ENER Breaking: Alpharetta based Colonial Pipeline shuts down gas lines after cyberattack - FBI says Russia Russia Russia

jward

jward

passin' thru
William Turton
@WilliamTurton



NEW: (w/
@jordanr1000
) A small group of private companies, with help from several U.S. agencies, disrupted the cyber-attacks against Colonial Pipeline by taking down key servers being used by the hackers https://bloomberg.com/news/articles/2021-05-10/cyber-sleuths-blunted-pipeline-hack-choked-data-flow-to-russia?sref=ylv224K8
via
@technology

Cybersecurity


Cyber Sleuths Blunted Pipeline Hack, Choked Data Flow to Russia
By
Jordan Robertson
and
William Turton

May 10, 2021, 5:25 PM CDT

  • Private sector, U.S. effort took down servers, recovered data
  • Colonial information hadn’t been sent to Russia when recouped



WATCH: President Joe Biden said Russia has “some responsibility” to address a ransomware attack that crippled the Colonial fuel pipeline.


A small group of private-sector companies, with help from several U.S. agencies, disrupted ongoing cyber-attacks against Colonial Pipeline Co. and more than two dozen other victims, according to people with knowledge of the matter.
Colonial was able to recover some stolen data because of the intervention, which stopped the flow of stolen data headed to Russia -- believed to be the ultimate destination, according to three people involved with or briefed about the investigation into the breach.


The takedown, which occurred on May 8, was enacted by companies that included operators of U.S.-based servers used by the hackers, the people said. The intervention involved the White House, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and National Security Agency, and shut off key servers used by the hackers, said the people, who requested anonymity because they weren’t authorized to discuss the ongoing investigation.

Colonial was the victim of a ransomware attack last week in which the hackers stole nearly 100 gigabytes of data, a breach that caused the company to shut down operations of the biggest fuel pipeline in the U.S. The hackers were using the servers that were disabled as a repository for storing information before relaying it to computers in Russia, the people said.

But Colonial’s data hadn’t yet been sent, which allowed investigators to retrieve it, the people said.
On Monday, President Joe Biden stopped short of blaming the Kremlin but said “there’s evidence” the hackers or the software they used are “in Russia.”

“They have some responsibility to deal with this,” he told reporters at the White House, after announcing that “my administration will be pursuing a global effort of ransomware attacks.”
Representatives from the White House, FBI, NSA and the Department of Homeland Security, which oversees the Cybersecurity and Infrastructure Security Agency, didn’t immediately respond to a request for comment, nor did the Russian Embassy in Washington.

The takedown represents an unusually swift response to a cyber-attack that’s had an uncommonly large impact, throttling gasoline supplies across the eastern U.S. and threatening a spike in prices.
Besides Colonial, the more than two dozen other victims of the ransomware attacks were across a range of industries, two of the people said. They wouldn’t identify the other victims of the attacks. Reuters previously reported that investigators managed to thwart some of the data theft by taking a cloud server offline and that the server carried data from other ransomware attacks under way.

The White House had pulled together an inter-agency task force to address the breach, including exploring options for lessening the damage, according to an official. Biden can invoke an array of emergency powers to ensure supplies keep flowing to big cities and airports along the East Coast. Alpharetta, Georgia-based Colonial said Monday that it is bringing the Texas-to-New Jersey pipeline back online in stages and intends to have it fully operational by the end of the week.
The FBI confirmed that the attackers used DarkSide ransomware in the attack; others have linked the attack to a ransomware group using the same name. Among the evidence linking the group to Russia is its use of the Russian language and its exclusion of Russian companies as hacking targets, according to cybersecurity experts.

They stole nearly 100 gigabytes of data from Colonial’s network on Thursday before locking up computers with ransomware and demanding payment, Bloomberg reported. Colonial shut down its computer network and the pipeline’s operations while it assessed the damage.
In the aftermath of the takedown, DarkSide issued a statement on the dark web Monday hinting at contrition. “We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Code Wars - Bloomberg

The escalating battle against hackers
www.bloomberg.com www.bloomberg.com













Most Read
  1. markets
    Bitcoin’s Waning Dominance Stirs Warning of Crypto Market Froth
  2. businessweek
    How to Quit Your Job in the Great Post-Pandemic Resignation Boom
  3. technology
    Biggest Crypto Exchange Binance Briefly Stopped Withdrawals
  4. business
    CDC Limits Review of Vaccinated but Infected; Draws Concern
  5. markets
    Gas Stations Run Dry as Pipeline Races to Recover From Hacking







Cybersecurity
 
jward

jward

passin' thru
bloomberg.com

Gas Stations Run Dry as Pipeline Hacking Will Take Days to Fix
Joe Carroll, Andres Guerra Luz, Jill R Shah

9-11 minutes


Gas stations along the U.S. East Coast are starting to run out of fuel as North America’s biggest petroleum pipeline fights to recover from a cyberattack that has paralyzed it for days.
From Virginia to Florida and Alabama, fuel stations are reporting that they’ve sold out of gasoline as supplies in the region dwindle and panic buying sets in. The White House said it was aware of shortages in the Southeast of the country and was trying to alleviate the problem.

Four days into the crisis, Colonial Pipeline Co. has only managed to manually operate a small segment of the pipeline -- as a stopgap measure -- and doesn’t expect to be able to substantially restore service before the weekend. The risk is that by that point drivers or airlines may already be suffering severe fuel shortages, while refineries on the Gulf coast could be forced to idle operations because they have nowhere to put their product.

U.S. average retail gasoline prices have risen to their highest since late 2014 due to the disruption, almost touching $3 per gallon. That could add to broader inflationary pressures as commodity prices from timber to copper also surge.

Biden says Russia has “some responsibility” to address a ransomware attack that crippled the Colonial fuel pipeline.
He stopped short of blaming the Kremlin for the attack but said “there is evidence” the hackers or the software they used are “in Russia” Biden Says Russia Has ‘Some Responsibility’ in Colonial Attack pic.twitter.com/2zge0a873j
— Bloomberg Quicktake (@Quicktake) May 10, 2021
Click to expand...
The Colonial pipeline is the most important conduit to distribute gasoline, diesel and jet-fuel in the U.S., moving the products from the refiners based on the Gulf coast into urban areas from Atlanta to New York and beyond. Each day, it ships about 2.5 million barrels -- more than the entire oil consumption of Germany -- connecting more than 20 refineries with about 200 distribution centers.

The vital conduit has been shut down since late Friday. Without the Colonial pipeline, many cities and airports must seek alternative supplies, either fuel imported by tanker or, if landlocked, relying on trucks.

On Monday, the Federal Bureau of Investigation pointed the finger at a ransomware gang known as DarkSide. While cyberattacks are increasingly used around the world as a weapon against geopolitical rivals, there was no indication that the current crisis could boil over internationally. President Joe Biden stopped short of blaming the Kremlin for the attack, despite some evidence that the hackers or the software they used are “in Russia.”
Russia has no connection to the cyberattack, Kremlin spokesman Dmitry Peskov told reporters on Tuesday.

Dwindling Supplies
Colonial Chief Executive Officer Joe Blount and a top lieutenant assured Deputy Energy Secretary David Turk and state-level officials that the company has complete operational control of the pipeline and won’t restart shipments until the ransomware has been neutralized.

Government officials haven’t advised Colonial on whether it ought to pay the ransom, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said during a briefing.
In the meantime, fuel supplies are dwindling just as the nation’s energy industry was gearing up to meet stronger fuel demand from summer travel. Americans are once again commuting to the office and booking flights after a year of Covid-19 restrictions.

In the first sign of the potential disruption to air travel, American Airlines Group Inc. said it was adjusting two long-haul routes that originate in Charlotte, North Caroline, to add fuel stops. Flights to Hawaii will call in at Dallas-Forth Worth airport, while London-bound aircraft will make a stop in Boston.
Airlines flying out of Philadelphia International Airport are burning through jet-fuel reserves and the airport has enough to last “a couple of weeks,’ a spokeswoman said.

The U.S. East Coast is losing around 1.2 million barrels a day of gasoline supply due to the disruption, according to a note from industry consultant FGE.

In Asheville, North Carolina, Aubrey Clements, a clerk at an Exxon Mobil Corp. station answered the phone with “Hello, I’m currently out of gas.” The Marathon gas station in Elizabethtown, North Carolina, had roughly two dozen cars waiting to fuel up, said an employee there.
Gas Stations Running Dry As Hacked Pipeline Tries To Restart

A "fuel out" sign at a Marathon gas station in Elizabethtown, North Carolina, U.S., on May 10.
Photographer: Andrew Sherman/Bloomberg
Drivers pulling into a station with a sign offering unleaded gasoline for $2.649 per gallon in Manning, South Carolina, were met with pumps covered in yellow and red “out of service” bags. An estimated 7% of gas stations in the state of Virginia were out of fuel as of late Monday, according to GasBuddy analyst Patrick DeHaan.

In an 18-minute virtual meeting, Blount said Colonial is working with refiners, marketers and retailers to prevent shortages, according to a person involved with the meeting who wasn’t authorized to speak publicly about the discussion. The pipeline serves 90 U.S. military installations and 26 oil refineries, the person said.

The shutdown has prompted frenzied moves by traders and retailers to secure alternative supplies. Oil tanker charter rates skyrocketed in the U.S. with refiners scrambling for ships to store fuel that has nowhere to go.
Average U.S. gasoline prices rose to the highest since 2014.

Emergency shipments of gasoline and diesel from Texas are already on the way to Atlanta and other southeastern cities via trucks, and at least two Gulf Coast refineries began trimming output amid expectations that supplies will begin backing up in the nation’s oil-refining nexus.
The national average retail gasoline price rose to $2.985 a gallon, the highest since November 2014, according to the American Automobile Association. The premium for wholesale gasoline in the New York area expanded to its widest in three months.
More on the Colonial Pipeline Shutdown
Cyber Sleuths Blunted Pipeline Hack, Choked Data Flow to Russia
Restarting U.S. Pipeline Hit by Cyberattack May Not Be Easy
Cyber Warfare Is the New Oil Embargo: Liam Denning
How a Key U.S. Pipeline Got Knocked Out by Hackers: QuickTake
The day's biggest stories

Posted for fair use
www.bloomberg.com

Gasoline Prices Hit $3 as Shortages Grow on Pipeline Outage

Gasoline stations and terminals from Florida to New Jersey are running dry as shortages worsen five days into the shutdown of the biggest U.S. fuel pipeline.
www.bloomberg.com www.bloomberg.com
 
Jubilee on Earth

Jubilee on Earth

Veteran Member
Hognutz said:
Uh-oh, the local sheeple got wind of it. It will be self fulfilling thingamajig now...

They are all going to fill their tanks...
Click to expand...
Yep, one of my large homesteading groups was talking about this on Facebook yesterday. Several reported gas stations with long lines and even some stations that were out. This will become “Toilet Paper 2.0” in no time I’m sure.
 
2

2redroses

Senior Member
LoupGarou said:
A lot of places are getting hit by both email attacks, and RDP sessions left poorly secured in the last week. And this is just the beginning. I have heard reports from others that millions of emails per HOUR are hitting user's accounts in attempts of getting into medium and larger sized businesses. And they are not just stopping with windows machines as they know that BYOD is poorly implemented in a lot of businesses so they are attacking android and IOS devices as well. Phobos and it's variants are the weapon of choice at the moment, as they have just released four new ones that STILL don't have a public decryption tool.

Do your (image) backups. Do them today (tonight). And make SURE you keep them OFFLINE from any system. You can buy a 10TB desktop USB drive for under $300 and backup all sorts of systems with it if you have a business. You can buy a 2TB NVME SSD for about the same and do nightly backups of your important user machines VERY QUICKLY. This is bad. And we are just now seeing the first volleys of fire in this war. Expect these attacks to escalate EXPONENTIALLY as they get more and more brazen and see the end of the line for the world economy and they want their piece of it (or to cause it).

Next little words of warning: There is NO getting around what they are doing if you are hit. And the likelihood that they will actually decrypt anything is next to ZERO even if you pay them. And if you DO pay them, or even contact them, you should also expect to have to contact and pay them again as they will put their copy of your info up for sale on the dark web.
Click to expand...
On a personal level, I've been getting hit with an unprecedented number of spam emails the past 2 weeks.Should these be deleted without opening? Do the hackers gain access to businesses by an employee just opening a hackers email?
 
Lone_Hawk

Lone_Hawk

Resident Spook
jward said:
William Turton
@WilliamTurton



NEW: (w/
@jordanr1000
) A small group of private companies, with help from several U.S. agencies, disrupted the cyber-attacks against Colonial Pipeline by taking down key servers being used by the hackers https://bloomberg.com/news/articles/2021-05-10/cyber-sleuths-blunted-pipeline-hack-choked-data-flow-to-russia?sref=ylv224K8
via
@technology

Cybersecurity


Cyber Sleuths Blunted Pipeline Hack, Choked Data Flow to Russia
By
Jordan Robertson
and
William Turton

May 10, 2021, 5:25 PM CDT

  • Private sector, U.S. effort took down servers, recovered data
  • Colonial information hadn’t been sent to Russia when recouped



WATCH: President Joe Biden said Russia has “some responsibility” to address a ransomware attack that crippled the Colonial fuel pipeline.


A small group of private-sector companies, with help from several U.S. agencies, disrupted ongoing cyber-attacks against Colonial Pipeline Co. and more than two dozen other victims, according to people with knowledge of the matter.
Colonial was able to recover some stolen data because of the intervention, which stopped the flow of stolen data headed to Russia -- believed to be the ultimate destination, according to three people involved with or briefed about the investigation into the breach.


The takedown, which occurred on May 8, was enacted by companies that included operators of U.S.-based servers used by the hackers, the people said. The intervention involved the White House, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and National Security Agency, and shut off key servers used by the hackers, said the people, who requested anonymity because they weren’t authorized to discuss the ongoing investigation.

Colonial was the victim of a ransomware attack last week in which the hackers stole nearly 100 gigabytes of data, a breach that caused the company to shut down operations of the biggest fuel pipeline in the U.S. The hackers were using the servers that were disabled as a repository for storing information before relaying it to computers in Russia, the people said.

But Colonial’s data hadn’t yet been sent, which allowed investigators to retrieve it, the people said.
On Monday, President Joe Biden stopped short of blaming the Kremlin but said “there’s evidence” the hackers or the software they used are “in Russia.”

“They have some responsibility to deal with this,” he told reporters at the White House, after announcing that “my administration will be pursuing a global effort of ransomware attacks.”
Representatives from the White House, FBI, NSA and the Department of Homeland Security, which oversees the Cybersecurity and Infrastructure Security Agency, didn’t immediately respond to a request for comment, nor did the Russian Embassy in Washington.

The takedown represents an unusually swift response to a cyber-attack that’s had an uncommonly large impact, throttling gasoline supplies across the eastern U.S. and threatening a spike in prices.
Besides Colonial, the more than two dozen other victims of the ransomware attacks were across a range of industries, two of the people said. They wouldn’t identify the other victims of the attacks. Reuters previously reported that investigators managed to thwart some of the data theft by taking a cloud server offline and that the server carried data from other ransomware attacks under way.

The White House had pulled together an inter-agency task force to address the breach, including exploring options for lessening the damage, according to an official. Biden can invoke an array of emergency powers to ensure supplies keep flowing to big cities and airports along the East Coast. Alpharetta, Georgia-based Colonial said Monday that it is bringing the Texas-to-New Jersey pipeline back online in stages and intends to have it fully operational by the end of the week.
The FBI confirmed that the attackers used DarkSide ransomware in the attack; others have linked the attack to a ransomware group using the same name. Among the evidence linking the group to Russia is its use of the Russian language and its exclusion of Russian companies as hacking targets, according to cybersecurity experts.

They stole nearly 100 gigabytes of data from Colonial’s network on Thursday before locking up computers with ransomware and demanding payment, Bloomberg reported. Colonial shut down its computer network and the pipeline’s operations while it assessed the damage.
In the aftermath of the takedown, DarkSide issued a statement on the dark web Monday hinting at contrition. “We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Code Wars - Bloomberg

The escalating battle against hackers
www.bloomberg.com www.bloomberg.com













Most Read
  1. markets
    Bitcoin’s Waning Dominance Stirs Warning of Crypto Market Froth
  2. businessweek
    How to Quit Your Job in the Great Post-Pandemic Resignation Boom
  3. technology
    Biggest Crypto Exchange Binance Briefly Stopped Withdrawals
  4. business
    CDC Limits Review of Vaccinated but Infected; Draws Concern
  5. markets
    Gas Stations Run Dry as Pipeline Races to Recover From Hacking







Cybersecurity
Click to expand...

So, we have a ransomware attack which I believe typically encrypts your data on your system and you have to pay to get the key to get your data back.

But this time 100GB of data is "stolen" and moved to servers in the US. I'm assuming that they deleted the data files on the victim's servers.

Oh "lookie here!" says the federal government! We found your files! We are the heroes! And with no way on earth of knowing, they know those files were headed to Russia.

I so believe this story ....
 
jward

jward

passin' thru
at least they're remembering to invent three sources for their stories, so they must
really really want us to give them credence :: insert eye roll ::
 
rob0126

rob0126

Veteran Member
jward said:
William Turton
@WilliamTurton



NEW: (w/
@jordanr1000
) A small group of private companies, with help from several U.S. agencies, disrupted the cyber-attacks against Colonial Pipeline by taking down key servers being used by the hackers https://bloomberg.com/news/articles/2021-05-10/cyber-sleuths-blunted-pipeline-hack-choked-data-flow-to-russia?sref=ylv224K8
via
@technology

Cybersecurity


Cyber Sleuths Blunted Pipeline Hack, Choked Data Flow to Russia
By
Jordan Robertson
and
William Turton

May 10, 2021, 5:25 PM CDT

  • Private sector, U.S. effort took down servers, recovered data
  • Colonial information hadn’t been sent to Russia when recouped



WATCH: President Joe Biden said Russia has “some responsibility” to address a ransomware attack that crippled the Colonial fuel pipeline.


A small group of private-sector companies, with help from several U.S. agencies, disrupted ongoing cyber-attacks against Colonial Pipeline Co. and more than two dozen other victims, according to people with knowledge of the matter.
Colonial was able to recover some stolen data because of the intervention, which stopped the flow of stolen data headed to Russia -- believed to be the ultimate destination, according to three people involved with or briefed about the investigation into the breach.


The takedown, which occurred on May 8, was enacted by companies that included operators of U.S.-based servers used by the hackers, the people said. The intervention involved the White House, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and National Security Agency, and shut off key servers used by the hackers, said the people, who requested anonymity because they weren’t authorized to discuss the ongoing investigation.

Colonial was the victim of a ransomware attack last week in which the hackers stole nearly 100 gigabytes of data, a breach that caused the company to shut down operations of the biggest fuel pipeline in the U.S. The hackers were using the servers that were disabled as a repository for storing information before relaying it to computers in Russia, the people said.

But Colonial’s data hadn’t yet been sent, which allowed investigators to retrieve it, the people said.
On Monday, President Joe Biden stopped short of blaming the Kremlin but said “there’s evidence” the hackers or the software they used are “in Russia.”

“They have some responsibility to deal with this,” he told reporters at the White House, after announcing that “my administration will be pursuing a global effort of ransomware attacks.”
Representatives from the White House, FBI, NSA and the Department of Homeland Security, which oversees the Cybersecurity and Infrastructure Security Agency, didn’t immediately respond to a request for comment, nor did the Russian Embassy in Washington.

The takedown represents an unusually swift response to a cyber-attack that’s had an uncommonly large impact, throttling gasoline supplies across the eastern U.S. and threatening a spike in prices.
Besides Colonial, the more than two dozen other victims of the ransomware attacks were across a range of industries, two of the people said. They wouldn’t identify the other victims of the attacks. Reuters previously reported that investigators managed to thwart some of the data theft by taking a cloud server offline and that the server carried data from other ransomware attacks under way.

The White House had pulled together an inter-agency task force to address the breach, including exploring options for lessening the damage, according to an official. Biden can invoke an array of emergency powers to ensure supplies keep flowing to big cities and airports along the East Coast. Alpharetta, Georgia-based Colonial said Monday that it is bringing the Texas-to-New Jersey pipeline back online in stages and intends to have it fully operational by the end of the week.
The FBI confirmed that the attackers used DarkSide ransomware in the attack; others have linked the attack to a ransomware group using the same name. Among the evidence linking the group to Russia is its use of the Russian language and its exclusion of Russian companies as hacking targets, according to cybersecurity experts.

They stole nearly 100 gigabytes of data from Colonial’s network on Thursday before locking up computers with ransomware and demanding payment, Bloomberg reported. Colonial shut down its computer network and the pipeline’s operations while it assessed the damage.
In the aftermath of the takedown, DarkSide issued a statement on the dark web Monday hinting at contrition. “We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Code Wars - Bloomberg

The escalating battle against hackers
www.bloomberg.com www.bloomberg.com













Most Read
  1. markets
    Bitcoin’s Waning Dominance Stirs Warning of Crypto Market Froth
  2. businessweek
    How to Quit Your Job in the Great Post-Pandemic Resignation Boom
  3. technology
    Biggest Crypto Exchange Binance Briefly Stopped Withdrawals
  4. business
    CDC Limits Review of Vaccinated but Infected; Draws Concern
  5. markets
    Gas Stations Run Dry as Pipeline Races to Recover From Hacking







Cybersecurity
Click to expand...

"Among the evidence linking the group to Russia is its use of the Russian language and its exclusion of Russian companies as hacking targets, according to cybersecurity experts."

Thats not enough evidence to blame the russian govt. Any hacker group could have done this to try and frame the russians.

They had way more evidence with bidens son.
 
N

night driver

ESFP adrift in INTJ sea
Doat said:
And why is any thing this important connected to the World Wide Web?
Click to expand...
Because NO individual company has the money to run cabling over the entire length and breadth of their operation, has the monry to install a full server farm to handle the data, etc. I'm sure they would be OVERJPYED if you popped up with the couple hundred billion to do that for them.
Consider that ONE of the likely several distributed seerver farms ofr THIS company would be nigh on to 100 Million bux for the building and the hardware inside. Now they have to cable the complete pipeline from end to ends including the stations. PLUS they will have to invest another 30-50 million for the PROPRIETARY software to RUN this network. And ALL of that money is NOT PRODUCTIVE. IT is RARELY a Profit Center, almost ALWAYS we consider IT a COSt center and in this case it would cost more than they make a year for a SPAN of years.


NEXT poorly thought Unicorn Dust Concept?
 
The Mountain

The Mountain

Here since the beginning
_______________
Supposedly, per this article:

www.bizpacreview.com

‘Bread lines next’? Pipeline hacker offers mea culpa as long lines, anger and panic rise over gas shortages

Panic sets in after the Colonial Pipeline was hacked by criminals. North Carolina has declared an emergency and gas lines are getting long.
www.bizpacreview.com www.bizpacreview.com

A Russia-based but not government-run hacker group called Darkside claimed responsibility for the attack and apparently have said they did not intend to cause the disruption. They're a Ransomware group, and their purpose is to squeeze private corps for money only. They don't do politics, and don't attack things like hospitals or infrastructure, and do not want social consequences. It will be interesting to see if they give the pipeline company the key for free to at least start the process of fixing it.
 
psychgirl

psychgirl

Has No Life - Lives on TB
The prepping groups on fake book are reporting, (real time, boots on the ground) outages and long lines as fast as I can read them!

Just as we are reading here, the issues seem to be in Georgia, Virginia, the Carolinas, and some in Florida.
Right now the most dire reports are coming in from Georgia.
 
The Mountain

The Mountain

Here since the beginning
_______________
night driver said:
Because NO individual company has the money to run cabling over the entire length and breadth of their operation, has the monry to install a full server farm to handle the data, etc. I'm sure they would be OVERJPYED if you popped up with the couple hundred billion to do that for them.
Consider that ONE of the likely several distributed seerver farms ofr THIS company would be nigh on to 100 Million bux for the building and the hardware inside. Now they have to cable the complete pipeline from end to ends including the stations. PLUS they will have to invest another 30-50 million for the PROPRIETARY software to RUN this network. And ALL of that money is NOT PRODUCTIVE. IT is RARELY a Profit Center, almost ALWAYS we consider IT a COSt center and in this case it would cost more than they make a year for a SPAN of years.


NEXT poorly thought Unicorn Dust Concept?
Click to expand...


Erm, maybe 20 years ago this would be true, but plenty of large companies today do exactly this. Parts of their physical network might run across "public" cables, but they're tied point-to-point to company hardware with no internet-addressable ports. Further, what would 20 years ago have been a huge multi-million dollar data center is today barely a single fully-populated server rack, maybe two. With virtual machines and ultra-high-density SAN systems, the volume of data a two-rack environment can handle is staggering. As an example, Tyson Foods runs their entire operation on about 10 racks of servers and network gear, plus another 15 racks of storage (mostly just banks of disk, and this is older low-capacity stuff), and they run a truly gigantic fully-implemented SAP installation that literally tracks their entire business from the eggs in the incubators to the bag of tenders being loaded in your grocer's freezer, and that includes all the feed for the animals, all the transport, the veterinary care for the animals, the petroleum products for heating and transport and so on (yes they are in the Orl Bidness with their own NatGas and Diesel), the power for farms, processing plants etc, equipment lifecycle, and all the internal personnel operations of the company.

On just 25 racks. They do (or did until just recently) have 2.5 data centers, one at their headquarters and one up in Nebraska somewhere, but those are not load-balancing; they're a DR solution so if HQ goes down they can still operate using the Nebraska site. I call it 2.5 because the HQ one was being moved out of their basement to a dedicated facility next door to the HQ building. And that was more than 5 years ago, so it's likely that their data hardware footprint has shrunk as denser storage and processing systems have become available.

And now with Cloud, a lot of companies are offloading as much of their generic IT work as they can, so they only have to maintain on-premises equipment for things that need actual on-premises gear such as SCADA and similar tasks.

Typically, a large and sensitive industrial control system like this should according to proper security principles be airgapped from the internet. SCADA has been a huge worry in the security community for years for a number of reasons, and maybe this will be the impetus to clear this up.

You want to scare yourself regarding "important things accessible from the internet" try looking up the big medical scanning systems e.g. CAT, PET, MRI etc in hospitals. Many many too many are online, with virtually no inbuilt security, and all too often haven't ever had any kind of update so they're all running ancient long-hacked versions of operating systems and network protocols.
 
Last edited:
phloydius

phloydius

Veteran Member
The Mountain said:
Supposedly, per this article:

www.bizpacreview.com

‘Bread lines next’? Pipeline hacker offers mea culpa as long lines, anger and panic rise over gas shortages

Panic sets in after the Colonial Pipeline was hacked by criminals. North Carolina has declared an emergency and gas lines are getting long.
www.bizpacreview.com www.bizpacreview.com

A Russia-based but not government-run hacker group called Darkside claimed responsibility for the attack and apparently have said they did not intend to cause the disruption. They're a Ransomware group, and their purpose is to squeeze private corps for money only. They don't do politics, and don't attack things like hospitals or infrastructure, and do not want social consequences. It will be interesting to see if they give the pipeline company the key for free to at least start the process of fixing it.
Click to expand...

Interesting, and as you said Supposedly.
Although that is the opposite of everything I read up to this point, where DarkSide specifically claimed they did not do it, but it was done by someone else using their software (that they probably sold it to).
 
CaryC

CaryC

Has No Life - Lives on TB
The Mountain said:
A Russia-based but not government-run hacker group called Darkside claimed responsibility for the attack and apparently have said they did not intend to cause the disruption.
Click to expand...
Aaaaa when you hack and take down an oil pipeline, what did they think was going to happen? Business as usual?

Sounds like Biden speak. Giving people a thousands of dollars a week on unemployment didn't cause a worker shortage.
 
W

Walrus

Veteran Member
rob0126 said:
"Among the evidence linking the group to Russia is its use of the Russian language and its exclusion of Russian companies as hacking targets, according to cybersecurity experts."
Thats not enough evidence to blame the russian govt. Any hacker group could have done this to try and frame the russians.
Click to expand...
This is so very true. Wow, I'm just stunned at the bravery and dashing heroism which as been so selflessly demonstrated by our heroic boys and girls as they masterfully fended off those nasty Russkies on behalf of all the east coast citizens. Yes, the same Russkies who have been so threatening to that little Ukrainian nation of innocent wheat-raising farmers - THOSE MEANIES!

Fedgov's reaction and sleuthing in this reportage is absolutely Tom Clancy-ish world class effort, isn't it? Plus good ol'-fashioned American luck. The usage of Russian language and exclusion of Russian companies from the felonious hackerage assaults is such strong evidence of collusion that any court - especially the World Court in the Hague - will unanimously stand in condemnation of those mean Russkies. The same sleuths probably tracked the IP, MAC addresses, subnet masks and all kinds of obscure technical stuff (about which you have no need to know, dear reader) in this heroic effort which led to this inescapable conclusion in world-class time!

And of course, in their gratitude, the greedy Colonial pipeline investors such as the evil Koch brothers, the foreign-owned Royal Dutch Shell and all the rest of them will gladly que up and pay way more in corporate taxes to protect against any future threat to our way of life without passing on those costs to us citizens who are so fortunate to have survived the evil Trumpian policies which led to this horrible incident.

What a story should be told if fedgov wasn't so providential and humble in its purity of service!

Unicorns, puppies, flowers and warm spring sunshine for all!
 
The Mountain

The Mountain

Here since the beginning
_______________
CaryC said:
Aaaaa when you hack and take down an oil pipeline, what did they think was going to happen? Business as usual?

Sounds like Biden speak. Giving people a thousands of dollars a week on unemployment didn't cause a worker shortage.
Click to expand...

Since they're a Ransomware group, if they really are the ones responsible: Ransomware groups don't generally do active hacking. They spread trojan horse emails and documents around, and then unsuspecting idiots access them and infect whatever company they work for. Even if they "spearphished" the guy at the pipeline company, they likely either didn't realize what kind of company it was, or hit him through a non-company channel but he opened it on a company computer. The "hack" was that the Ransomware locks up things like databases and email stores, and high-volume fileshares on the assumption that those are the most valuable parts of the company and the things they most need to stay in business. Somehow that targeting also grabbed a resource that the industrial control system relies on, and without that resource the control system locked up.
 
SmithJ

SmithJ

Veteran Member
The Mountain said:
Since they're a Ransomware group, if they really are the ones responsible: Ransomware groups don't generally do active hacking. They spread trojan horse emails and documents around, and then unsuspecting idiots access them and infect whatever company they work for. Even if they "spearphished" the guy at the pipeline company, they likely either didn't realize what kind of company it was, or hit him through a non-company channel but he opened it on a company computer. The "hack" was that the Ransomware locks up things like databases and email stores, and high-volume fileshares on the assumption that those are the most valuable parts of the company and the things they most need to stay in business. Somehow that targeting also grabbed a resource that the industrial control system relies on, and without that resource the control system locked up.
Click to expand...
From what I've read the Darkside group actually provides ransomware (and other goodies) as SaaS to hackers. They lease the software for a percent of the take.

So in reality, the "hackers" are a third party and who knows their motive.
 
S

summerthyme

Administrator
_______________
2redroses said:
On a personal level, I've been getting hit with an unprecedented number of spam emails the past 2 weeks.Should these be deleted without opening? Do the hackers gain access to businesses by an employee just opening a hackers email?
Click to expand...
YES! The bane of IT people's existence in companies are people who open every e-mail and attachment!
NEVER open an attachment if you weren't expecting it. Yes, its a PITA... but even when the email is from one of the kids, ill send them a quick note checking to see that they DID send it and the attachment is safe.

Summerthyme
 
LoupGarou

LoupGarou

Ancient Fuzzball
SmithJ said:
From what I've read the Darkside group actually provides ransomware (and other goodies) as SaaS to hackers. They lease the software for a percent of the take.

So in reality, the "hackers" are a third party and who knows their motive.
Click to expand...

EXACTLY!!!

The actual attackers could be ANYONE or any group, from anywhere. I have personally seen the damage that these recent attacks are doing, and they are sending out hundreds of thousands of emails an hour on average (spiking several times over a million per hour). There are already a LOT of direct victims, many of which are not reporting it. Mid size businesses and bigger are the targets, but the people actually doing the attacks really don't care. I do believe that they knew what they were getting in on as they DO collect a lot of data off of every machine that they attack (I have firewall logs), and in some cases, LOTS of the files themselves to be held as a second series of ransom later whether you pay them to decrypt or not.

This could be a large group outside of state sponsorship. This could be state sponsored. This could have been deep state sponsored. At this point very little is known as they are rather careful of having several layers of insulation between them (the attackers), and the targets. In the few cases that I have seen in the last three weeks, the attacks came from rather large cloud services providers, that were remote controlled by rather simple commands from a second set of cloud servers on a different host, that were similarly commanded from "deep routed" addresses that aren't going to be traced back any time soon. I don't know the exact vector that attacked Colonial, but I would bet that they were also nailed this way

And I can tell you that it is any non-VPN'd remote access point that can also be an attack point, NOT just RDP. A server in NC was compromised through CITRIX, and VNC is not going to help either. DO NOT HAVE AN OPEN RDP OUT ON THE WEB (as in port forwarded through the firewall), you are asking for trouble. While the brunt of these attacks are coming through email, remote access IS being used as well, and not just RDP. Get yourself REAL hardware VPNs and use them. Don't even bother with a software VPN, and DO NOT TRUST CRAPPY COTS NETWORK EQUIPMENT if you want to keep your silicon and bits safe. Draytek, Cisco, Sonicwall, and make sure that they are updated and patched. And keep the open ports to a BARE minimum. VPN, VPN, VPN...

And again, DO YOUR IMAGE BACKUPS NOW! I don't care if you have to use something like Redo Rescue to hand hold you through the process, or if you bit bang it with System Rescue CD or Trinity Resource Kit abusing DD (or DDRESCUE for the people that have an already "aging" drive). GET IT DONE!

THEN, once you have done an image backup, go back and backup all of your files daily or weekly with a second USB drive so that you have a second source of your data that you can restore from and you don't have to do an image as often. Data only backups go quick, and will cover what you have done since your last image backup.

GET IT DONE! This is about to get a WHOLE lot worse. Since a LOT of companies have elected to send their employees home and work from there, there are a LOT of loose ends out there that also tie back in to a LOT larger systems.
 
vector7

vector7

Dot Collector
:hmm:
Let's hope this situation gets fixed quickly.

Keeping track of this woo for later...vvv

Most people don't understand the magnitude/gas shortage=will EFFECT trucks-shipping's, mail., deliveries lumber for business, goods, supplies for business across U.S./ = siphon gas from the west coast/ this is just the start/=More incoming next week_ cyber ATTACKS Prepare
RT 1min
https://twitter.com/i/web/status/1392103073573605388
View: https://twitter.com/notasleep023/status/1392103073573605388

CNN has the ability to predict the future.
https://twitter.com/i/web/status/1392170702216773633
View: https://twitter.com/zniffo/status/1392170702216773633


https://twitter.com/i/web/status/1392157871702425605
View: https://twitter.com/Ja_Lord/status/1392157871702425605
 
Last edited:
Jackalope

Jackalope

Irregular
The FBI may say, "Russia, Russia, Russia." However, Jackalope says, Biden, Biden, Biden." After all who profits from this gas shortage? Biden supports the "Green Deal." Seems like this is an opening salvo to force the deal on the sheeple. Welcome to the North American version of Venezuela. (I better start shopping for some horses.)
 
P

Publius

TB Fanatic
Folks this pipe line runs to major tank farms (fuel depots) where road tractors come in a fill up and take it where it's needed.
Now these tank farms are huge and not likely to run out that fast and for my area there are two tank farms one in Delaware and another somewhere in Virginia and the local truck stop in Winchester VA gets all their fuel from the one in Virginia as it's closer than going to Delaware. The one in Delaware I have seen and it's big must cover a 100 acres.
 
SmithJ

SmithJ

Veteran Member
Publius said:
Folks this pipe line runs to major tank farms (fuel depots) where road tractors come in a fill up and take it where it's needed.
Now these tank farms are huge and not likely to run out that fast and for my area there are two tank farms one in Delaware and another somewhere in Virginia and the local truck stop in Winchester VA gets all their fuel from the one in Virginia as it's closer than going to Delaware. The one in Delaware I have seen and it's big must cover a 100 acres.
Click to expand...
It transports 100,000,000 gallons of refined product per day North from the gulf. So those tank are constantly requiring replenishment.
 
W

Walrus

Veteran Member
vector7 said:
Lying NYT...
Reality (just one of MANY documented long lines):
https://twitter.com/i/web/status/1392126149493460997
View: https://twitter.com/disclosetv/status/1392126149493460997

RT 30secs ^
Rising California gas prices...
https://twitter.com/i/web/status/1391488848140529664
View: https://twitter.com/sarahleigh27/status/1391488848140529664
Click to expand...
Lying NYSlimes is right on the money.

Don't even worry about reading the article in an honest attempt at learning. Think about the illogical sub-headline just for starters: "Reliance on the pipeline has grown as rising domestic production of oil and gas has led to reduced refining capacity in the Northeast."

How in the world can anyone with even a rudimentary knowledge of the world opine that rising domestic production leads to reduced refining capacity in the Northeast? Other than the mix of its component hydrocarbons, what would a cat-cracker, fluid coker or even a reformer or hydrocracker unit care whether or not its feedstock were domestic or foreign? That is about the stupidest statement I've ever seen from so-called professional journalists.

What has led to reduced refining capacity is actually quite simple. The maze of mostly EPA - but also blue-state stonewalling - regulations is THE primary culprit which has led to reduced refining capacity. Old refineries can't even be upgraded due to the inability to acquire permits, and forget the idea of building brand-new modern ones, especially with the prevalent NIMBY mindset. This, BTW, is not a Bai-Den, Trumpian or even Obamamian maze; it was front and center under the Shrub and even with the Bubbas from Arkansas in office.

I can only shake my head as the idiots who believe this garbage think that this is truth.
 
Wildweasel

Wildweasel

F-4 Phantoms Phorever
psychgirl said:
The prepping groups on fake book are reporting, (real time, boots on the ground) outages and long lines as fast as I can read them!

Just as we are reading here, the issues seem to be in Georgia, Virginia, the Carolinas, and some in Florida.
Right now the most dire reports are coming in from Georgia.
Click to expand...

Georgia was hit worst in the post-Katrina fuel shortage. Whenever I fueled my Freightliner in GA over the next 6 months I was getting farm diesel/heating oil with red dye instead of greenish/clear undyed highway diesel fuel.

I expect truckers will be getting letters referencing the emergency declaration to cover themselves on the dyed/undyed fuel issue before the week is over.
 
psychgirl

psychgirl

Has No Life - Lives on TB
Wildweasel said:
Georgia was hit worst in the post-Katrina fuel shortage. Whenever I fueled my Freightliner in GA over the next 6 months I was getting farm diesel/heating oil with red dye instead of greenish/clear undyed highway diesel fuel.

I expect truckers will be getting letters referencing the emergency declaration to cover themselves on the dyed/undyed fuel issue before the week is over.
Click to expand...
One gal DID post letter her husband/ trucker got which I saw right after I posted!

I’ll see if I can attach it without any names showing
 
You must log in or register to reply here.
Top