvering a little more quietly and with less bravado would likely be smarter here.
#15171840
@Rancid @Goranhammer

It certainly doesn't sound like backups would have worked in this specific case, which is no surprise to me. This is why it's important to first contain a compromise and stop it from spreading (and hopefully it is immediately detected before the compromise spreads too much). Darkside is the group behind this fuel pipeline hack.

Zachary Cohen and Geneva Sands of CNN wrote:DarkSide is known to be based in Eastern Europe and carries out "double extortion" ransomware attacks, which is where they will both encrypt a victim's data, and then also steal some of the data and threaten to release it to cause reputational damage if the victim doesn't pay, he said.

Therefore, even if a victim has strong backups for their data, that allows them to restore the data that was encrypted, the bad actor still has another way to extort the victim, he said.
"There has been some discussion that perhaps this actor tries to refrain from attacking hospitals, schools and the like. But certainly, they're seen as a pernicious ransomware group that has caused significant harm to its victims, both in the US and elsewhere," Goldstein said.


https://www.cnn.com/2021/05/11/politics ... index.html
#15171841
I remember I got a fake phishing where they said they had compromising videos and photos of me watching porn or something.

If that ever happened to me in real life, I'd say go ahead and release it. :lol: I think it would say a lot more about the people seeking out that kind of video on me, than me myself. :lol:
#15171842
I just get phone calls saying my social insurance number is associated with crimes and I need to give my financial info to the Department of Justice (which does not exist in Canada).

Anyway, this attack seems to be financially motivated as opposed to politics.
#15171844
@Pants-of-dog

Yeah, well their financial motivation can cost you dearly at the fuel pump when you go to gas up. This can happen in Canada too. Canada isn't immune from these cyber attacks either. Here is this:

Matt Egan of CNN wrote:American drivers on the East Coast are filling up aggressively following a ransomware attack that shut down the Colonial Pipeline, a critical artery for gasoline.

US gasoline demand jumped 20% on Monday compared with the prior week, according to GasBuddy, an app that tracks fuel prices and demand.
In just five states served by Colonial Pipeline -- Georgia, Florida, South Carolina, North Carolina and Virginia -- demand was up by a collective 40.1%, GasBuddy said.

"I got scared that I could not go to work or take my daughters to school," Florida resident Linderly Bedoya told CNN on Tuesday. "All the gas stations in my area were without gas and when I finally found one I had to stay an hour in line and I had to fill up with the premium unleaded."

Bedoya posted a photo on Twitter of a sign from a gas station in Tallahassee that warns drivers only premium fuel is available.

In Georgia, Governor Brian Kemp signed an executive order suspending the state's gas tax to help drivers cope with higher prices caused by the Colonial Pipeline hack. Kemp's order also allows for increased weight limits for trucks transporting fuel and prohibits price gouging.

Meanwhile, North Carolina Governor Roy Cooper declared a state of emergency Monday evening, a move that allowed him to temporarily suspend some fuel regulations in a bid to ensure adequate supply.

The Environmental Protection Agency on Tuesday issued an emergency fuel waiver aimed at easing fuel shortages caused by the Colonial Pipeline shutdown. EPA Administrator Michael Regan cited "extreme and unusual fuel supply circumstances" for waiving certain federal requirements for fuels sold in the District of Columbia, Maryland, Pennsylvania and Virginia. The waiver will continue through May 18.

The Colonial Pipeline, which supplies nearly half the diesel and gasoline to the East Coast, said Monday it hopes to be substantially operational by the end of the week after a hack that authorities believe was carried out by a criminal group called DarkSide.

"This is a hugely important part of our energy infrastructure on the East Coast," Neil Chatterjee, a commissioner at the Federal Energy Regulatory Commission, told CNN Business on Monday. "These pipelines are now, in many ways, on the front lines of our national defense."


https://www.cnn.com/2021/05/11/business ... index.html

I live in Georgia, so this hack is probably going to cost me when I go fill up my car at the gas pump today. Literally, it probably will, like no joke. They even got the governor of North Carolina declaring a state of emergency.
Last edited by Politics_Observer on 11 May 2021 17:05, edited 3 times in total.
#15171845
Pants-of-dog wrote:Anyway, this attack seems to be financially motivated as opposed to politics.


Yea, the gang basically said they just want money, and didn't intend to cause societal disruption with their malware.

Still, this highlights two things:

- Your intent doesn't matter. If your "light" crime, ends up creating a "heavier" crime, you're fucked. People that commit any kind of crime need to keep this in mind.
- How vulnerable infrastructure is in general. Even with all of these issues, it seems like governments around the world are not interested in making infrastructure more robust to attack, to natural disaster, to whatever.

Image

Crimea was part of Ukraine. Now it is part of Rus[…]

Florida Bans CRT in Schools

It fosters a racist attitude against the hiring o[…]

RIP John McAfee....

Is there no justice in this world?!? Now he’ll nev[…]

You don't understand. The thing we need to be ang[…]