The oil giant said it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems.”
The most important thing here is that “the pipeline got hacked” is probably not an accurate statement. It appears that the actual industrial controls that manage the pipeline operations were not effected by the standard ransomware attacks that struck the company that manages the pipeline. Taking pipeline operations offline were probably not necessary, but in the moment, difficult to assess if there was something larger going on. I’m unable to find any sort of examples of a ransomware attack that works against multiple platforms, and the articles about Colonial Pipeline appear that the ransomware only effected Windows computers. Despite industrial controls security being an area in dire need of additional work (NIST’s IC Guide, this attack probably would have not effected pipeline operations had it not been shut down. Although, if wrong, it is not outside the realm of possibility that loss of life and national infrastructure could have occurred. (Wired article: How 30 Lines of Code Blew Up a 27-Ton Generator)
Here in Virginia, I, personally, saw someone filling up a Rubbermaid bin with gasoline at a Sheetz filling station. Aside from that, the traditional American past time of freaking out and causing an artificial resource shortage from being panicked by the hyperbolic media, this did not effect me at all.
I’ve read several people in information security that strongly argue against ever paying the ransom. I think that this is the same rational as to not paying kidnappers the ransom - the incentive is the money, and if the money won’t happen, there is no incentive to deploy ransomware. However, just like you want to get your loved one back, the United States doesn’t want one of its arteries to stop working for an unknown amount of time.
Ransomware insurance exists, which makes me believe that this is something that will not be going away anytime soon.
- KrebsonSecurity: DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
DarkSide organizers also said they were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.
I think that this is just Krebs’s take on DarkSide just catching a big fish with a little boat. They bit off more than they can chew. I imagine that if I was in DarkSide, this release of the encryption keys would be done in a desperate hope that the powers that be would call things even, and put less work into hunting them down and prosecuting them. Good luck to them, I suppose.
Grey and black market networks have attempt to avoid this very scenario by banning the sale of fake COVID-19 immunization cards and also some drug markets have banned the sale of fentanyl, both because there probability of attracting undue law enforcement attention is much higher for these items. Fentanyl specifically as it is currently the drug that America’s failed “War on Drugs” has decided to focus on.
- Vox Recode: Ransomware attack hits another massive, crucial industry: Meat
- BBC: JBS: Cyber-attack hits world’s largest meat supplier
- BBC: JBS: FBI says Russia-linked group hacked meat supplier
And another recent example of a ransomware attack.
- VICE: The 5 Wildest Things About the FBI’s Secret Phone App for Criminals
- BBC: ANOM: Hundreds arrested in massive global crime sting using messaging app
- BBC: Hakan Ayik: The man who accidentally helped FBI get in criminals’ pockets
- VICE Motherboard: ‘We Have to Run a Good Company’: How the FBI Sold Its Encryption Honeypot
- VICE Motherboard: Bachelorette Contestant Caught in FBI’s Fake Encrypted Phone Operation
- Schneier on Security: FBI/AFP-Run Encrypted Phone
The FBI and the AFP create a honeypot, likely with the legal protections of the Five Eyes alliance (also see ECHELON for a history lesson). Which, remember, United States intelligence agencies cannot legally spy on American citizens in most cases, but because of Five Eyes, they can ask an Australian or British intelligence service to do so, and that’s fine legally.
I think the AN0M’s honeypot likely trampled on the civil rights of a good number of people in several different countries. Please do not believe law enforcement when they behave as if traditional investigation techniques have suddenly stopped working for them now that the Internet exists. We do not need to yield our own privacies to law enforcement just for their jobs to be made easier.
And let’s not forget, the United States spies on its allies, constantly. Previously: Crypto AG.
- BBC: Trump officials seized Democrat’s Apple data
- BBC: Seizure of Democrats’ Apple data by Trump officials to be investigated
- VICE: Trump’s DOJ Secretly Forced Apple to Hand Over Adam Schiff’s iPhone Data
And, on itself. I would like to point out as well that the Trump administration spying on Democrat’s information isn’t a scandal to me. The DOJ was acting legally in this. The only reason that this is news right now is because people in the Congress in the Democratic party are unhappy that they’ve been on the receiving end of the laws they helped pass that applied to everyone else in this country. That’s the real scandal - that the burden of proof is so low to get an easy legal okay to coerce a company to hand over data for the flimsiest of reasons.