Colonial Pipeline has had a cyberattack involving ransomeware from an Eastern European-based criminal gang called DarkSide. Colonial Pipeline has temporarily shutdown 2.5 million barrels per day of pipelines. This is about 12-15% of US oil capacity.
On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems. Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies.
Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.
Colonial is a key artery for the eastern half of the U.S. It’s the main source of gasoline, diesel and jet fuel for the East Coast with capacity of about 2.5 million barrels a day on its system from Texas as far as North Carolina, and another 900,000 barrels a day to New York. Colonial Pipeline 2.5 million barrel per day (b/d) system of approximately 5,500 miles of pipeline consistently runs at or near full capacity. Colonial connects 29 refineries and 267 distribution terminals, carrying refined petroleum products such as gasoline, diesel, heating oil, and jet fuel from as far west as Houston, Texas, to as far north as New York Harbor.
Colonial Pipeline is working to restore operations and has hired a third-party cybersecurity firm to investigate. The company said in a statement Saturday that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
As suspected, the Colonial Pipeline precautionary shutdown was due to ransomware. This is what I was hearing from sources as well. https://t.co/nNXocQPXYT
— Kim Zetter (@KimZetter) May 8, 2021
"The attack on top U.S. operator Colonial Pipeline appears to have been carried out by an Eastern European based criminal gang—DarkSide" – per WaPo story which has been updated with new info
— Kim Zetter (@KimZetter) May 8, 2021
Last time Colonial pipeline was down was 2016. Happened twice that year.
Sept 9-21st. due to leak, then again Oct. 31st-Nov. 10th due to an explosion.
Sept. event, showed increase in retail gas $, whereas the Oct. event showed little change in $, according to GasBuddy at time https://t.co/BCvZLYoaeq
— 𝕮𝖍𝖎 (@chigrl) May 8, 2021
Colonial Pipeline also recently had a leak of 1.2 million gallons of gasoline. The leak has been ongoing for quite a while and it has taken months to get a proper estimate of the scope of the problem.
The fuel leak was first reported in August 2020, after city officials say two teenagers were riding ATVs and noticed the leak.
One month later, Colonial Pipeline estimated 273,000 gallons of gasoline had spilled. In November, that number jumped to 354,060 gallons and by January 2021, 1,119,982 gallons.
North Carolina’s Department of Environmental Quality (NCDEQ) said data shows the amount of gasoline released in Mecklenburg County’s Oehler Nature Preserve exceeds Colonial’s 1.2 million-gallon estimate.
SOURCES- Colonial Pipeline, Bloomberg, Twitter, North Carolina Department of Environmental Quality
Written by Brian Wang, Nextbigfuture.com
Brian Wang is a Futurist Thought Leader and a popular Science blogger with 1 million readers per month. His blog Nextbigfuture.com is ranked #1 Science News Blog. It covers many disruptive technology and trends including Space, Robotics, Artificial Intelligence, Medicine, Anti-aging Biotechnology, and Nanotechnology.
Known for identifying cutting edge technologies, he is currently a Co-Founder of a startup and fundraiser for high potential early-stage companies. He is the Head of Research for Allocations for deep technology investments and an Angel Investor at Space Angels.
A frequent speaker at corporations, he has been a TEDx speaker, a Singularity University speaker and guest at numerous interviews for radio and podcasts. He is open to public speaking and advising engagements.
49 thoughts on “Ransomeware Attack Shuts Key East Coast Gas Pipeline”
Jared, well, talking of ransomware and how hackers use those cybercrime tools recently, I think that they should be more careful. I can recommend you this article for reading ( url: https://www.noirdotnews.com/news/tesla-ransomware-hacker-pleads-guilty-swiss-hacktivist-charged-for-fraud/ ), to understand how easy it can be to detect hackers and people who want to get some money from famous companies, like Tesla.
Aha, you're right about it.
Yep, you're right about it.
Air gap or run everything by hand
I think it's time to stop allowing these hitech criminals to get away with this behavior. Let's disincentivize the behavior by modifying the penalty. Hitech criminals should receive a ball peen hammer massage to their hands for second offense one hand amputated. Shouldn't take long to see behavior change.
My initially confused reading of US news indicates that there are currently two separate pipelines under attack. One by a mysterious hacker group and one by the state of Michigan.
Hmm – or maybe they demonstrate to the public just how important fossil fuel pipelines are to their daily lives and so they shouldn't oppose building them?
Next time there is a war, just re-embody them and draft them into punishment battalions.
Given that Iran is a client state of both countries…
Iran is no greater danger in cyber than China or Russia. The same rules should apply to them as well though.
There has to be a price to pay, some kind of deterrent, for countries that actively coordinate and harbor these kinds of attacks. They are a military and economic attack by any definition. If there is no deterrent, there is no cost to the countries promoting it. You are doing the same as leaving your front door unlocked with a sign that there is no police presence, no difference.
You are placing your government employees in danger to intelligence coercion and infiltration. You are leaving your military secrets open to being exposed, from technologies to troop movements. You are leaving your economy open to utter ruin and extortion. You are failing the number one responsibility of any government, to protect the country and its citizens, a governments entire reason and justification for existence.
You cannot expect every company in the country to handle their own defense against state backed actors. That simply is not realistic. We either need to go with Network Sovereignty the way China did, or make sure that any countries leadership that promotes these attacks pays a harsh price, and probably both.
Yep, that's probably a gateway crime.
I'm also mildly amused by the thought of some futuristic society trying to figure out what to do with all these frozen heads of serial killers we left for them.
How many millions did they demand? How many members of Darkside are there? Would offering a million apiece for them to be delivered to Interpol or meet with unfortunate accidents be overkill?
One thing about Russia being a relatively lawless society. There are doubtless people that would be sorely tempted. What if someone in Darkside wanted to collect on a bunch of his cohorts, perhaps for less money, but get their own bounty removed? Why that might be doable, too.
I agree with the call for the harshest of punishments for people who sabotage vital infrastructure. Particularly transport infrastructure.
I'm thinking of public whippings for people who smash glass on bike paths.
Criminals that would employ ransomware against a hospital, or a major piece of infrastructure, are psychopaths. People could die from such actions. If capital punishment is off the table, then life imprisonment would seem the only alternative. Yet life imprisonment, for a human, is a terrible thing in its own right, some would argue that even execution can be kinder.
We can consider that people that do such terrible things as to necessitate capital punishment, or life imprisonment, have a serious mental disorder. It is also apparent that, with our existing technology, we cannot cure it. Yet there is a solution. People with medical problems that are currently incurable can and do have themselves cryogenically frozen against the day when medical technology has improved to the point where they can be recovered from the frozen state, and their medical issue resolved.
Many even believe that simply freezing the head is sufficient, as future medical technology on such a level should be able to provide a new body.
At last we have a method that is both cheaper and more humane than either capital punishment or life imprisonment (not a kind thing either) for criminals that would be too dangerous to society to ever be released without first being cured.
Gerald Bull concurs.
My server logs say Iran. Far more of the intrusion attempts I see come from Iran.
You think that the US military will be "getting visits" from East European criminal gangs?
I'd suspect that the gangs would lose such a confrontation.
No biggie. 2 weeks to slow the spread of the virus.
There's a reason that shutting off the tractor beam in a star destroyer requires you to physically dodge past storm troopers to get to an actual switch, rather than just letting your R2 unit plug into the nearest wall port.
Do you mean we will be overcome?
Otherwise I can't reconcile your first two sentences with your third.
Unless Brian's updated the article since you read it, they very clearly say that there were no critical control systems connected to the network.
The only bit hacked was
But, you know, if they close everything down then next year they get a larger IT budget, so…
Colonial has a huge right of way for it's pipelines. It should have it's own intranet for operations. Presumably, it uses VPNs, but this happens.
The Colonial pipelines run about a mile from where I write this. When the pipeline has problems, we have problems. There just is no good way to get gasoline this far inland on the east coast.
In 2006 three hurricanes shut down the pipelines, and tank farm inventory was emptied. Sometimes there was no fuel at any price. It was like the 1970s oil embargo, lines around the block.
Probably some worker who clicked on a pop-up. lol
Click HERE to update your anti-virus software
That sounds exactly like the internet protocol china is proposing as a replacement for IP protocol called "New IP", by the way.
One time pads are for bypassing cryptographic algorithms. I assure you these hackers are not compromising crypto algorithms, but are attacking at either a systems level or directly at the people involved (social engineering).
We just need a second Internet with much more sophisticated protocols and no lines in from other countries or the regular Internet. Something that can't fake some other origin. If someone is attempting to mess with it, it is immediately traceable. Every turn it takes in the system is recorded in multiple locations, and all previous movements verified.
Then every transport/energy/water company does not have to run a dedicated line.
Critical systems need to be isolated and on some other network rather than the Internet. Anything that employees can come in and stick thumb drives in or email with or otherwise access the Internet need to be completely isolated from the more critical stuff. That means power lines, reactors, other generation systems/electrical switching, voltage step down stuff, traffic lights, drawbridges, rail switching, water treatment, aqueducts, air traffic control, 911, military stuff, police dispatch, hospital records, prescriptions and such…and probably a hundred other things, I did not think of.
And when there is widespread autonomous driving, we need protections that keep people safe from hackers. One-time pad might be a way to secure the cars from unauthorized "updates". https://en.wikipedia.org/wiki/One-time_pad
⚠️ Which operating system did the malware exploit ?
content factories, ghost writing farms, WoW MMPORG levelUp drones, review assembly lines… this is the underbelly of Turk operations…
agreed. hacking and those trying to profit off/ scare away/ undermine tech from the threat have been around for 50 years…
witness a movie selection:
10. Tron (1982)
9. The Italian Job (1969)
8. Citizenfour (2014)
7. Die Hard (1988)
6. The Matrix (1999)
5. WarGames (1983)
4. Sneakers (1992)
3. The Girl with the Dragon Tattoo (2011)
2. Hackers (1995)
1. Mr. Robot (TV Series 2015-2019)
Independence Day (1996)
Jurassic Park (1993)
Mission: Impossible (1996)
Open Windows (2014)
Terminator 2: Judgement Day (1993)
won't get the genie back in that bottle.
too convenient. too useful. too versatile.
We will overcome.
amazon reviews are the most fake news ever – who pays attention to these and who supports those who write them… bizarre
interesting that the now expanding network of personal monitoring devices are now being pinpointed – watches, home security kits, car starters/ remotes… wasn't there a horror movie about the 'attack of the devices…"
global acts of terrorsim happen everyday.
Nervous nellies make it worse.
obvious Chicken Little response.
panic and alarmism are their fuel.
very localized with a slim group of users. easy to upgrade – software fix only likely required.
wo wo. Many things are being thwarted, controlled, and subverted – which could yield data, scams, and misinformation later.
Even big name tech giants…
agreed. The data dumps never cease.
…the big whale too…
Want to fix the problem in a simple manner? Important and/or critical infrastructure should NEVER be networked. Never.
unfortunately many common citizens fall to these and this sustains them..
Agreed. not an issue. many are teenagers and non-professionals – protected temporarily only by their anonymity, but ultimately vulnerable — probably even without allegiance or support base – will turn on anyone for cash or fun. Western Government systems and major companies have very robust protections and redundancy. Ongoing cryptography is becoming essentially uncrackable by all except the most costly and scarce systems with much success based on local 'assistance'. Some sub-contractors and smaller firms may still be a bit vulnerable. The only real losses are with espionage and counter-espionage — learning what spooks are where and how is just a make-work exercise — disposable assets on all sides.
The amusing thing would be that these 'threats' are only valuable in their inability to be tracked, which makes them difficult to rein in if they go rogue. Easy answer: just out-bid the current anti-western system and 'turn' these hackers. At the end of the day, the living arrangements of these hackers are likely miserable or fraught with threat. No one wants to live that way, stimulated only by increased cred and infrequent bonuses. Incentivize positively and win.
"…In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, …"
over-reaction. Many major media outlets didn't even carry this story. So some passwords fell into Bad Hands. Access does not mean control. Re-set and ensure normal protocols like every minimally functional business/ personal entity: change p/w frequently, limit those who have access, back-ups and redundancies. The only people who have reason to fear ransomware are those where the value of access is not as important as the actual release of the information. …and minimally functional entities encrypt that so it cannot be used outside of the home database. The only issue is the exposure of some of the out-dated and lax facilities that need to be beefed up – perhaps a rude but necessary wake-up call.
The US is FAR more susceptible to cyberattacks than Russia, and I suspect Russian hackers are better at it than our intelligence agency hackers – who I expect are pretty damn good. A cyberwar between us would not go well for the US.
Companies need to learn from this and tighten their security. Find ways to be less susceptible, even if it isn't the cheapest off-the-shelf solution.
Better it happen now and encourage them to toughen up their cybersecurity, than during an active war.
Most of these groups are based in Russia, where they are not accessible. For the ones who are not, backtracking them to their hideouts with spec ops teams, garnishing all the information on their hard drives, move the personnel to off site where they are interrogated and a bullet in the head for any of them withholding information should be on the table. Deterrence after actions like this will stop a lot of attacks.
It may also be overdue to go after Russian infrastructure in the same manner, using their tactic of plausibly deniable groups with no government affiliations of course. Shutting off the power in the winter for an entire city, etc. Maybe shutting off the water to a couple nuclear plants would shake them awake. Compromising government computers and exposing his intelligence teams and actions in other countries. So far Putin has been able to have his cake and eat it too. Maybe it is time to shove his face in it.
There has to be a cost, or we're just weak and rolling over to expose our bellies. Reagan would never have tolerated these actions against us.
I'm in favor of the Mossad technique: use intelligence and spies to find the heads and operatives of these para-governmental groups and make them a friendly visit in real life, to have a strong worded chat in person, wherever they are and don't ever forget about them, even if years pass.
That will reduce their belief they are safe, and do wonders to reduce their desire of playing the smarty pants hacker.
They want to play war? give it to 'em.
Putin: keep calling me a murderer.
Comments are closed.