Cyberattack Forces a Shutdown of a Top U.S. Pipeline The operator, Colonial Pipeline, said it had halted systems for its 5,500 miles of pipeline after being hit by a ransomware attack. [nytimes.com...]
engine
7:49 am on May 11, 2021 (gmt 0)
If there's one thing this will bring, it'll be a renewed effort into protecting infrastructure.
lammert
9:37 am on May 11, 2021 (gmt 0)
Railroad companies often have their own communication-lines near the rail tracks. One would think a pipe line company would use the same approach, having their own data net buried six feet deep, without the necessity to use a public network for communication between their crucial control systems.
engine
10:19 am on May 11, 2021 (gmt 0)
without the necessity to use a public network for communication between their crucial control systems.
I guess I come from a time pre-Internet and one question I asked when it started to take off and I was involved, was, where is that data going to get from one end to the other? It was clear to me that it is not secure. That has not changed. They should not be using the Internet for all kinds of reasons, imho.
engine
9:29 am on May 13, 2021 (gmt 0)
The company announced it's restarting operations.
There was a sign of relief late Wednesday when the operator of the pipeline, which transports gasoline, diesel and jet fuel from Texas to New Jersey, said it had “initiated the restart” of operations. But the company, Colonial Pipeline, said supplies would take several days to return to normal.
What I understand is that the crackers got into the billing department. And there in lies the rub... and the tale of two stories:
Story 1: the company shut down the pipelines as a caution against cyber terrorist damage.
Story 2: the company shut down the pipelines as they no longer knew who to bill what for what. Spin to 1.
Conspiracy aside some intriguing bits: Darkside appears to be an affiliate operation that supplies targets, means, and methodology.
It’s a two factor ransom attack: (1) they charge for releasing the victims encrypted data and (2) for deleting extracted data.
The crackers downloaded 100+ GB of data over a couple of hours to (for some strange reason) US located servers. FBI et al were able to seize the servers before data was sent on.
Darkside made statement that are criminals not terrorists and regretted pipeline was shutdown. Further that would speak to affiliates so wouldn’t happen again. Just like a ‘real’ corporation!
Krebs has interplay between another target and Darkside, negotiating down from 30 million ask to 11 million paid...
Oh... and as a cherry on top of their criminal antics they are selling prior knowledge of targets for all you short sellers out there...
