HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Biden declares state of e...

Sun May 9, 2021, 09:17 PM

Biden declares state of emergency over fuel cyber-attack

Source: BBC

The US government declared a state of emergency on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack.

The Colonial Pipeline carries 2.5 million barrels a day - 45% of the East Coast's supply of diesel, gasoline and jet fuel.

It was completely knocked offline by a cyber-criminal gang on Friday and is still working to restore service.

The emergency status enables fuel to be transported by road.

Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer.

Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial's network on Thursday and took almost 100GB of data hostage.

After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet.



Read more: https://www.bbc.com/news/business-57050690



More at link

42 replies, 4367 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 42 replies Author Time Post
Reply Biden declares state of emergency over fuel cyber-attack (Original post)
TreasonousBastard May 2021 OP
HUAJIAO May 2021 #1
catrose May 2021 #2
LineLineReply !
JudyM May 2021 #15
Bayard May 2021 #29
jdadd May 2021 #3
Miguelito Loveless May 2021 #4
speak easy May 2021 #5
Miguelito Loveless May 2021 #6
speak easy May 2021 #8
Miguelito Loveless May 2021 #13
getagrip_already May 2021 #27
Miguelito Loveless May 2021 #31
getagrip_already May 2021 #34
Miguelito Loveless May 2021 #36
getagrip_already May 2021 #37
Miguelito Loveless May 2021 #41
gab13by13 May 2021 #7
NQAS May 2021 #9
NCjack May 2021 #22
ancianita May 2021 #10
getagrip_already May 2021 #28
ancianita May 2021 #30
getagrip_already May 2021 #33
ancianita May 2021 #35
getagrip_already May 2021 #38
Claire Oh Nette May 2021 #11
AverageOldGuy May 2021 #12
BobTheSubgenius May 2021 #14
ffr May 2021 #16
Hekate May 2021 #17
LittleGirl May 2021 #18
ansible May 2021 #19
msfiddlestix May 2021 #24
we can do it May 2021 #25
no_hypocrisy May 2021 #20
durablend May 2021 #21
NickB79 May 2021 #23
getagrip_already May 2021 #26
Calista241 May 2021 #32
ansible May 2021 #39
live love laugh May 2021 #40
drmeow May 2021 #42

Response to TreasonousBastard (Original post)

Sun May 9, 2021, 09:41 PM

1. Where is Lisbeth Salander when we need her?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to HUAJIAO (Reply #1)

Sun May 9, 2021, 10:17 PM

2. Truly

Reply to this post

Back to top Alert abuse Link here Permalink


Response to HUAJIAO (Reply #1)

Mon May 10, 2021, 12:13 AM

15. !

If only.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to HUAJIAO (Reply #1)

Mon May 10, 2021, 11:59 AM

29. Indeed

How can we not have someone of that caliber on our side?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Sun May 9, 2021, 10:19 PM

3. This wouldn't happen in the old days,

when people (paid Employees) ran things,rather than web connected technology!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Sun May 9, 2021, 10:21 PM

4. We warned folks for decades about this, and were ignored

We also warned the government NOT to engage in cyber warfare against other countries, and were ignored.

This is just the latest chicken come home to roost.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Miguelito Loveless (Reply #4)

Sun May 9, 2021, 10:44 PM

5. 'warned the government NOT to engage in cyber warfare'

because unilateral disarmament always works.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to speak easy (Reply #5)

Sun May 9, 2021, 10:48 PM

6. They fired the first shot with Stuxnet

and thus made us a target. You don't use a weapon against an enemy that you yourself are quite vulnerable to, especially one that is pretty cheap to deploy.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Miguelito Loveless (Reply #6)

Sun May 9, 2021, 10:55 PM

8. but not the 2009 attack on the DoD

that cost $100+ to repair.

I mean, really, can you seriously say the GRU Solarwinds attack was in retaliation for Stuxnet?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to speak easy (Reply #8)

Sun May 9, 2021, 11:47 PM

13. No. I am not.

I am saying that many of us in the IT community warned that it was unwise to launch such an attack since U.S. data infrastructure was quite vulnerable. By using the weapon first, we gave license for it to be used against us. We have started another arms race and it is the the people who will pay.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Miguelito Loveless (Reply #4)

Mon May 10, 2021, 11:37 AM

27. This wasn't cyber warfare - it was cyber-extortion

The goal is money, not political advantage.

And it has nothing to do with the wimpy warnings some in it made decades ago. Computer viruses were still running rampant before stuxnet.

Get over it. This has nothing to do with spy-vs-spy.

This is armed robbery. Nothing more. Nothing less.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to getagrip_already (Reply #27)

Mon May 10, 2021, 02:00 PM

31. Yes, computer viruses were a thing befopre stuxnet

I am an IT guy of several decades.

State sponsored attacks/extortion schemes were NOT a thing. And I hardly see the difference between an attack which simply takes out a target, and an attack that takes out a target, but you MIGHT be able to buy your way out of it. Also, these folks are not only taking the target offline, they are threatening to release massive amounts of private data as well, so a "two-fer".

These groups would have a hard time operating without state sponsorship at this level.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Miguelito Loveless (Reply #31)

Mon May 10, 2021, 02:11 PM

34. it is purely a financial play for these actors...

Are there political attacks as well? Sure, nk attacked disney for example. That was purely punitive.

But the attack against the pipeline is only financial.

Remember that the early viruses were neither political nor financial. They were largely just trying to cause damage with no real intent.

And it had nothing to do with stuxnet. Neither does this attack.

I've been in high tech a long time, since 1980, and I've seen a lot. I've held security clearances and been places some people only read about.

Stuxnet didn't cause anything that wasn't already happening, and the only reason you even know about it is the target leaked the info. It was going on long before that on multiple fronts. It didn't just leap out from a lab in VA.

I get the negative feelings to what goes on in spookyville, but it isn't the evil we have here..

Reply to this post

Back to top Alert abuse Link here Permalink


Response to getagrip_already (Reply #34)

Mon May 10, 2021, 02:28 PM

36. Motives hardly matter

as my point was these type of high volume operations cannot exist without government sanction. The money just helps defray budget costs and helps the gov't keep a cutout between them and the criminals.

Viruses were nuisances back in the day, with some bad actors with malicious intent. Ransomware is a different matter, but again, the motive is irrelevant. Intelligence services routinely ran blackmail schemes through criminal third parties, allowing the criminals to profit, while they obtained "useful" intelligence, and candidates for involuntary recruitment.

Stuxnet was weaponization of a computer virus against a sovereign state using Israeli intelligence as a surrogate so the US government could have plausible deniability. We opened the door to the practice and now we are on the receiving end with no moral high ground to bitch from.

If memory serves, Trump's Pentagon was discussing using cyber-attacks as a justification for a nuclear response. No way that could go wrong.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Miguelito Loveless (Reply #36)

Mon May 10, 2021, 03:07 PM

37. of course there is state sponsorship for some of these groups....

But that doesn't mean that would be any different if no guv had ever planned or conducted a cyber attack against another.

Many of these groups are not only self funding, they are extremely profitable for their sponsors. Oligarch's have multiple masters, but money is the leader among equals.

Of course if the circumstances warranted it, it would be a small effort for them to become weaponized. Which is why the genie is so far out of the bottle we need our own bigger, better genies.

Unilateral disarmament is not a workable strategy. No more so than disbanding the military cuz we felt good about it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to getagrip_already (Reply #37)

Mon May 10, 2021, 05:44 PM

41. I said nothing about "unbilateral disarmamnet"

What we advised back in the day was "DO NOT be the first to deploy this weapon". We let the genie out of the bottle, just as we did with nuclear weapons.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Sun May 9, 2021, 10:50 PM

7. Perfect excuse to raise the price of gas.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Sun May 9, 2021, 11:15 PM

9. Woulda coulda shoulda

The question is why they didn’t have safeguards in place?

Cost cutting for investor returns and exec bonuses?

Did they have backups and the backups for for the backups?

If state of emergency means USG resources, will the pipeline operator compensate? If not, sounds kind if socialism-ish.

What about systems for other critical services?

Of course it’s most important to get the systems back online, but these other questions need to be addressed.



Reply to this post

Back to top Alert abuse Link here Permalink


Response to NQAS (Reply #9)

Mon May 10, 2021, 07:51 AM

22. The CEO should be fired for gross negligence.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Sun May 9, 2021, 11:15 PM

10. Here's some more on DarkSide. Can't vouch for the white hat status of the site, but

apparently DarkSide's been known about since last year.


The DarkSide operation is hardly innovating in terms of tactics, techniques, and procedures (TTPs) used by other threat actors. The group shares its methods with infamous names like DoppelPaymer, Sodinokibi, Maze, and NetWalker. Many researchers that have analyzed the DarkSide ransomware agree that there are significant overlaps between this operation and those mentioned above. What, then, makes DarkSide particularly interesting? The answer is threefold:

The group has a highly targeted approach to targeting their victims
Custom ransomware executables are carefully prepared for each target
There is a corporate-like method of communication throughout their attacks

The group behind DarkSide announced its new ransomware operation via a press release on their Tor domain in August 2020. Up until this point, some researchers have claimed that the group has earned over one million USD; however, Digital Shadows cannot corroborate a definite figure at the time of this report. Possibly in an attempt to underline their experience, they made a point to clarify that the DarkSide operation isn’t their first criminal experience; the campaign was developed to refine existing products into the ultimate ransomware tool.

...To go even further, the group behind DarkSide states their intent to select their targets based on their financial revenue. This method implies that a ransom price is modeled around the victim organization’s net income.

The operators behind DarkSide harvest the clear text data from their victim’s server before encrypting it and requesting a ransom. The stolen data is then uploaded to DarkSide’s leak website, which serves as a powerful extortion tool for the threat group. The targeted company risks sensitive data loss after a successful attack, and not to mention, a public breach can severely damage an organization’s reputation. If this tactic sounds familiar to you, you’re right on the money – we’ve been closely following the pay-or-get-breached trend since late 2019.


https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #10)

Mon May 10, 2021, 11:41 AM

28. I work in this field - that article is pure bs.....

Sorry, just about nothing there is true. I know of at least 10 recent attacks where the attackers asked relatively small companies for $1M. All paid something, some the full amount.

It's just more lore than history.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to getagrip_already (Reply #28)

Mon May 10, 2021, 01:27 PM

30. I thought just what you said was in that article? No?

They pointed out that 'ability to pay' determined their targets, not necessarily size. How they encrypt the data on their server and then inform their mark sounds logical to me.

Not sure why it's all bs, but I'll take your word for it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #30)

Mon May 10, 2021, 02:03 PM

33. There are several poorly researched statements, and a load of clickbait....

The statement that they made over a million dollars is one. This has become a Billion dollar industry - Billion. That a group as reportedly successful as this one only made a million is laughable. As I said, I know of multiple claims in that realm from individual companies, and entry level cyber insurance insurance policies are typically in the $1M range, so if they are successful operation they are pulling in much, much more.

Do they individually target companies? Possibly, but it isn't the mission impossible level of targeting. They aren't that refined. They mostly just get lucky and find a way in either through social engineering or some unpatched exploit, and that works for them.

The article is clickbait. There are tens of thousands of attacks currently underway. Some will succeed and you will never hear about them.

This one is visible because it looks like they aren't paying up.

My personal solution isn't very popular. I would outlaw any payment as ransom to get data back. Period. Let the chips fall where they may. Take away the financial incentive and these attacks will fall way down.



Reply to this post

Back to top Alert abuse Link here Permalink


Response to getagrip_already (Reply #33)

Mon May 10, 2021, 02:20 PM

35. Your solution

seems like the only logical way to stop this. It might not be popular, imo, because 'zero negotiations' laws or policies will make the chips fall toward just selling or releasing the pirated data to other parties. But if one of those parties is a real group working with law enforcement, maybe they might be caught.

So there'd still be monetary incentive, law or no law; they'd take their chances on the bet that the law can't find them. Then I guess there's probably always a buyer beyond the actual victim; say, a victim's competitor, or a state; one or more, even, to start a bidding war.



Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #35)

Mon May 10, 2021, 03:10 PM

38. true, but the financial burden would shift towards hardening our infrastructures

rather than paying ransoms.

I always here that it's too expensive to improve IT security. I never hear it's too expensive to not pay a ransom.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Sun May 9, 2021, 11:18 PM

11. Peak Oil...

We're past peak oil, no?

skirmishes in the coming oil wars?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Sun May 9, 2021, 11:32 PM

12. Why were the hackers able to do this?

I am a long-time member of the Electoral Board in a small, rural VA county. Last year, after three years of study, planning and testing, the VA Dept of Elections dropped on every Registrar in the state 24 pages of cybersecurity requirements so extensive that most localities are hiring outside cybersecurity firms to protect our systems. The systems in Registrar's offices typically consist of a a few computers tied to a router and used almost exclusively to communicate with the state voter registration database.

Sounds as though we are light years ahead of the pipeline people in terms of cybersecurity.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Sun May 9, 2021, 11:55 PM

14. Comlexity and reliance on it creates vulnerability.

SO MANY moving parts, and one knocked off its assigned task can create disaster. I'm guessing this network has a pretty high level of cyber security. It wasn't enough, clearly. What now?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 12:34 AM

16. What are gas prices now?

I honestly don't know. After switching to electric for my transportation, I don't really pay attention to it anymore.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 02:03 AM

17. Good for Joe. Now if he can just get Congress to understand that this, too, is infrastructure...

... and national security. Not just pipelines, but electronics, interwebs, cyber.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 03:43 AM

18. Listen, this is dangerous stuff

This happened to a small company a few years ago. They wanted one million in cash.
The FBI was involved. We must protect our networks with employees, not contractors!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 06:58 AM

19. Oh jeez, gas is already almost $4 a gallon in California

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ansible (Reply #19)

Mon May 10, 2021, 08:21 AM

24. Just what I was about to post.

and that was before the attack. Should have filled up last week, when I had just watched the numbers go up again.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ansible (Reply #19)

Mon May 10, 2021, 08:31 AM

25. Shouldn't effect California.

But then greed will use any excuse.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 07:17 AM

20. It's not the price for me as much as it is for the specter of gas lines.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 07:31 AM

21. Something really smells

"The emergency status enables fuel to be transported by road."

And hasn't it already been reported that they're having problems finding drivers?

Bet you follow the money train and it leads to a place in Florida.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 08:09 AM

23. Cyber pirates

The Internet is the new open seas.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 11:28 AM

26. Wow 100GB of data held ransom? Really? lol....

They could at least do a little fact checking.

Anyway, to answer all the whosayers and whatnot askers out there, these attacks target not just servers, but network infratructure, storage systems and backup infrastructure as well. Their goal is to make it nearly impossible for you to regain operations unless you pay them big money. They are probably asking for millions in cyber currency.

I wouldn't be at all surprised to hear the attackers were in their network for 6-9 months. I wouldn't be surprised to hear they stole a considerable amount of data, including personnel and customer info. I wouldn't be surprised to hear the company just didn't perform an update to a previously known attack path.

They could have gained entry through a supply side hack (an update sent from a trusted supplier - that's how solar winds attack worked), it could have been through a zero day attack on network gear or vpn software that had yet to be updated, it could have even happened through a sloppy employee.

These groups have time, technology, and greed on their side. They only need an occasional victory. Companies need to win every encounter.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 02:02 PM

32. So I wonder if any of Russia's computer systems are vulnerable to anything like this?

Food for thought.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Calista241 (Reply #32)

Mon May 10, 2021, 03:39 PM

39. Probably not, I think russians are actually better than us when it comes to IT

 

I've already been using their Yandex search engine and it's already better than Google in many ways, especially when it comes to reverse searching images. Russia's a cold, depressing country where people spend most of the year in their homes with nothing else to do except use their computers.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 05:18 PM

40. Why is everything "dark" with these people? 😐😒

“Dark side” “dark web” ...

It’s bullshit.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TreasonousBastard (Original post)

Mon May 10, 2021, 07:55 PM

42. Hey right wing assholes

what was that you were saying about only roads and bridges are infrastructure again?

This is why cyber security is infrastructure!

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread