Page 8 of 8 FirstFirst ... 678
Results 71 to 79 of 79

Thread: Pipeline cyber attack

  1. #71
    Join Date
    Feb 2011
    Posts
    903
    Feedback Score
    0
    Quote Originally Posted by thepatriot2705 View Post
    Apparently colonial paid the hackers 90 million in bitcoin. Guess it’s open season on our infrastructure
    Can you help me out on source for the $90 million figure - assuming you meant US dollars?
    Published reports to date had the cost around $5m.
    $90m sounds like the operational cost of the entire pipeline for a year or EBITDA.

  2. #72
    Join Date
    Jun 2015
    Location
    Georgia
    Posts
    3,097
    Feedback Score
    2 (100%)
    Quote Originally Posted by thepatriot2705 View Post
    If you read the article, it says the group received a TOTAL of $90M in ransome payments, but only $5M from Collonial.
    “You have made us for yourself, O Lord, and our heart is restless until it rests in you.” -Augustine

  3. #73
    Join Date
    Apr 2012
    Posts
    795
    Feedback Score
    6 (100%)
    Oh, this just keeps getting better and better!

    Found out today that pipeline operators don’t have the same security requirements that electricity grid operators in the U.S. do. Something that Congress should fix, and surely they will get right on that, right after they figure out how to send a fax.

    And while Colonial’s business operations were hacked, and they "shut down pipeline operations out of an abundance of caution, their pipeline control systems were unaffected. According to the cyber security journalist Kim Zetter, CNN, the NY Times, and others “Colonial Pipeline pre-emptively shut down its pipeline operations to keep the ransomware from spreading and because it had no way to bill customers with its business and accounting networks offline.” (emphasis mine)

    https://twitter.com/KimZetter/status...188763648?s=20

    So Colonial couldn’t figure out how to get paid for the oil they were pumping and shut off the spigot. Thanks dicks. Not surprising considering they failed security audits they commissioned recently, and rather than having a dedicated Chief Information Security Officer, they made the CIO that responsible for that (not really how that should work in today's world).

    As for DarkSide, it/they basically work as a ransomware-as-a-service where vetted cybercriminals (I don’t know how you prove your credentials), can then use the already developed ransomware to infect companies, and then DarkSide helps carry out negotiations, deals with receiving payments from victims, and then distributes the profits. Take a look at the screen shots from their operations - it's crazy!

    https://krebsonsecurity.com/2021/05/...ng/#more-55529 (Krebs does a ton of cybersecurity work, and has helped take some of these a-holes down)

    DarkSide says it targets only big companies, and forbids “affiliates” from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector and non-profits, and would introduce “moderation” policies in the future.

    Good and moral criminals! Heartwarming to say the least.

    And then on May 14, DarkSide said they’ve rolled up operations after their servers were seized and accounts emptied. They also released decryption tools for everyone who was currently infected but hadn’t finished their negotiations. My guess is the heat was too much, they cashed out, and are doing a bit of hiding right now.

    https://krebsonsecurity.com/2021/05/...-stash-seized/

  4. #74
    Join Date
    Feb 2007
    Location
    Herndon,VA
    Posts
    1,096
    Feedback Score
    11 (100%)
    Quote Originally Posted by jbjh View Post
    My guess is the heat was too much, they cashed out, and are doing a bit of hiding right now.

    https://krebsonsecurity.com/2021/05/...-stash-seized/
    Maybe the Russian government was finished with there useful idiots and achieved there objective against the US. (Higher oil prices for more cash into Russia, Biden looks week again, Russia full steam ahead with their pipeline to Europe)

  5. #75
    Join Date
    Feb 2011
    Posts
    903
    Feedback Score
    0
    Quote Originally Posted by jbjh View Post
    Oh, this just keeps getting better and better!

    Found out today that pipeline operators don’t have the same security requirements that electricity grid operators in the U.S. do. Something that Congress should fix, and surely they will get right on that, right after they figure out how to send a fax.

    And while Colonial’s business operations were hacked, and they "shut down pipeline operations out of an abundance of caution, their pipeline control systems were unaffected. According to the cyber security journalist Kim Zetter, CNN, the NY Times, and others “Colonial Pipeline pre-emptively shut down its pipeline operations to keep the ransomware from spreading and because it had no way to bill customers with its business and accounting networks offline.” (emphasis mine)
    Interesting comments.
    Do you happen to know the primary regulatory authorities for the petroleum pipelines and for the US electrical industry?

    I ask because the general thrust of the M4C crowd is .Gov regulation bad. The basis for federal gun regulation and federal energy regulation is both based on the taxation function, based on the nexus of interstate commerce. So are you all in the National Firearms Act as well?

    What about the ownership of Colonial Pipeline? - noting that it is a privately-held corporation, e.g., not publicly traded. What’s your hot take on federal government regulation of the cybersecurity of your barber? Koch Industries (which is a co-owner of Colonial)? Publix grocery stores?

  6. #76
    Join Date
    Apr 2012
    Posts
    795
    Feedback Score
    6 (100%)
    Quote Originally Posted by HardToHandle View Post
    Interesting comments.
    Do you happen to know the primary regulatory authorities for the petroleum pipelines and for the US electrical industry?

    I ask because the general thrust of the M4C crowd is .Gov regulation bad. The basis for federal gun regulation and federal energy regulation is both based on the taxation function, based on the nexus of interstate commerce. So are you all in the National Firearms Act as well?

    What about the ownership of Colonial Pipeline? - noting that it is a privately-held corporation, e.g., not publicly traded. What’s your hot take on federal government regulation of the cybersecurity of your barber? Koch Industries (which is a co-owner of Colonial)? Publix grocery stores?
    Electrical industry falls under DOE. Pipelines seem to fall (weirdly) under TSA. CISA, the Cybersecurity and Infrastructure Security Agency tries to coordinate the obvious for them.

    I'm not sure what NFA has at all to do with this. And no, I'm not "all in for it". Not sure where you're getting that from.

    While I generally am with the "Gov regulation bad", that doesn't mean they have zero role. Specifically, safety of critical national infrastructure like energy (nuclear comes to mind), and pipelines in particular might need some oversight. It's not like they've never poured oil out into people's drinking water (Yellowstone River 2015 and others), or flat out exploded (2010 natural gas pipeline in San Bruno, CA) demolishing whole neighborhoods. Actually, this might fall under the whole "provide for the common defense" roll of the federal government, but the size of their role could certainly be debated.

    While it's not publicly traded (not that I know why that makes a difference), as far as I understand it is more of a consortium of different companies. And again, not sure who owns the pipeline makes a difference. This isn't a government takeover of it, but making sure that the operators keep a tidy network, which they certainly have not.

    I don't think the barber analogy works particularly well, as my barber's network going down isn't going to disrupt gasoline or heating oil deliveries from the Gulf of Mexico to Maine.

  7. #77
    Join Date
    Dec 2008
    Posts
    9,904
    Feedback Score
    16 (100%)
    Quote Originally Posted by jbjh View Post
    Electrical industry falls under DOE. Pipelines seem to fall (weirdly) under TSA. CISA, the Cybersecurity and Infrastructure Security Agency tries to coordinate the obvious for them.

    I'm not sure what NFA has at all to do with this. And no, I'm not "all in for it". Not sure where you're getting that from.

    While I generally am with the "Gov regulation bad", that doesn't mean they have zero role. Specifically, safety of critical national infrastructure like energy (nuclear comes to mind), and pipelines in particular might need some oversight. It's not like they've never poured oil out into people's drinking water (Yellowstone River 2015 and others), or flat out exploded (2010 natural gas pipeline in San Bruno, CA) demolishing whole neighborhoods. Actually, this might fall under the whole "provide for the common defense" roll of the federal government, but the size of their role could certainly be debated.

    While it's not publicly traded (not that I know why that makes a difference), as far as I understand it is more of a consortium of different companies. And again, not sure who owns the pipeline makes a difference. This isn't a government takeover of it, but making sure that the operators keep a tidy network, which they certainly have not.

    I don't think the barber analogy works particularly well, as my barber's network going down isn't going to disrupt gasoline or heating oil deliveries from the Gulf of Mexico to Maine.
    Just FYI, everything the pipelines do with TSA is through cooperative agreements. There are currently no regulatory requirements under 49 CFR for pipelines.
    What if this whole crusade's a charade?
    And behind it all there's a price to be paid
    For the blood which we dine
    Justified in the name of the holy and the divine…

  8. #78
    Join Date
    Jun 2006
    Location
    USA
    Posts
    3,151
    Feedback Score
    7 (100%)
    Quote Originally Posted by jbjh View Post
    Electrical industry falls under DOE. Pipelines seem to fall (weirdly) under TSA. CISA, the Cybersecurity and Infrastructure Security Agency tries to coordinate the obvious for them.

    I'm not sure what NFA has at all to do with this. And no, I'm not "all in for it". Not sure where you're getting that from.

    While I generally am with the "Gov regulation bad", that doesn't mean they have zero role. Specifically, safety of critical national infrastructure like energy (nuclear comes to mind), and pipelines in particular might need some oversight. It's not like they've never poured oil out into people's drinking water (Yellowstone River 2015 and others), or flat out exploded (2010 natural gas pipeline in San Bruno, CA) demolishing whole neighborhoods. Actually, this might fall under the whole "provide for the common defense" roll of the federal government, but the size of their role could certainly be debated.

    While it's not publicly traded (not that I know why that makes a difference), as far as I understand it is more of a consortium of different companies. And again, not sure who owns the pipeline makes a difference. This isn't a government takeover of it, but making sure that the operators keep a tidy network, which they certainly have not.

    I don't think the barber analogy works particularly well, as my barber's network going down isn't going to disrupt gasoline or heating oil deliveries from the Gulf of Mexico to Maine.
    TSA Surface division. Since it deals with transportation (Throughout US and Canada into the US) they are the ones tagged with handling it. There is a giant game of politics going on with DoE/FREC wanting to take it over. I suspect mainly for the $$ and so they can regulate everything.
    Love you Pop. F*ck Cancer.

  9. #79
    Join Date
    Apr 2012
    Posts
    795
    Feedback Score
    6 (100%)
    Quote Originally Posted by Voodoochild View Post
    TSA Surface division. Since it deals with transportation (Throughout US and Canada into the US) they are the ones tagged with handling it. There is a giant game of politics going on with DoE/FREC wanting to take it over. I suspect mainly for the $$ and so they can regulate everything.
    Or just that TSA sucks and everyone is pretty sure they’d make the pipeline strip for a cavity search.


    Sent from 80ms in the future

Page 8 of 8 FirstFirst ... 678

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •