U.S. locks in on the “mastermind” of oil pipeline

Due to ransomware attacks on important fuel pipeline systems, the US government declared a “state of emergency”. A few days later, the incident is still fermenting. The US Federal Bureau of Investigation (FBI) has determined that the hackers behind the scenes are a hacker organization called the “dark side”. The organization issued a statement saying that they are only for “making money” and do not want to create “social problems.” As the relevant pipelines are too critical, the fuel crisis in some parts of the United States has intensified, and the Americans who are just catching up with the vaccine are going out, some US media have called “too bad”. This was the largest hacking incident against oil facilities in the history of the United States. After the incident, Washington mobilized all resources to deal with possible consequences, and public opinion began to reflect on why the United States was so fragile. “A group of cyber pirates can destroy the fuel artery of the East Coast. This fact should bring shock waves to the entire United States.” Some media wrote.

“Dark Side”: We just want to “make money”

On the 10th, the FBI issued a statement stating that it confirmed that the “dark side” ransomware was responsible for the network attack on the Colonier (formerly translated “colony”) pipeline transportation company. The FBI also issued emergency alerts to power companies, natural gas suppliers, and other pipeline operators, asking them to pay attention to similar hacking codes.

Last Friday, Colonel, the largest oil product pipeline operator in the United States, was attacked by hackers. Nearly 100GB of data was grabbed and some computers and servers were locked. As this 8,850-kilometer pipeline provides 45% of the fuel consumed on the East Coast, the eastern United States suddenly encountered a fuel crisis. On the 9th, the US government declared a state of emergency.

“Global Times” reporters noticed that Americans have recently gone to gas stations to refuel, and reporters have also hurried to go. While queuing, a woman complained: “It’s a misfortune. The rising gas price is very disturbing.” Another said: “I have four people and four cars in my family. They are all queuing now. Look at the refueling team here. When did it have such a scale?” A white man said, “It’s shameful that such a big company was paralyzed by hackers. Biden must solve this matter this week, otherwise it would be too incompetent.”

According to the Wall Street Journal, the US energy market fluctuated due to pipeline disruptions. New York gasoline futures prices rose 0.3% on the 10th to US$2.13 per gallon. Right now is when the newly vaccinated Americans are preparing to travel. If the suspension is longer, it may further push up fuel prices.

According to a report from the US “Axios” on the 11th, because the victim was too special this time, the Biden administration can be said to have mobilized all resources. The White House is also monitoring fuel shortages in parts of the southeast and assessing every action it can take. In addition to lifting various restrictions on road transportation fuel, the administrative department temporarily cancelled the clean fuel requirements of the eastern three states and the capital on the 11th.

According to the New York Times, this past weekend, the White House held an emergency meeting to try to clarify whether the incident was a purely criminal act or was secretly supported by Russia or other countries. Intelligence officials said that the “Dark Side” organization began to deploy this ransomware in August last year, and its location is in Eastern Europe, possibly Russia.

On the 10th, Biden stated that intelligence personnel had no evidence that Russia was involved in the incident, but there was evidence that the perpetrators of the ransomware were in Russia, and Moscow “is responsible for this matter.”

According to a statement made by the “Dark Side” organization on the 10th, their purpose is to “make money”, “not to create problems for society.” The statement did not mention the amount of ransom, nor did it mention the Colonial Company, but said that it would restrain colleagues to “avoid future social consequences.” The statement also stated that the organization “does not involve politics and does not participate in geopolitics.”

Russia: Resolutely denies the allegations

“Ransomware is a very active type of malicious code and attacks in recent years.” Xiao Xinguang, vice chairman of China Cyberspace Security Association and chief technical architect of Antiy Technology Group, said in an interview with a reporter from “Global Times” that the attacker passed Widespread or targeted implantation, etc., implant the ransomware into the attacked party’s system, encrypt information such as documents or databases, and obtain the decryption key after the user pays a ransom (mostly virtual currency such as Bitcoin). In addition, exposure of threats after stealing user data is a new feature of ransomware attacks in recent years.

Since the attack, Colonier’s pipeline transportation system has continued to be offline. This is a preemptive measure to prevent the spread of malware. The company said on the 10th that it hopes to basically resume suspended services this weekend. The company did not say whether to pay the ransom or negotiate with the hacker organization.

Bloomberg said on the 11th that in past cyber attacks, some companies chose not to pay the ransom, even if they were under tremendous pressure. In 2019, after the Norwegian company “NorskHydro” was blackmailed, it chose not to contact hackers, and this decision is likely to greatly increase the cost of the company’s recovery from the attack.

According to Reuters and other media reports, although the “dark side” is a new organization and little known, it has professional hackers and is highly organized, and even has its own “news center” and “code of conduct.” The organization stated on its website that they have made millions of dollars from extortion in the past, and there are some unpaid victim data on the page as examples.

The British “Financial Times” quoted a researcher from Kaspersky, an information technology security company, as saying on the 10th that the purpose of the “dark side” is to create as many incidents as possible in the online world, so that more media will pay attention to the public. Spread the fear of the “dark side”, prompting the next victim to pay a ransom for peace of mind.

It is worth mentioning that the Voice of America said on the 11th that Anne Newberg, deputy assistant to the president for cyber affairs, said that the US intelligence agency is investigating whether the hackers have links with the Russian government or other countries. The media then stated that Biden signed an executive order in mid-April to impose sanctions on Russia and counterattack Moscow’s interference in the US election and cyber attacks.

According to TASS News Agency, Russian President’s Press Secretary Peskov stated on the 11th, “We firmly do not accept any accusations against us. We still regret that the United States refuses to cooperate with us in responding to cyber threats.” The Russian Embassy in the United States also” Resolutely deny the unfounded fabrication by individual reporters,” saying that the US has the opportunity to directly contact the Russian National Computer Incident Coordination Center, but has not received information about the request.

US media: “The United States is more fragile than people think”

According to the New York Times, this incident exposed the significant vulnerability of key energy pipelines in the United States, and hackers have become more unscrupulous in key infrastructure areas such as power grids, pipelines, hospitals and water treatment facilities. According to the article, cyber insurance has made many companies and government agencies mature targets for criminal gangs because criminal gangs believe that their targets will pay. Cryptocurrency makes ransom payments more difficult to track. Biden is expected to announce an executive order in the next few days to strengthen cyber defense capabilities.

“Colonier is not the first to be attacked by cyber hackers, and it will never be the last.” CNN said that everyone has witnessed the epidemic threatening the supply chain, climate change has caused abnormal weather to threaten the power grid, and hackers have become brazen. This year alone, more than 20 government agencies in the United States have been attacked. Not long ago, the Secretary of Homeland Security gave a speech at the American Chamber of Commerce to warn of these attacks. He said that due to ransomware attacks, the ransom paid last year exceeded 350 million U.S. dollars. Compared with the previous year, the frequency of ransomware attacks has more than tripled.

Robert Lee, CEO of Dragos Cybersecurity, believes that all industries are now undergoing some form of digital transformation, which means that they are becoming more interconnected and using cloud resources and other things, which allows the enemy to Enter the system and hurt them. “The real question is how we can react more vigorously and be more resilient.”

US Secretary of Transportation Buttigieg took the opportunity to promote Biden’s “employment plan”, saying that infrastructure means more than roads and bridges. “Having excellent and modern infrastructure has always been a national security matter.” He told MSNBC of the United States. “Part of what makes the United States safe is that we are one step ahead of other countries in the world in technology and innovation… These are all in employment. In the plan.”

However, “Forbes” magazine commented that cyber warfare is the war of the future, and the United States is more fragile than people think. Partisanship should not be allowed to weaken the United States’ ability to fill loopholes. Some critics believe that there is a lack of cybersecurity funding in Biden’s infrastructure plans. This is not a problem that can be solved by spending alone.