Oh, this just keeps getting better and better!
Found out today that pipeline operators don’t have the same security requirements that electricity grid operators in the U.S. do. Something that Congress should fix, and surely they will get right on that, right after they figure out how to send a fax.
And while Colonial’s business operations were hacked, and they "shut down pipeline operations out of an abundance of caution, their pipeline control systems were unaffected. According to the cyber security journalist Kim Zetter, CNN, the NY Times, and others “Colonial Pipeline pre-emptively shut down its pipeline operations to keep the ransomware from spreading and because it had no way to bill customers with its business and accounting networks offline.” (emphasis mine)
https://twitter.com/KimZetter/status...188763648?s=20
So Colonial couldn’t figure out how to get paid for the oil they were pumping and shut off the spigot. Thanks dicks. Not surprising considering they failed security audits they commissioned recently, and rather than having a dedicated Chief Information Security Officer, they made the CIO that responsible for that (not really how that should work in today's world).
As for DarkSide, it/they basically work as a ransomware-as-a-service where vetted cybercriminals (I don’t know how you prove your credentials), can then use the already developed ransomware to infect companies, and then DarkSide helps carry out negotiations, deals with receiving payments from victims, and then distributes the profits. Take a look at the screen shots from their operations - it's crazy!
https://krebsonsecurity.com/2021/05/...ng/#more-55529 (Krebs does a ton of cybersecurity work, and has helped take some of these a-holes down)
DarkSide says it targets only big companies, and forbids “affiliates” from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector and non-profits, and would introduce “moderation” policies in the future.
Good and moral criminals! Heartwarming to say the least.
And then on May 14, DarkSide said they’ve rolled up operations after their servers were seized and accounts emptied. They also released decryption tools for everyone who was currently infected but hadn’t finished their negotiations. My guess is the heat was too much, they cashed out, and are doing a bit of hiding right now.
https://krebsonsecurity.com/2021/05/...-stash-seized/
Interesting comments.
Do you happen to know the primary regulatory authorities for the petroleum pipelines and for the US electrical industry?
I ask because the general thrust of the M4C crowd is .Gov regulation bad. The basis for federal gun regulation and federal energy regulation is both based on the taxation function, based on the nexus of interstate commerce. So are you all in the National Firearms Act as well?
What about the ownership of Colonial Pipeline? - noting that it is a privately-held corporation, e.g., not publicly traded. What’s your hot take on federal government regulation of the cybersecurity of your barber? Koch Industries (which is a co-owner of Colonial)? Publix grocery stores?
Electrical industry falls under DOE. Pipelines seem to fall (weirdly) under TSA. CISA, the Cybersecurity and Infrastructure Security Agency tries to coordinate the obvious for them.
I'm not sure what NFA has at all to do with this. And no, I'm not "all in for it". Not sure where you're getting that from.
While I generally am with the "Gov regulation bad", that doesn't mean they have zero role. Specifically, safety of critical national infrastructure like energy (nuclear comes to mind), and pipelines in particular might need some oversight. It's not like they've never poured oil out into people's drinking water (Yellowstone River 2015 and others), or flat out exploded (2010 natural gas pipeline in San Bruno, CA) demolishing whole neighborhoods. Actually, this might fall under the whole "provide for the common defense" roll of the federal government, but the size of their role could certainly be debated.
While it's not publicly traded (not that I know why that makes a difference), as far as I understand it is more of a consortium of different companies. And again, not sure who owns the pipeline makes a difference. This isn't a government takeover of it, but making sure that the operators keep a tidy network, which they certainly have not.
I don't think the barber analogy works particularly well, as my barber's network going down isn't going to disrupt gasoline or heating oil deliveries from the Gulf of Mexico to Maine.
What if this whole crusade's a charade?
And behind it all there's a price to be paid
For the blood which we dine
Justified in the name of the holy and the divine…
TSA Surface division. Since it deals with transportation (Throughout US and Canada into the US) they are the ones tagged with handling it. There is a giant game of politics going on with DoE/FREC wanting to take it over. I suspect mainly for the $$ and so they can regulate everything.
Love you Pop. F*ck Cancer.
Bookmarks