US fuel pipeline hackers reveal their motive

The hackers behind the ransomware attack on the largest pipeline operator in the US, Colonial Pipeline, have revealed the motive behind the data theft.

According to a statement released by DarkSide, the hacking group responsible for the attack, the cyber criminals were not planning to create issues for the general public. The hackers went on to maintain that their goals were purely financial and that the hacking group was "apolitical" and not state-backed.

“Our goal is to make money, and not creating [sic] problems for society,” hackers stated in a post on their website, adding that there is no "need to tie” them with any particular government. The hacking group had been suspected to be supported by a Russian or other post-Soviet state due to their history of targeting US organisations.

DarkSide pledged to carry out checks on fellow cyber criminals "to avoid consequences in the future” similar to the one’s created by their attack on Colonial Pipeline, which took place late last week.

The pipeline operator has released a new statement confirming that its services will remain inactive for another few days and that it will attempt to restore them in a phased approach:

“This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week,” the company announced.

Colonial Pipeline's website is currently inaccessible due to a 502 Bad Gateway error.

10/05/2021: Ransomware leads to shutdown of US fuel pipeline

A ransomware attack has lead to the shutdown of one of the main fuel pipelines in the US after hackers targeted the networks of Colonial Pipeline.

The company, which manages 45% of the US east coast’s fuel supplies, was forced to suspend 5,500 miles of pipeline between Texas and New York after falling victim to a double-extortion scheme carried out by the DarkSide ransomware group.

DarkSide, which is believed to be based in a post-Soviet country, is known for targeting US organisations. The group recently made headlines for selling information about their ransomware attacks to stock traders, and months earlier, it attempted to donate around $20,000 in stolen Bitcoin to charity before the donations were refused.

Last Thursday, DarkSide managed to obtain almost 100GB of data from Colonial Pipeline’s network, before locking computers with ransomware and demanding payment, two people involved in the investigation told Bloomberg. This forced the fuel operator to shut down operations on Friday, with the incident being confirmed by the company on Saturday.

“On May 7, Colonial Pipeline Company learned it was the victim of a cyber security attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” Colonial Pipeline stated.

“Leading, third-party cybersecurity experts were also immediately engaged after discovering the issue and launched an investigation into the nature and scope of this incident. We have remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the Federal Government response,” it added.

The Biden administration announced an emergency loosening of regulations for the transport of petroleum products on highways, with the Department of Transportation issuing a temporary waiver to enable oil products to be shipped in tankers up to New York.

However, government cyber security expert at Nominet, Steve Forbes, warned that “the attack on Colonial is likely to have a ripple effect across the globe”.

“While the demand for oil across the US east coast is evident, the fact that this is already impacting the financial markets and traders, demonstrates that it really is the tip of the iceberg. That’s not to mention the fact that the severity of this breach will worsen if confidential information is leaked, as the group has threatened. Being able to take systems offline and begin a process of restoration is undeniably important, but there is an additional threat if this data is exposed. It underlines the importance of international collaboration to bring down these highly coordinated groups early in their development if we want to protect our critical services,” he told IT Pro.

“As we watch the domino effect of this cyber attack, it is very apparent that impact is not limited to systems and software - victims will come in all shapes and sizes, from industries to individuals,” added Forbes.

Earlier this year, a water treatment facility in Florida was targeted in a failed attempt to poison the water supply after hackers attempted infiltrated a water treatment facility and ramped up the Sodium Hydroxide (NaOH) levels. The computer systems of a water treatment facility, located in the city of Oldsmar, Florida, were remotely breached twice on 5 February.