If only.

How can we not have someone of that caliber on our side?

when people (paid Employees) ran things,rather than web connected technology!

We also warned the government NOT to engage in cyber warfare against other countries, and were ignored.

This is just the latest chicken come home to roost.

because unilateral disarmament always works.

and thus made us a target. You don't use a weapon against an enemy that you yourself are quite vulnerable to, especially one that is pretty cheap to deploy.

that cost $100+ to repair.

I mean, really, can you seriously say the GRU Solarwinds attack was in retaliation for Stuxnet?

I am saying that many of us in the IT community warned that it was unwise to launch such an attack since U.S. data infrastructure was quite vulnerable. By using the weapon first, we gave license for it to be used against us. We have started another arms race and it is the the people who will pay.

The goal is money, not political advantage.

And it has nothing to do with the wimpy warnings some in it made decades ago. Computer viruses were still running rampant before stuxnet.

Get over it. This has nothing to do with spy-vs-spy.

This is armed robbery. Nothing more. Nothing less.

I am an IT guy of several decades.

State sponsored attacks/extortion schemes were NOT a thing. And I hardly see the difference between an attack which simply takes out a target, and an attack that takes out a target, but you MIGHT be able to buy your way out of it. Also, these folks are not only taking the target offline, they are threatening to release massive amounts of private data as well, so a "two-fer".

These groups would have a hard time operating without state sponsorship at this level.

Are there political attacks as well? Sure, nk attacked disney for example. That was purely punitive.

But the attack against the pipeline is only financial.

Remember that the early viruses were neither political nor financial. They were largely just trying to cause damage with no real intent.

And it had nothing to do with stuxnet. Neither does this attack.

I've been in high tech a long time, since 1980, and I've seen a lot. I've held security clearances and been places some people only read about.

Stuxnet didn't cause anything that wasn't already happening, and the only reason you even know about it is the target leaked the info. It was going on long before that on multiple fronts. It didn't just leap out from a lab in VA.

I get the negative feelings to what goes on in spookyville, but it isn't the evil we have here..

as my point was these type of high volume operations cannot exist without government sanction. The money just helps defray budget costs and helps the gov't keep a cutout between them and the criminals.

Viruses were nuisances back in the day, with some bad actors with malicious intent. Ransomware is a different matter, but again, the motive is irrelevant. Intelligence services routinely ran blackmail schemes through criminal third parties, allowing the criminals to profit, while they obtained "useful" intelligence, and candidates for involuntary recruitment.

Stuxnet was weaponization of a computer virus against a sovereign state using Israeli intelligence as a surrogate so the US government could have plausible deniability. We opened the door to the practice and now we are on the receiving end with no moral high ground to bitch from.

If memory serves, Trump's Pentagon was discussing using cyber-attacks as a justification for a nuclear response. No way that could go wrong.

But that doesn't mean that would be any different if no guv had ever planned or conducted a cyber attack against another.

Many of these groups are not only self funding, they are extremely profitable for their sponsors. Oligarch's have multiple masters, but money is the leader among equals.

Of course if the circumstances warranted it, it would be a small effort for them to become weaponized. Which is why the genie is so far out of the bottle we need our own bigger, better genies.

Unilateral disarmament is not a workable strategy. No more so than disbanding the military cuz we felt good about it.

What we advised back in the day was "DO NOT be the first to deploy this weapon". We let the genie out of the bottle, just as we did with nuclear weapons.

The question is why they didn’t have safeguards in place?

Cost cutting for investor returns and exec bonuses?

Did they have backups and the backups for for the backups?

If state of emergency means USG resources, will the pipeline operator compensate? If not, sounds kind if socialism-ish.

What about systems for other critical services?

Of course it’s most important to get the systems back online, but these other questions need to be addressed.

apparently DarkSide's been known about since last year.

Sorry, just about nothing there is true. I know of at least 10 recent attacks where the attackers asked relatively small companies for $1M. All paid something, some the full amount.

It's just more lore than history.

They pointed out that 'ability to pay' determined their targets, not necessarily size. How they encrypt the data on their server and then inform their mark sounds logical to me.

Not sure why it's all bs, but I'll take your word for it.

The statement that they made over a million dollars is one. This has become a Billion dollar industry - Billion. That a group as reportedly successful as this one only made a million is laughable. As I said, I know of multiple claims in that realm from individual companies, and entry level cyber insurance insurance policies are typically in the $1M range, so if they are successful operation they are pulling in much, much more.

Do they individually target companies? Possibly, but it isn't the mission impossible level of targeting. They aren't that refined. They mostly just get lucky and find a way in either through social engineering or some unpatched exploit, and that works for them.

The article is clickbait. There are tens of thousands of attacks currently underway. Some will succeed and you will never hear about them.

This one is visible because it looks like they aren't paying up.

My personal solution isn't very popular. I would outlaw any payment as ransom to get data back. Period. Let the chips fall where they may. Take away the financial incentive and these attacks will fall way down.

seems like the only logical way to stop this. It might not be popular, imo, because 'zero negotiations' laws or policies will make the chips fall toward just selling or releasing the pirated data to other parties. But if one of those parties is a real group working with law enforcement, maybe they might be caught.

So there'd still be monetary incentive, law or no law; they'd take their chances on the bet that the law can't find them. Then I guess there's probably always a buyer beyond the actual victim; say, a victim's competitor, or a state; one or more, even, to start a bidding war.

rather than paying ransoms.

I always here that it's too expensive to improve IT security. I never hear it's too expensive to not pay a ransom.

We're past peak oil, no?

skirmishes in the coming oil wars?

I am a long-time member of the Electoral Board in a small, rural VA county. Last year, after three years of study, planning and testing, the VA Dept of Elections dropped on every Registrar in the state 24 pages of cybersecurity requirements so extensive that most localities are hiring outside cybersecurity firms to protect our systems. The systems in Registrar's offices typically consist of a a few computers tied to a router and used almost exclusively to communicate with the state voter registration database.

Sounds as though we are light years ahead of the pipeline people in terms of cybersecurity.

SO MANY moving parts, and one knocked off its assigned task can create disaster. I'm guessing this network has a pretty high level of cyber security. It wasn't enough, clearly. What now?

I honestly don't know. After switching to electric for my transportation, I don't really pay attention to it anymore.

... and national security. Not just pipelines, but electronics, interwebs, cyber.

This happened to a small company a few years ago. They wanted one million in cash.
The FBI was involved. We must protect our networks with employees, not contractors!

and that was before the attack. Should have filled up last week, when I had just watched the numbers go up again.

But then greed will use any excuse.

"The emergency status enables fuel to be transported by road."

And hasn't it already been reported that they're having problems finding drivers?

Bet you follow the money train and it leads to a place in Florida.

The Internet is the new open seas.

They could at least do a little fact checking.

Anyway, to answer all the whosayers and whatnot askers out there, these attacks target not just servers, but network infratructure, storage systems and backup infrastructure as well. Their goal is to make it nearly impossible for you to regain operations unless you pay them big money. They are probably asking for millions in cyber currency.

I wouldn't be at all surprised to hear the attackers were in their network for 6-9 months. I wouldn't be surprised to hear they stole a considerable amount of data, including personnel and customer info. I wouldn't be surprised to hear the company just didn't perform an update to a previously known attack path.

They could have gained entry through a supply side hack (an update sent from a trusted supplier - that's how solar winds attack worked), it could have been through a zero day attack on network gear or vpn software that had yet to be updated, it could have even happened through a sloppy employee.

These groups have time, technology, and greed on their side. They only need an occasional victory. Companies need to win every encounter.

Food for thought.

I've already been using their Yandex search engine and it's already better than Google in many ways, especially when it comes to reverse searching images. Russia's a cold, depressing country where people spend most of the year in their homes with nothing else to do except use their computers.

“Dark side” “dark web” ...

It’s bullshit.

what was that you were saying about only roads and bridges are infrastructure again?

This is why cyber security is infrastructure!