Major U.S. pipeline system shut down after cyber attack

Discussion in 'other security issues & news' started by hawki, May 8, 2021.

  1. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    They would look, but it's not so easy I imagine. Not that I'd know.

    The closest I got to "hacking" was trying to learn assembly so I could crack games because I thought it would be fun (i still think it would be). Then i saw just how much there is to learn and the fact u still need to spend countless hours to think of how to bypass denuvo, and I quickly realized I don't have time for this, not with a day job. If anyone's interested - https://wiki.skullsecurity.org/index.php?title=Simple_Instructions https://guidedhacking.com/threads/ghb1-start-here-beginner-guide-to-game-hacking.5911/ https://iosgods.com/topic/65607-how-to-hack-games-using-ida-pro-ida-pro-tutorial/

    Oh yeah, I also got accepted into https://uniteagainstmalware.com/ program. But I chose a poor forum (the easier to get into, the poorer the forum is), so all the resources were spread all over the place, it was quite confusing to know how to start, it's like some1 gives u a book but deletes all the page numbers and then scrambles it, and then go figure out where to start from. But I also started uni so I had no time. I still remember how happy I was when I got accepted.
     
    Last edited: May 13, 2021
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    FWIW:

    President Biden Delivers Remarks on the Colonial Pipeline Incident

    https://www.youtube.com/watch?v=lSjBe03hbiI
     
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,392
    Location:
    Member state of European Union
    Many police units and other services are looking for cybercriminals, but:
    1. There are just too many of them when you include all minor infections etc
    2. Some may build networks of bots (botnets) and use other services that may indeed provide anonymity to the extent that IP logs from victim are useless
    3. On rare occasion of arresting high-profile cybercriminals police do not want to disclose details, because that would give other cybercriminals clues how to evade police deanonymization methods. Sometimes police is also at the edge of using illegal methods to trace cybercriminals.
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,392
    Location:
    Member state of European Union
    Biden in press conference @hawki posted: no comment on that.

    https://www.bbc.com/news/business-57050690
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,444
    Location:
    USA
    The police speed to catch speeders and shoot armed criminals. I don't really have a problem with them doing illegal things related to cybercriminals if they are stopping things such as this incident. I still say this would stop entirely if they would eliminate anonymous cryptocurrency. I assume it only exists to facilitate crime and tax evasion.
     
  6. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,064
    Location:
    Brooklyn, NY
    Last edited: May 13, 2021
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,392
    Location:
    Member state of European Union
    In many cases it is legal for police to shoot armed suspects that pose immediate threat to them or other people. I was talking about illegal things.

    Even if it would stop ransomware attacks completely this is still security by (only) obscurity. It is not proper security. Any attacker that does not have financial motivation or is funded by nation state would easily do the same thing again.
     
  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,444
    Location:
    USA
    Ok, fair enough on the idea of being funded by a nation state. But that will still be the exception more than the rule.
     
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "Colonial Pipeline Shut Down Distribution Because It Couldn’t Bill Customers

    Colonial Pipeline reportedly shut fuel distribution down after last week’s cyberattack, not for safety reasons, but because its compromised systems couldn’t keep track of customer bills.

    CNN confirmed the news on Thursday, with the network’s Evan Perez saying Colonial 'was concerned that they wouldn’t be able to figure out how much to bill customers for fuel that they received.' The report corroborated earlier reporting by Kim Zetter, who noted in an earlier Substack post that the company’s “flow computer” — which records information about fuel distribution — had been compromised..."

    https://www.mediaite.com/news/colon...ion-because-it-couldnt-bill-customers-report/

    " 'New Details' Suggest Execs, Not Hackers, Shut Down Colonial Pipeline Due to Inability to Bill Customers

    Smart hackers figured out how to hit them where it hurts

    New details from within Colonial Pipeline have come to light surrounding the decision to shut off supply. Those briefed on the matter have suggested that fuel flows were shut down due to the company's billing system being compromised. Company officials were reportedly concerned that they would not be able to accurately bill customers for fuel delivered, and chose to stop delivery instead..."

    https://www.core77.com/posts/108776...l-Pipeline-Due-to-Inability-to-Bill-Customers
     
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "DarkSide, Hacking Group Linked to Colonial Pipeline Attack, Says It Is Closing Down

    The criminal group linked to a cyberattack that disrupted gasoline delivery across parts of the southeastern U.S. this week has told hacking associates that it is shutting down, according to the security research firm FireEye.

    A website operated by ransomware group DarkSide, which U.S. officials have said is believed to originate in Eastern Europe, has been down since Thursday.

    DarkSide has told associates it has lost access to the infrastructure it uses to run its operation and would be shutting down, citing pressure from law enforcement and from the U.S., FireEye said..."

    https://www.wsj.com/articles/web-si...-colonial-pipeline-attack-is-down-11621001688
     
  11. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,444
    Location:
    USA
    I would have to assume the loss would have been greater than the $5 million they reportedly paid to the hackers. Else why bother.
     
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
  13. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,064
    Location:
    Brooklyn, NY
    So, by conservative calculation 6 days x 343 = 2.06 billion USD theoretically lost. Plus the five million ransom, plus collateral damages and costs.

    Cost of renting a cyber-security firm until a boss is located somewhere: maybe a couple 100 grand?
     
  14. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,444
    Location:
    USA
  15. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "Tech audit of Colonial Pipeline found 'glaring' problems

    An outside audit three years ago of the major East Coast pipeline company hit by a cyberattack found 'atrocious' information management practices and 'a patchwork of poorly connected and secured systems,' its author told The Associated Press.

    'We found glaring deficiencies and big problems' said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. 'I mean an eighth-grader could have hacked into that system.'..."

    https://www.startribune.com/tech-audit-of-colonial-pipeline-found-glaring-problems/600056502/
     
  16. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,381
    Location:
    Slovenia
  18. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    Considering that their other stuff (blog, cdn and 1 more) got sweeped up, and possibly even their wallet (although that may have been fake as to avoid paying their affiliates), it either means

    1) DarkSide was just insecure group so they got easily swept when targetted
    or
    2) That's just the nature of being targetted by the FBI and stuff with all the resources and manpower one could want, and that is why ransomware groups got banned from the forums as the forum admins do not wanna mess with the FBI and other legal entities and would rather stay undercover
     
  19. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    67,752
    Location:
    U.S.A.
  20. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "Colonial shippers say pipeline communication system is down...

    The system that allows customers to nominate and make changes to their batches of fuel traveling through the system has been inaccessible as of Tuesday morning, according to shippers on the line...

    Bloomberg is reporting the company has not responded to requests for comment..."

    https://www.ajc.com/news/nation-wor...on-system-is-down/P3XATFG575ALJDPZHA5PVR7GZY/
     
  21. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,064
    Location:
    Brooklyn, NY
    There was a recent article featuring a company's transparency when it was involved in a ransomware attack. At the opposite end is opaque-ness. Then, there's this case, where it's like a black hole. :rolleyes::)

    Let's dimly hope there's an explanation that doesn't involve fumbling and bumbling around.
     
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    Colonial Pipeline statement:

    "Our internal server that runs our nomination system experienced intermittent disruptions this morning due to some of the hardening efforts that are ongoing and part of our restoration process. These issues were not related to the ransomware or any type of reinfection..."

    https://twitter.com/Colpipe/status/1394688447886106629
     
  23. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "The Colonial Pipeline Ransomware Hackers Had a Secret Weapon: Self-Promoting Cybersecurity Firms

    Five months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its ransomware victims. Then an antivirus company’s announcement alerted the hackers...

    On Jan. 11, antivirus company Bitdefender said it was 'happy to announce' a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the U.S. and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers...

    But Bitdefender wasn’t the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie, had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that 'new companies have nothing to hope for.'

    “Special thanks to BitDefender for helping fix our issues,' DarkSide said. 'This will make us even better'...

    The incident also shows how antivirus companies eager to make a name for themselves sometimes violate one of the cardinal rules of the cat-and-mouse game of cyber-warfare: Don’t let your opponents know what you’ve figured out..."

    https://www.propublica.org/article/...ret-weapon-self-promoting-cybersecurity-firms
     
  24. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "DHS to issue first-ever cybersecurity regulations for pipelines after Colonial hack

    The Department of Homeland Security is moving to regulate cybersecurity in the pipeline industry for the first time in an effort to prevent a repeat of a major computer attack that crippled nearly half the East Coast’s fuel supply this month...

    The Transportation Security Administration, a DHS unit, will issue a security directive this week requiring pipeline companies to report cyber incidents to federal authorities, senior DHS officials said. It will follow up in coming weeks with a more robust set of mandatory rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked, the officials said. The agency has offered only voluntary guidelines in the past...

    TSA’s new security directive will require pipeline companies to report cyber incidents to TSA and to CISA and to have a cyber official — like a chief information security officer — with a 24/7 direct line to TSA and CISA to report an attack. It will also require companies to assess the security of their systems as measured against existing cyber guidelines; fixing any gaps is currently voluntary...

    The new rules, expected in the coming weeks, will require companies to correct any problems and address shortcomings or face financial penalties, officials said...

    DHS is planning to have CISA, the department’s cybersecurity agency, work with TSA to enforce the new rules..."

    https://www.washingtonpost.com/business/2021/05/25/colonial-hack-pipeline-dhs-cybersecurity/
     
  25. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "Colonial Pipeline Missed Requested Security Review Before Hack...

    Colonial Pipeline Co. last year didn’t undergo a requested federal security review of its facilities and was in the process of scheduling a separate audit of its computer networks when hackers hit on May 7...

    It is unclear if an assessment by the Transportation Security Administration, a division of DHS that oversees pipeline security, would have uncovered digital weak points exploited in a hack that U.S. officials attributed to a criminal group known as DarkSide.

    A Colonial spokesman said the company offered to undergo a virtual review of its facilities, rather than a typical in-person audit, when TSA officials requested the security check last year..."

    https://www.wsj.com/articles/coloni...ested-security-review-before-hack-11622067027
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.