Image 01 Image 03

Ransomware Cyber Attack Shuts Down U.S. Fuel Pipeline

Ransomware Cyber Attack Shuts Down U.S. Fuel Pipeline

The attack follows on the heels of the Biden administration promises to address infrastructure cyber vulnerabilities.

https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html

Colonial Pipeline, an important American fuel pipeline operator, shut its entire network, the source of nearly half of the U.S. East Coast’s fuel supply, after a ransomware cyber attack.

The incident is one of the most disruptive digital ransom operations ever reported and has drawn attention to how vulnerable U.S. energy infrastructure is to hackers. A prolonged shutdown of the line would cause prices to spike at gasoline pumps ahead of peak summer driving season, a potential blow to U.S. consumers and the economy.

“This is as close as you can get to the jugular of infrastructure in the United States,” said Amy Myers Jaffe, research professor and managing director of the Climate Policy Lab. “It’s not a major pipeline. It’s the pipeline.”

The attack follows on the heels of the Biden administration promises to address infrastructure cyber vulnerabilities.

The attack comes amid rising concerns over the cybersecurity vulnerabilities in America’s critical infrastructure following recent incidents, and after the Biden administration last month launched an effort to beef up cybersecurity in the nation’s power grid, calling for industry leaders to install technologies that could thwart attacks on the electricity supply.

Colonial, which transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor, according to its website, said it learned of the cyberattack on Friday, causing them to pause operations.

“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” the company said in a statement.

It’s not clear how long the firm’s pipelines would be shut down.

The shutdown will affect other pipeline operations such as the Buckeye and Twin Oaks Pipeline, which runs through the New York City-Long Island area and Maine, FEMA said.

The company, based in Alpharetta, Georgia, said it hired an outside cybersecurity firm to investigate the nature and scope of the attack and has also contacted law enforcement and federal agencies.

“Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline,” the company said.

The identity of the hacker is not yet known.

An administration official said that an investigation into the episode was in the very early stages, and that it was unclear whether the hacker was a nation or a criminal group. At times, they work in concert. But so far, a senior administration official said, there was no evidence that a nation-state was involved in the attack.

DONATE

Donations tax deductible
to the full extent allowed by law.

Comments

“The identity of the hacker is not yet known.”

Disagree. I’d bet it’s our own government. Testing for putting down an uprising and to put pressure on congress to spend more money.

The atttack was just a single-point ransomware attack. The shutdown was defensive to keep it from spreading until it could be figured out what it was doing.

Cloudstrike says it’s the Russians. A crack team from the FBI will be right on it after investigating Rudy and intimidating the Arizona Legislature.

    mark311 in reply to ghost dog. | May 11, 2021 at 6:07 am

    No Crowdstrike and others think it was a hacker group called Darkside who are likely based in Russia. That’s a big difference.

If it were possible, I’d give you a thousand up votes!

TheOldZombie | May 9, 2021 at 1:51 pm

We are going to have to get to a point where we disconnect certain things from the internet in order to prevent them from being attacked by hackers.

It might be a silly comparison but this is what happened in Battlestar Galactica (reboot). The Galactica survived the sneak attack from the Cylons precisely because Adama never let the ship systems all be connected into one system. So the Cylon computer hack didn’t work on the ship.

    drednicolson in reply to TheOldZombie. | May 9, 2021 at 2:51 pm

    For individuals who backup their data regularly, and most importantly *disconnect the backup drive afterwards*, ransomware is an inconvenience instead of a disaster. It can’t encrypt what it can’t get to. I use a SSD for backups and put it in my firesafe box afterwards. Format from BIOS, restore from the backup, and give the would-be ransomer a virtual middle finger.

      MajorWood in reply to drednicolson. | May 9, 2021 at 3:43 pm

      I burn my critical data weekly to a write-once DVD which gets put on top of the off-site stack. At the worst I lose a week of my life. Cyber security for 20 cents a week.

      I am the opposite of my former co-worker who backed up her stuff on floppies which were then stored in a box on top of the CPU case. As someone recently put it, a file not located in 3 separate places doesn’t exist. A blast which gets all 3 of my copies will likely get me as well.

        JusticeDelivered in reply to MajorWood. | May 9, 2021 at 7:31 pm

        For years I ran two identical servers, one in my office and one in my home. Those two servers (different buildings) had a direct dedicated gigabit hardwired link. Each server ran its own RAID. The home server was in a concrete shelter. underground.

        There was a lag in the transfer of data between the primary and backup server. So I was supposed to have two copies of everything on each of the two servers.

        I had two computers which had no connections to the net, one for accounting and the other proprietary information.

          As someone else mentioned, BSG (the rebooted Battlestar Galactica) had the right idea. Keep the important stuff offline, and if that means having a second computer/laptop that is never connected to the internet or even your home network, so be it. I have a laptop that has never been and will never be connected to the internet (including my home network for printing purposes). I consider it a reasonable and rational precaution.

          daniel_ream in reply to JusticeDelivered. | May 10, 2021 at 2:09 pm

          What no one ever remembers is that the Galactica was where the Colonial Navy stuck its useless f*ckups, incompetents, and persistent discipline problems that were too politically connected to dishonorably discharge.

          The problem with SCADA ransomware attacks is the incompetence of the system architects and lax operational security, not the Internet, Union rules also play a part in making security culture difficult to inculcate.

      henrybowman in reply to drednicolson. | May 10, 2021 at 7:59 am

      Smart ransomware would impose a three month delay before triggering, so all your backup media is also infected. 🙁

    SeiteiSouther in reply to TheOldZombie. | May 10, 2021 at 10:59 am

    Same thing if you think about John Wick. The contracting network in the movie had paper records, and clearly antiquated computer systems (C64 or IBM). I thought about it and wondered why.

    Came to the BSG conclusion. Antiquated record keeping and computer systems are nigh hack-proof. The only way that information leaks is through human error or deliberate action.

Going into the summer- I suspect energy is going to be a big deal.

Expect to see gas stations run out of gas. Not related to this- but there’s a lot of factors.

If there’s a gas shortage, it’s because there are anti price-gouging laws. Cause and effect.

Price gouging is a fix for a problem, not a problem.

ThePrimordialOrderedPair | May 9, 2021 at 3:04 pm

An administration official said that an investigation into the episode was in the very early stages, and that it was unclear whether the hacker was a nation or a criminal group. At times, they work in concert. But so far, a senior administration official said, there was no evidence that a nation-state was involved in the attack.

LOL.

But a simple phishing attack on the stupid John Podesta (who was even advised by their local security folks not to click on the links) and the capture of some dem emails and files was “so sophisticated” an operation that it could have been no other than a nation-state (and the dreaded “Grizzly Steppe”), which eventually morphed into the outrageous lies about Trump (the only actual patriot in the race) colluding with Russia and being impeached … twice!

Firewalls and passwords are flimsy defenses. The only thing that will give real protection is a system physically isolated from the internet. No wifi connections. Make it all hardwired end to end.