US passes emergency waiver over fuel pipeline cyber-attack

All: please don&#x27;t post flamebait such as calls for war and whatnot. It&#x27;s incredibly tedious. We&#x27;re trying for <i>interesting</i> conversation here.<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;newsguidelines.html" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;newsguidelines.html</a>

Colonial Pipeline precisely does keep it&#x27;s control network disconnected from the internet - the only thing that was ransomwared is their corporate network. They shut the pipelines down voluntarily to prevent further spread.

That gang may have bitten off more than they can chew. They&#x27;ve now gotten the US government involved officially, which means that beyond the sheer mass of resources that will go into tracking this gang, the government also has something to prove now.<p>Being at the center of an international incident is probably not good for business.

So, a very limited state of emergency which allows fuel that is ordinarily piped to be transported by truck.<p>Ancillarily, It&#x27;s not evident this cyberattack actually compromised the industrial controls, but rather trashed the administrative system controlling the controls.

Previous related thread:<p><i>U.S.&#x27;s Biggest Gasoline Pipeline Halted After Cyberattack</i> - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=27086403" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=27086403</a> - May 2021 (190 comments)

&quot;Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial&#x27;s network on Thursday and took almost 100GB of data hostage.&quot;<p>re: &quot;infiltrated Colonial&#x27;s network&quot;<p>I have been reading some of the other reports of this incident from different publications.<p>Many of the stories include a line about attackers downloading &quot;100 GB in only 2 hours&quot; as if that was being downloaded from the company&#x27;s on premises servers.<p>Eventually I found a story that disclosed the data was actually downloaded from a cloud provider.

&gt;The gang even has a website on the dark web where it brags about its work in detail, listing all the companies it has hacked and what was stolen, and an &quot;ethics&quot; page where it says which organisations it will not attack.<p>And yet they don&#x27;t give the URL.<p>I wanna see this page. Does anyone have it?

I like how they are charging 10% more if you pay with Bitcoin than with Monero.<p>I think commerce would greatly improve if other networks had Tor clients, especially because of the stablecoin and private stablecoin availability as of this year. All EVMs as well as Tendermint networks have no out of the box solutions for Tor nodes and connectivity. But they both have ways for ERC20 tokens to have a great degree of privacy. One Tendermint network called Secret Network has private smart contract execution, and a variety of bridges. So as all tokens are smart contracts the metadata and variables would not be visible onchain.<p>sDAI would be more useful for commerce if the nodes and wallets could easily resolve over Tor.<p>Is anybody working on that?

The reason that cyberattacks are proliferating is because it has only recently become easy for the threat actors to receive massive payments quickly and anonymously. Remove that ability and the entire cyberattack ecosystem shuts down instantly. It is only a matter of time before this happens.

I looked at their available posted jobs on Friday as news broke about the attack. Colonial has had a position for Cybersecurity Manager open for over 30+ days. I wonder what happened to the old manager....

Seems like this company has more than just IT problems <a href="https:&#x2F;&#x2F;newrepublic.com&#x2F;article&#x2F;161498&#x2F;huntersville-north-carolina-colonial-pipeline-spill" rel="nofollow">https:&#x2F;&#x2F;newrepublic.com&#x2F;article&#x2F;161498&#x2F;huntersville-north-ca...</a>

Ransom ware seems like a potential antidote to vulnerable US digital infrastructure. It provides a persistent, material bug bounty which incentivises the C-suite to fix them.

A lot of people are talking about the the results of this hack and a little bit about the industrial control systems, but no one is really addressing the hack itself.<p>&gt;James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.<p>&gt;He says it is possible for anyone to look up the login portals for computers connected to the internet on search engines like Shodan, and then &quot;have-a-go&quot; hackers just keep trying usernames and passwords until they get some to work.<p>Nothing sophisticated, nothing difficult, you just need some capital in the bank to buy some leaked credentials someone else worked hard to poke at, that is, some academic security person on a PhD worked hard for months to find some bug in software back in 2014, that turned into code someone else copy and pasted back in 2017, that yielded a dump in 2019 that some other hackers actually probed for some sucker&#x27;s old login details he probably didn&#x27;t even realize was in a dump, or might not even use anymore! The only hard work in this story is that academic in 2014 did and he definitely probably no connection to the criminals who basically got the president to issue a national emergency.

I seriously don&#x27;t understand why the pipeline operators don&#x27;t have some contingency plan or have simulated scenarios like this which enables them to roll-back systems immediately to some usable state.<p>How the hell is some random ransomware gang able to shut down critical infrastructure at purely a software level

Something doesn&#x27;t quite add up. I feel like we don&#x27;t have the full story:<p>&gt;After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet.<p>So... that constitutes a state of emergency? What data would they have that would be so sensitive? More likely they have hooks deep into the operation of the pipeline and may be threatening to shut it down&#x2F;destroy it if not paid. Or, rather, they may be having trouble restoring operations without paying the ransom.<p>Side note&#x2F;speculation: Will the feds make a move against crypto?

* There exists a decryption tool for DarkSide <a href="https:&#x2F;&#x2F;labs.bitdefender.com&#x2F;2021&#x2F;01&#x2F;darkside-ransomware-decryption-tool&#x2F;" rel="nofollow">https:&#x2F;&#x2F;labs.bitdefender.com&#x2F;2021&#x2F;01&#x2F;darkside-ransomware-dec...</a><p>* Critical infrastructure should not be allowed to run on Microsoft Windows<p>* The remote workers, through which the attack was performed, didn&#x27;t even use a VPN, just TeamViewer and MS Remote Desktop.

I don&#x27;t see this being called a &quot;State of Emergency&quot; anywhere but that BBC article. There&#x27;s nothing on the Whitehouse.Gov briefing room, google news, etc.<p><a href="https:&#x2F;&#x2F;www.whitehouse.gov&#x2F;briefing-room&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.whitehouse.gov&#x2F;briefing-room&#x2F;</a>

It&#x27;s not clear to me that this is actually a &quot;state of emergency&quot;. The BBC has now quietly amended their headline to say &quot;US passes emergency waiver over fuel pipeline cyber-attack.&quot; (The web page calls it a &quot;Regional emergency declaration.&quot;)

My inherent cynicism leads me to believe the <i>real</i> reason they shut down the pipeline was because the attackers took down the accounting system.

I like how they &quot;guarantee support in case of problems&quot; after you pay them. God forbid they lose a customer. Are they going for repeat buys?

Brought to you by Bitcoin.

Any chance this acts as a catalyst to face the ransomware problem head-on? <i>Someone</i> in a position of power in US intelligence agencies has to know this won&#x27;t be the last time that a massive piece of infrastructure is taken down.

We knew about this since before 2000 probably, earliest articles I could find : 2007, 2009 : <a href="https:&#x2F;&#x2F;www.cfr.org&#x2F;backgrounder&#x2F;americas-vulnerable-energy-grid" rel="nofollow">https:&#x2F;&#x2F;www.cfr.org&#x2F;backgrounder&#x2F;americas-vulnerable-energy-...</a> , <a href="https:&#x2F;&#x2F;www.wsj.com&#x2F;articles&#x2F;SB123914805204099085" rel="nofollow">https:&#x2F;&#x2F;www.wsj.com&#x2F;articles&#x2F;SB123914805204099085</a>

This is depressing and not going to stop because it is so lucrative and relatively easy for these malware companies to find victims. It makes me wonder if cybersecurity should be considered a state responsibility and infrastructure so it will be uniform and available for every business like electricity or police protection.

It seems like the main new thing crypto has enabled as a currency so far is ransomware.

I&#x27;m a fan of pipeline shutdowns personally

I know exactly what stocks I&#x27;m buying at 930am tomorrow morning.<p>Keep your eyes on the oil major folks on twitter to see what happens:<p><a href="https:&#x2F;&#x2F;twitter.com&#x2F;anasalhajji" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;anasalhajji</a><p><a href="https:&#x2F;&#x2F;twitter.com&#x2F;calvinfroedge" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;calvinfroedge</a>

Aaaand to what extent might this state of emergency require corporate welfare for US Oil?

Note that the group has an ethics page. They only attack large, for-profit corporations.

I would love to read the IEC 62443 risk analysis of IT-infrastructure of the pipeline.

It needs to be asked again, why are critical services on the Internet ?<p>We all know why, companies are chasing profits at any cost, so hiring more people to monitor these systems as the did 40 years ago will lower the execs bonuses.<p>The US Gov should make it clear, if you are a critical service and if your service drops due to items being on the internet, for each occurances 10% of your total revenue (including your parent companies) are forfeited.<p>That will get them serious about security.

Seems they got in through a password brute-force attack?<p>It might be time to switch to hardware tokens, encryption keys or to enforce fully random passphrases or diceware&#x2F;xkcd passphrases.

nice timing for this &quot;cyber&quot; attack on an oil pipeline company.

Nothing to do with this article, but...<p>when did &quot;legitimate interest&quot; become the thing advertisers^Wtrackers are (ab)using to keep tracking on by default? It&#x27;s not due to a change in legislation afaikt, the GDPR hasn&#x27;t changed in this regard, right?

Hacks, not skill or ethics. Losers!

Is this event going to give Americans a new appreciation of pipelines? One of Biden’s signature issues was killing Keystone after all.

Critical data belongs on magnetic tape.<p>Should have also kept nuclear launch codes on floppy.

Clearly they should have hired the guys that made the elections the most secure in history, to secure the pipeline.

The government is incompetent, especially when it comes to cybersecurity. It will be interesting to see how this plays out.

Who decides how many hours we&#x27;re allowed to work, driving trucks, fixing jet engines, taking care of children, or doing anything else?<p>Our and our employer&#x27;s liability for errors is enough motivation to maintain safety at a reasonable level.<p>Put another way, is there statistical evidence of the efficacy of these regulations in reducing trucking accidents? Not that I could find!

Forgive my ignorance, but is it incredibly hard to determine the actual identities of the people behind this? I don’t know why a government wouldn’t simply assassinate culprits who were guilty of crimes at a level that would qualify as an act of war.

Breaking: U.S. government is inept at carrying out procedures which are standard in the technology industry, including the proper safeguarding of important tools &amp; data, despite a budget larger than any other entity on earth.<p>Not Breaking: Citizens’ disappointment in the aforementioned, particularly given their direct contribution to said budget.<p>The Unsaid: Much of this will not change, unless incentives are realigned.