https://www.zerohedge.com/ener...peline-united-states

The largest gasoline pipeline on the East Coast, and the US in general, was shut down on Friday after its operator struggled to contain a cyberattack which threatened its systems. The 5,500-mile Colonial Pipeline, which is the single largest refined-products pipeline in the United States, halted transit as the company was forced to take "certain systems offline to contain the threat, which has temporarily halted all pipeline operations," according to The Wall Street Journal on Saturday. It's reportedly still offline into early Saturday.

Colonial's network is responsible for supplying fuel that originates with refiners on the Gulf Coast to most of the eastern and southern US, accounting for over 2.5 million barrels per day in gasoline, diesel, and jet fuel, or other refined products transferred, making up 45% of all the East Coast's fuel supply. It spans from Texas through southern states and up to New Jersey.

"At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation," the Alpharetta, Georgia-based company stated. "This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers."

The last time there was a significant shutdown of Colonial's lines was during Hurricane Harvey in 2017, which shot spot Gulf Coast gasoline prices to a five-year high and diesel to near a four-year high.

This fresh cyberattack against vital American infrastructure has reportedly already seen federal agencies and law enforcement get involved, alongside a third-party cybersecurity firm brought in by Colonial to launch an investigation. Some of the early details of the investigation suggest a ransomware attack, which is being reported as follows:

The Washington Post reported that ransomware was used in the attack, citing two U.S. officials it didn’t identify. It wasn’t clear if the attack was carried out by foreign government hackers or a criminal group, the officials told the Post. In ransomware attacks, hackers typically encrypt an organization’s computer files and then demand a ransom payment to unlock the data.

This message has been edited. Last edited by: wcb6092,

Wouldn't surprise me if it turned out to be woke Millennials at the NSA or CIA that shut it down.

Several of the states where Colonial is located have zero refineries (GA, SC, NC, VA) so they're 100% dependent on Gulf Coast refinery deliveries via pipeline or world open market via barge and tanker.

Here is Colonial's Map:


Here is screenshot of EIA.gov map of US with all refineries (squares) and all refined product pipelines:

quote:

Originally posted by BamaJeepster:
Wouldn't surprise me if it turned out to be woke Millennials at the NSA or CIA that shut it down.

I'd wager more money on a foreign government

I'd bet money on the Chinese

quote:

Originally posted by nhtagmember:
I'd bet money on the Chinese

Ding ding ding! We have a winner!

quote:

Originally posted by nhtagmember:
I'd bet money on the Chinese

Perhaps through Iran as a proxy. I doubt China would do this directly and it really serves no purpose other than testing processes for them.

CIA, Iran, or China are all enemies of America.
Take your pick.

Rumors of a ransom attack, if so, maybe China needed more funds to pay Hunter.

Honestly think we are at war and don’t even know it.
Biological warfare with the Wuhan Virus, Cyber warfare with the election, disinformation, propaganda and now our energy infrastructure.

The war is ramping up and Joe is struggling to read his teleprompter and cue cards.

quote:

Originally posted by tatortodd:

quote:

Originally posted by BamaJeepster:
Wouldn't surprise me if it turned out to be woke Millennials at the NSA or CIA that shut it down.

I'd wager more money on a foreign government

I'd wager my money on the same folks that are behind the Plandemic. Other nations like the Chinese and Woke hackers in their mom's basement would be a distant 2nd in the suspect list.


Here is a little information along the same lines as the Cyberattack on the Gasoline pipeline.
It would be wise to take what they are saying in the video below seriously.

Jeremy Jurgens, WEF Managing Director:
“I believe that there will be another crisis. It will be more significant. It will be faster than what we’ve seen with COVID. The impact will be greater, and as a result the economic and social implications will be even more significant.”

Klaus Schwab:
“We all know, but still pay insufficient attention, to the frightening scenario of a comprehensive cyber attack could bring a complete halt to the power supply, transportation, hospital services, our society as a whole. The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyberattack.
To use the COVID19 crisis as a timely opportunity to reflect on the lessons the cybersecurity community can draw and improve our unpreparedness for a potential cyber-pandemic.”

Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

Reuters article this morning

This threat is real, all organizations ought to take it more seriously than they’re apparently doing. “It won’t happen to me” is not a plan.

Treat the stupid employee that opened the link as a corporate saboteur.

quote:

Originally posted by mjlennon:
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

Reuters article this morning

This threat is real, all organizations ought to take it more seriously than they’re apparently doing. “It won’t happen to me” is not a plan.

Yep, we've been rolling out protection at work against it. 2FA & external software.

My mother in law's former job got hit a couple years ago. Lots of data lost.

Somebody needs a cruise missile stuck in there ear..

quote:

Originally posted by mjlennon:
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

...

This threat is real, all organizations ought to take it more seriously than they’re apparently doing. “It won’t happen to me” is not a plan.

In my last job, we hired a security firm to run fake cyberattacks on our employees. They sent fake emails with links and attachments to test how many employees would open them. They did a great job; their emails were very convincing. Even though I was one of the few people who knew about the test, I still fell for one of the emails and opened it. (And yeah, they made sure to call me out in their report. )

quote:

Originally posted by mjlennon:
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

Reuters article this morning

This threat is real, all organizations ought to take it more seriously than they’re apparently doing. “It won’t happen to me” is not a plan.

My work didn't.
I posted about their ransom earlier this year when it locked them out of everything.
Needless to say they take it seriously now.

This sort of attack will become more frequent. Whether it's a left wing ransom ware attack, or a foreign government probing for weaknesses in our infrastructure security.

Instead of the idiots in Congress using the infrastructure money for pet projects, they need to upgrade our actual infrastructure & it's security.

It's not a "cyberattack". Low-level email phishing compromised an account and someone gained access and somehow worked that into privileged access to a critical system control. I wish journalists would learn how to report properly.

as someone responsible for industrial control systems (ICS) and operational technology (OT), the convergence of IT and OT/ICS has been a troubling trend. Some separation of critical infrastructure is prudent.

quote:

Originally posted by mjlennon:
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

Yup.

Which is why I spent so much time and effort, when I was in I.T., to educate my internal customers. Contrary to what my colleagues in the field of I.T. security felt, I found end-user education very effective. I think I could count on one hand the number of times employees opened something they shouldn't and, in all but one case, each of them immediately alerted me to the fact they'd done so.

The exception, ironically, was my boss at the time. He released the original malware-infected .zip attachment on my network. And, boy, was he embarrassed In his defense, he had been expecting an email, with an attachment, from the individual from which the email arrived. It was just his bad luck that individual had, himself, been infected with that malware before most people knew it existed.

It was my "good luck" that I had become aware of the threat as soon as it appeared (it was a very fast-mover), figured I best check, logged into the network from home, saw the suspicious activity on the mail servers, and shut them down, thus containing the spread nearly immediately.

I identified which desktops had downloaded the email containing the malware and removed them from the network--just to be safe. Then went through the email stores on the server, removed the offending email from each of them, put in a rule blocking .zip attachments, restarted the mail servers, and sent out a warning. The next morning I went in early and cleaned the half-dozen or so machines that had downloaded the email. None of them had opened it, yet, so the only infected machine, in the end, had been my boss'.

Over the following few days my mail servers tossed back a ton of externally-originated email with .zip attachments.

Meanwhile, a certain Big-3 auto manufacturer lost all their mail services for three days. D'you suppose they learned anything from that? Couldn't tell it by me. They got nailed again a year or two later.

quote:

Originally posted by PGT:
as someone responsible for industrial control systems (ICS) and operational technology (OT), the convergence of IT and OT/ICS has been a troubling trend. Some separation of critical infrastructure is prudent.

It's funny you should mention that. I've a story related to that, too

Our CFO at the time wanted to run an ActiveX control on his laptop to track stocks in real time. (This guy was a complete asshole and could not be reasoned with.) So I was obliged to remove the ActiveX blocking on our firewall proxy server. (One of the few times in my career I lost a network security argument with management.)

Got to thinking and called the stock exchange that was promulgating this security threat. He insisted the ActiveX control was "safe." "So you say," I responded. "Let me ask you this: Do you allow random ActiveX controls on your network?" "Yes," he replied, "we do." "Really? You allow random ActiveX controls on your trading systems' networks?!?!" "Oh, no. We'd never allow that" he responded, obviously horrified at the thought. "Then why do you think it's a good idea to insist your customers allow them on their secured networks?" He had no answer to that. I hadn't thought he would.

Probably just compromised the monitoring / control nodes (probably outdated/unmanaged Windows CE or XP) since it is reported to be a ransomware attack. Not a direct compromise of the OT/ICS systems.

I assume since it is a pipeline, when you can't monitor the pipeline (flow rate, pressure, temp, etc) then you have to shut it down as it is considered 'unsafe'.

If it had been an actual cyber attack.. the pipeline would have likely been physically crippled (like how stuxnet destroyed centrifuges).

^^^^^^^^^^^^
Thank you for clarifying. The media should have to print retractions for fear mongering.