Cyber attack shuts down U.S. fuel pipeline

[CerealExperimentsLain]

1 hour ago, Sakuriru said:

I'm not sure what you're imagining, but real life hacking isn't like CSI or Tron. You can't deploy troops to cyberspace. There's no "defenses" to deploy that could have detected and then prevented this from happening similar to intercepting an enemy bomber.

I mean, other than spending part of the defense budget on research and intelligence onto the actions of the cyberwarfare units, official and less official, of other nation states.  Use some of that money to better research gaps that are likely to be exploited.  Divert funds to helping civilian companies up their network security. (Say 'Oh that's the private sector's job' all you want, all kinds of government money went to securing airports and cockpits in civilian airliners).  There's also the option for retaliatory cyberattacks as well.  Mutually Assured Destruction and all that.

 

But one thing I am sure of; 'The cybersecurity of critical US infrastructure should be ignored by the government and left up to the board of directors of a private corporation to figure out' is def the thing that rival nation states of the United States do approve of.

[XWAUForceflow]

9 hours ago, ShrimpBrime said:

We discussed this at the shop today.... Which is not a huge trucking company, maybe about 80 tractors worth.

 

Our company has a backup server..... 

 

So.... we pondered the idea that Colonial would just plug in the back up and get running in short time. 

 

Is it just me, or is this company stupid for not having a backup plan for something like this??? 

Well, it's not as easy as just restoring the backup and be done. The most obvious question is: is the backup still there? What makes you think a hacker will only target a few servers and then be done with it? A good cyber attacker will make sure they know what your backup system is and make sure they will attack it as well. This can go from just simply destroying or encrypting the backup-data to even compromising the backup-data, hiding Trojan horses within the backup that trigger once a system is restored. (One of the reasons why I am such a huge fan of using tape-backups as a last defense. Once written they cannot simply be deleted or destroyed)

 

Remember that there are generally two types of attacks, the quick 'drive-by' type which generally starts running havoc as soon as it is inside, and the slow and patient one. Depending on the group and how they got in it could be that they had access to the internal networks for days, weeks even months. (Yes months, this has happened before) If you are really careful you can infect and compromise huge parts of a company without being noticed. They will know what the backup system is, they might know how long the retention periods for said backups is and they will know how they are being accessed. So do not automatically assume your backups are safe.

 

But that's not were the fun stops, once triggered the active part of a good cyber attack will attack everything in your environment. That's more than just the obvious file-storage. That's servers, network switches, firewall systems, your security systems, password safes, but it goes much deeper. Printers, scanners, mobile devices, USB sticks that were connected to infected devices at some point. Anything connected to your network can be attacked.

If you just restore your backup (if you can even get to it) all you'll end up with is being infected again right away. You first need to figure out how they got in, how they took over control and most importantly what is being controlled by them.

 

I was privileged to recently hear a presentation of the CEO of a company being attacked by ransomware. They thought they had figured out everything and had cleared everything. But they missed one small touch-screen device connected to the network that was doing some low-end stuff no-one really needed. It had been infected and as soon as the company was back on the net it started communicating again with the C&C servers of the hackers. They caught it in time before it was able to again start it's attack, but that was pure luck. (Well, actually they were informed by their countries equivalent of the NSA that there was still some fishy data coming out of their network)

 

Details on the attack on Colonial are spares, so I have no idea how bad the attack actually is. But be aware that a serious cyber-attack might mean you come into the office and you have access to nothing. Your whole network config might be shot, you cannot log into any of your systems at all. Everything will have to be done by hand, physically going to the affected servers. This takes time, especially the part where you have to be absolutely sure that you removed and cleaned every single system.

[leadeater]

4 hours ago, Sakuriru said:

Bad cybersecurity practices are unregulated. This is the actual problem.

Far as I can tell that was their points. If you are a critical infrastructure company, private company makes do difference, you should be subject to similar regulations defense contractors and companies are. If you provide critical services to the country then you are effectively a national asset and therefore rules should come along with that status, like it or not.

[StDragon]

So last I read, this wasn't a SCADA intrusion, it was on the billing side that got hit. Because they can't account for product delivery, they shut the pipeline down. As in, it wasn't shutdown by ransomware directly. It HAD to be shutdown for accounting / market reasons.

 

As of now, the pipeline is operational again at least.

[poochyena]

Quote

Biden signs cybersecurity executive order aimed at strengthening federal government's defenses

The action follows cybersecurity crises including a recent ransomware attack on a major fuel pipeline that has triggered gas shortages. The order does not specifically address critical infrastructure such as oil and gas pipelines, but it directs the Commerce Department to craft cybersecurity standards for companies that sell software services to the government — a move that analysts hope will ripple across the private sector nationally and globally.

 

https://www.washingtonpost.com/national-security/biden-executive-order-cybersecurity/2021/05/12/9269e932-acd5-11eb-acd3-24b44a57093a_story.html

[StDragon]

3 minutes ago, poochyena said:

 

https://www.washingtonpost.com/national-security/biden-executive-order-cybersecurity/2021/05/12/9269e932-acd5-11eb-acd3-24b44a57093a_story.html

Oh, I'm sure this will mandate a CSO position if not already.

[Unclescar]

On 5/10/2021 at 9:32 AM, thechinchinsong said:

allocate more resources

its not necessarily more that is necessary, more appropriately the correct resources need to be allocated. You can do a lot with less if the tools you are using are adequate. One major problem is that many tools have been mandated through law and its literally illegal to upgrade some aspects of infrastructure without it being approved by our wonderful overlords who despite their obvious superiority know very little about the subject in the first place.

[keithv708]

4 hours ago, StDragon said:

So last I read, this wasn't a SCADA intrusion, it was on the billing side that got hit. Because they can't account for product delivery, they shut the pipeline down. As in, it wasn't shutdown by ransomware directly. It HAD to be shutdown for accounting / market reasons.

 

As of now, the pipeline is operational again at least.

And this why you also keep a paper copy of billing for the account's.

[Arika]

Sure has made people go stupid 

 

 

Yes that is fuel

[StDragon]

18 minutes ago, Arika S said:

Sure has made people go stupid 

 

 

 

Yes that is fuel

It's amazing the effort people will go to win the Darwin award. 

[thechinchinsong]

1 hour ago, Unclescar said:

its not necessarily more that is necessary, more appropriately the correct resources need to be allocated. You can do a lot with less if the tools you are using are adequate. One major problem is that many tools have been mandated through law and its literally illegal to upgrade some aspects of infrastructure without it being approved by our wonderful overlords who despite their obvious superiority know very little about the subject in the first place.

You're right, I agree that a lot of high level political or military officials don't allocate the MENTAL resources to even consider what is the problem and how to tackle such a cybersecurity problem. The combination of poor management and (what I think is) inadequate resources makes it so much worse.

[Bombastinator]

Watching the news on this one this whole things seems to have parallels with the original Caribbean pirates and the Spanish government.  They seem to be claiming to be privateers.  They’ll attack some nations but not others from which they seek protection from prosecution by the people they attack. I wonder if letters of marque equivelants are being issued. 

[StDragon]

7 minutes ago, Bombastinator said:

I wonder if letters of marque equivelants are being issued. 

In the end it does matter? Nothing will be done about it because it can't be done. Well, not at least risking WW III, and no one is going to win that one. So these little missions by proxy will continue.

[Bombastinator]

4 minutes ago, StDragon said:

In the end it does matter? Nothing will be done about it because it can't be done. Well, not at least risking WW III, and no one is going to win that one. So these little missions by proxy will continue.

Could just chop the fiber bundles going to russia. 

[Arika]

fuck yeah, fuel "scalpers" or what ever you would call this idiot

 

 

 

[Kisai]

2 hours ago, Arika S said:

Sure has made people go stupid 

 

 

Yes that is fuel

According to one tweet "Canadian Gas", as a joke about "Canadian milk comes in bags"

 

Not the first time. From Hurricane Harvey , Dec 2019

https://www.slashgear.com/us-government-warns-stop-filling-plastic-bags-with-gasoline-12672512/

From Today (May 12 2021)

 

Quote

US government warns: Stop filling plastic bags with gasoline

The United States Consumer Product Safety Commission was put in a position this week where they needed to issue a warning to citizens. May 12, 2021, at 9AM, the USCPSC released a warning: “Do not fill plastic bags with gasoline.” The followed up with another warning: “Use only containers approved for fuel.”

 

Also... Fictional version of today:

https://itsalwayssunny.fandom.com/wiki/The_Gang_Solves_the_Gas_Crisis

 

Like, sometimes fiction inspires stupid, and sometimes stupid inspires fiction. People have been using improper containers to store gasoline since gasoline has been refined. There is a reason why, since the 80's, all petrol containers are the way they are. The fumes alone will harm you, potentially killing you.

 

 

 

[Bombastinator]

My favorite gas station pricing story is about two gas stations on a corner both of which had been there for years.  One owner was having some sort of financial problem not related to the gas station but the other operator heard about it.  His move was to buy a bunch of wholesale gas and to drop prices below wholesale.  Lose money on the gas in the hopes of driving the other gas station out of business.  The other gas station replies by buying an old tanker truck, showing up, and buying all their gas retail.  They were frantically changing the prices on the sign (which was not electronic) while the tanker truck was filling up from every pump simultaneously.  Price got up to retail really really fast.

Edited May 13, 2021 by Bombastinator

[Random_Person1234]

Colonial paid $5 million in ransom to the hackers.

https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom

[XGoodGuyFitz]

On 5/9/2021 at 3:50 AM, XWAUForceflow said:

Summary

A cyber attack threatens the distribution and production of the US' fuel supply. Details are sparse but already show how vulnerable critical infrastructure is to attacks.

 

Quotes

 

My thoughts

 Hopefully the situation will be resolved quickly and service will resume, but this really should be a wake-up call. Critical infrastructure like this needs to be better protected. Especially because attacks like this will become more frequent and the players attacking targets like this will become only better at it. Not to mention that those are also prime targets for more than 'just' regular hackers. With attacks like this you can cripple and even destroy a country without ever having to shoot a single shot. Future wars will start in the digital realm way before any soldiers will enter it.

 

Sources

https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/

They just got it back up and running, wil be a few days before its back to normal. 

[Bombastinator]

4 minutes ago, MaryAux said:

Knowledges in programming and cyber sphere make you really powerful person. And this case confirms it

Can make.  Situationally dependent like every other source of power.

[StDragon]

4 hours ago, Random_Person1234 said:

Colonial paid $5 million in ransom to the hackers.

https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom

There goes the IT budget...

[suicidalfranco]

America so weak they now bend to terrorists

[FakeATF]

9 hours ago, suicidalfranco said:

America so weak they now bend to terrorists

The FBI encourages companies NOT to pay ransom. It's pretty risky and can cause more problems than it solves.

 

This is a case of a complacent company fucking up, big time. I'm a "free market" kind of guy, but I think that this company needs some serious reforms and regulations. When you supply half the country, you cannot afford to make mistakes like this. 

 

I'm just glad I live on the other side of the country.

Moral of the story; buy some gas cans and have some fuel in reserve. I have a couple full gas cans kicking around for exactly this kind of reason.

[Bombastinator]

9 hours ago, suicidalfranco said:

America so weak they now bend to terrorists

Not america.  An American company.  There’s an argument that that has been true since the Lindburgh baby kidnapping. Private individuals are not prevented from paying ransom.  

[wseaton]

I worked corporate IT for 20 years and frankly I'm not surprised. Spent half that time doing infrastructure security and spent 90% of my time battling IT culture and *not* C-suite drones. The suites will write checks if it's justified.

 

What needs to happen is these data breaches need to be responded with fines the likes of which will tick shareholders off to the point they demand heads to roll. I guarantee you nobody in IT from director level upwards will lose a job over this. Even McDonalds will fire people. This isn't Target store..it's a strategic asset that can harm the infrastructure of the united States.

 

Has anybody heard of the term 'air gap'? Oh wait....the IT bill of rights declares that all computer systems need to be hooked up the internet so network "engineers" have a job and and 3rd party vendors can remote in after hours. I put that term in quotes because 99% of the network engineers I've worked with aren't engineers. They are just sys admins who know how to upgrade firmware on a switch and look important with Solar Wings graphs on their triple monitor displays. Oh yeah....Solar Winds...haha.

 

Virtually all these attacks use layer 7 vectors, but I budgets are slanted towards layer 1-5 mitigation which doesn't do squat. Granular Execution mgmt on critical work systems? Heck no....got a Cisco Cert to complete. Client level security is entry level stuff. Meanwhile the entry level guys doing desktop support are managing most of the real security yet getting paid half the salary. The entire system is bass ackwards. 

 

Work from home doesn't help either because home computer systems are impossible to manage, but it's a manageable scenario. Remote users need limited vertical access and the working scenario is *everybody* has their password compromised. 

 

A big thing that would help this is senior IT staff needs to be told that if data breached occur, and they've been given the tools to mitigate it, then they lose their jobs and unemployment is denied - no exceptions. High level OS support people like myself know how to wall systems up so that it would take an AI from Neuromancer to penetrate, but we spend most of our time fighting a system that pushes lack of accountability. Don't get me started on 30yr old sysadmins who still live with their parents. They have a BA in computer science, and can name all the infinity stones but can't outline even a basic ransomware attack vector.