Ransomware Attack Shuts Down American Fuel Pipeline - Page 5 - Politics Forum.org | PoFo

Wandering the information superhighway, he came upon the last refuge of civilization, PoFo, the only forum on the internet ...

Talk about what you've seen in the news today.

Moderator: PoFo Today's News Mods

#15172350
@B0ycey

I don't know the risk assessment of Colonial Oil operating online versus operating offline. Is it possible for them to operate offline and still conduct their business efficiently? Or, if they haven't already, will they eventually HAVE to go online again to operate their business efficiently? If they do HAVE to go online, they are going to have to make some serious investments in cyber security and hire some good analysts to man their Security Operations Center. If they don't, they will become a victim again and I am sure their will be calls for the U.S. government to intervene and regulate these companies to make sure they make the required investments in cyber security given they operate critical infrastructure. This attack also highlights how vulnerable some of our critical infrastructure is to attack. That's very serious and pretty scary. I hope this is something the U.S. government is taking seriously and paying attention and is not ignoring or sweeping under the rug.
Last edited by Politics_Observer on 14 May 2021 12:37, edited 1 time in total.
#15172353
Politics_Observer wrote:@B0ycey

I don't know the risk assessment of Colonial Oil operating online versus operating offline. Is it possible for them to operate offline and still conduct their business efficiently? Or, if they haven't already, will they eventually HAVE to go online again to operate their business efficiently? If they do HAVE to go online, they are going to have to make some serious investments in cyber security and hire some good analysts to man their Security Operations Center. If they don't, they will become a victim again and I am sure their will be calls for the U.S. government to intervene and regulate these companies to make sure they make the required investments in cyber security given they operate critical infrastructure. This attack also highlights how vulnerable some of our critical infrastructure is to attack. That's very serious and pretty scary.


I don't know whether being offline is sustainable, I just know they are currently operating offline. And yes they will (and should) spend more money on cybersecurity given the risk and being a likely target, as many hackers will consider them pray now given the havoc that took place. Also, I have never understood why we have infrastructure that is on the same network as the WWW given they could just create a network to separate them from the hacking risk. But perhaps there is more to that than just my assumption. :hmm:
#15172355
@B0ycey

Yeah, they could create a more isolated network. However, using a more isolated network could prove to be less convenient for their customers. It could help improve their security but in security nothing is ever 100% secure. Anytime you add more security, the trade off is convenience. A private company would have to weigh the business costs of offering less convenience to customers versus the probable business costs of not using that option to better secure themselves from network attack. However, the consequences of a compromise is very high as we have seen in this case.

In this case, we were fortunate to have been dealing with a criminal gang instead of a national government. Of course, if we were dealing with a national government, that would invite a retaliatory response from the U.S. government too though, which might deter a national government from starting a cyber war. However, it's still important that critical infrastructure be at least regulated heavily by the U.S. government and impose fines and strict regulation on them to ensure they have the proper cyber security assets and expertise in place to prevent such a high consequence compromise from happening again.

This doesn't just effect Colonial Oil and their business. It effects the entire United States when they fail to properly invest in cyber security. So, the U.S. government has a duty and responsibility to step and regulate Colonial Oil to ensure they are investing properly in cyber security assets and personal with cyber security expertise. I suspect Colonial Oil won't like it, but my attitude is "well too damn bad." The U.S. government does owe a duty to the American people to protect our economy.
#15172358
Politics_Observer wrote:@B0ycey

Yeah, they could create a more isolated network. However, using a more isolated network could prove to be less convenient for their customers. It could help improve their security but in security nothing is ever 100% secure. Anytime you add more security, the trade off is convenience. A private company would have to weigh the business costs of offering less convenience to customers versus the probable business costs of not using that option to better secure themselves from network attack. However, the consequences of a compromise is very high as we have seen in this case. .


Which customers are you mentioning here given they operate a pipeline? Besides, I am not saying that Colonial Oil would not be connected to the same network as the WWW but that operations that caused all this wouldn't be.
#15172360
@B0ycey

I don't know who Colonial Pipeline's customers are. You have to ask them. I don't own and operate their business. But they are a business and a business has customers. Creating a more isolated network does create an inconvenience for customers even though it would help make their network more secure. There is a trade off that happens. The more security measures you implement, the less convenient things are. Typically, customers of private business dislike inconvenience. So, those are things a business has to weigh in deciding whether they are willing to accept some risks instead of applying security measures. They also have to weigh how high the consequences are if a compromise or a successful breach of their business happens when making decisions as to what risks they are willing to accept. The higher the consequences of a breach, the more security measures a business should be willing to take.

In addition, no matter how many security measures you implement, so long as you are online, you are taking some risk. Security is not a destination but an every day process. You also have to bear in mind that it's not a question of if you are compromised, but when. So, another aspect to cyber security is having a top notch Cyber Security Incident Response Team in place to immediately respond to a breach and contain the compromise as quickly as possible before too much damage is done by the compromise or threat actor. That means, the business or organization has to have cyber security expertise and analysts on hand to immediately detect an attack and respond to it, bringing in the Cyber Security Incident Response Team immediately if necessary to contain the compromise or threat actor before it's too late.
#15172367
Unthinking Majority wrote:What are the odds that this was a cyber attack covertly orchestrated by the Russia or Chinese govs to test the Biden admin?

The Russians already tested Biden's military resolve in eastern Ukraine the moment the snow melted in the spring in eastern Russia and tanks were able to roll.

Maybe it was a private criminal group. Either way this is alarming that vital infrastructure to the US economy and military was able to be co-opted by hackers with malicious intent.


Maybe. They can test away if they wish. They are playing with fire, and will get burned. As others have noted, surely we are doing things in secret to them too. We just don't have the inferiority complex that those nations have, so we don't have to make a show of it.

The mistake people seem to always make about America, is that America has a history and culture of being a slow/lazy/late when it matters, but when push comes to shove, America unifies and mobilizes like no one else. We don't need an authoritarian shithole government like they do in Russia/China to force us into it either. America is a sleeping dragon.

I would be the first to volunteer if the government needs to escalate and puts out a call for people to engage in cyber warfare on those fuckers. (Cyber) war on all those fuckers. I have no qualms using my skills (to any capacity that's possible, since I'm not a hacker lol) to disrupt those asshats. They can keep poking the hornets nest.... Wait, are we a dragon or hornets nest? :?:

I'm being serious.

Now to not be serious.
USA! USA! USA! :lol:
#15172382
Goranhammer wrote:Yeah, the last thing we need is to hear the words Reagan warned us about: someone coming along, saying "I'm from the government and I'm here to help".


It's not what America (i.e. the govenrmnet) can do for you, but what you can do for your fellow Americans?
#15172424
We need Battlestar Galactica technology:

the computer systems were neither networked nor integrated during these refits due to the fears of its commander, William Adama. Due to this lack of network integration at the time of the Cylon attack, Galactica was unaffected by the infiltration program used by the Cylons to disable Colonial vessels and defense systems, using the Command Navigation Program (CNP), developed by Dr. Gaius Baltar and subverted by Cylon operative Number Six as a back door into such systems.

https://scifi.stackexchange.com/questions/2795/why-is-there-a-lot-of-low-tech-in-battlestar-galactica#
#15172475
Well it looks like Darkside's Darkweb site has been taken down though nobody knows if it was from any sort of law enforcement agency, if Darkside did themselves or if it was hacked by U.S. agencies and shut down via a hack from any specific U.S. agency.

Geneva Sands and Natasha Bertrand of CNN wrote:The ransomware extortion website used by the group responsible for the cyberattack on Colonial Pipeline has gone offline, according to cybersecurity experts and a screenshot viewed by CNN.

The site previously housed announcements from the criminal ransomware group, identified as DarkSide, as well as files of stolen data from other ransomware incidents, screenshots showed. It now shows a blank page with "Not Found" up top.

The FBI confirmed earlier this week that DarkSide ransomware was responsible for the compromise of Colonial Pipeline networks, setting off a shutdown of pipeline operations that led to fuel shortages and massive lines at gas stations along the southern east coast.

The group's site went offline sometime Thursday and was still unavailable as of Friday, leading to speculation that it could have been taken down by law enforcement or that DarkSide itself took it down.

In an announcement posted late Thursday night that was reviewed by the cybersecurity firms Intel 471 and Recorded Future and translated, the group wrote: "A couple of hours ago, we lost access to the public part of our infrastructure," including its blog and payment server.

The DarkSide statement also said "the hosting support service doesn't provide any information except 'at the request of law enforcement authorities.' In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account," according to Intel 471.

Mandiant Threat Intelligence, the cybersecurity firm that has been working with Colonial Pipeline to get its operations back up and running, said the statement could be an "exit scam" by DarkSide.

"The post cited law enforcement pressure and pressure from the United States for this decision," said Kimberly Goody, Mandiant's senior manager for financial crime analysis. "We have not independently validated these claims and there is some speculation by other actors that this could be an exit scam."
Two cybersecurity experts also cautioned that if the site was seized by US authorities, it would likely have a notice of seizure on the site with law enforcement logos.

But Dave Kennedy, a former National Security Agency hacker who now serves as president and CEO of the information security firm TrustedSec, said that depends on where the group's servers resided.

"If it was in a country we have a relationship with, the US government would work in conjunction with the other foreign government to get the servers taken offline," he said. "If the countries where the servers reside are in more of a hostile country, for example Russia, this is where you would see offensive cyber operations occur where hacking the systems and shutting them down would be an available option."

Kennedy said he believes the site being offline so suddenly bears the hallmarks of a deliberate takedown. "With the sharp focus on Ransomware groups now by the Biden administration and law enforcement, ransomware groups are shaking in their boots," he said. He noted, however, that DarkSide is still not completely shut down because the individuals behind it are still at large.

President Joe Biden said Thursday that the US was going to pursue measures to disrupt the ability of the criminals behind the attack to operate.

"We're also going to pursue a measure to disrupt their ability to operate. And our Justice Department has launched a new task force dedicated to prosecuting ransomware hackers to the full extent of the law," he said.

Colonial Pipeline paid ransom to DarkSide, two sources familiar with the matter told CNN on Thursday. The sources did not say how much the company paid, but DarkSide had demanded nearly $5 million, two other sources familiar with the incident said.

DarkSide is "ransomware-as-a-service" operation, meaning that the developers of the ransomware receive a share of the proceeds from other cybercriminal actors, known as "affiliates," who deploy it.

Officials and cybersecurity experts believe DarkSide operates out of Russia or Eastern Europe, based on the way it targets victims.


https://www.cnn.com/2021/05/14/politics ... index.html
#15172520
@Goranhammer

We don't what's really going on. Darkside might have gotten frightened and took their website off the darkweb once they realized they just made themselves a target for the U.S. Government. Or, the NSA might have used it's own hackers to take down their website. Or the Russian government might have taken it down given that the criminal gang likely was operating on their territory. Hard to say what is really going on.
#15172535
Politics_Observer wrote:@Goranhammer

We don't what's really going on. Darkside might have gotten frightened and took their website off the darkweb once they realized they just made themselves a target for the U.S. Government. Or, the NSA might have used it's own hackers to take down their website. Or the Russian government might have taken it down given that the criminal gang likely was operating on their territory. Hard to say what is really going on.


Of those three, I can tell you one that almost assuredly didn't happen...and one that DAMN sure didn't happen.

The War Machine and Bankers that arm and profit fr[…]

Russia-Ukraine War 2022

^ I shared the Sachs and Meirsheimer videos in her[…]

You mean that hospital that was in fact hit by a r[…]

Hmmm, it the Ukraine aid package is all over mains[…]