SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Cyberattack Forces Shutdown Of Largest Gasoline Pipeline In United States/ Update: Colonial paid hackers 5 million dollars.
Page 1 2 3 4 ... 13
Go
New
Find
Notify
Tools
Reply
  
Cyberattack Forces Shutdown Of Largest Gasoline Pipeline In United States/ Update: Colonial paid hackers 5 million dollars. Login/Join 
Member
posted
https://www.zerohedge.com/ener...peline-united-states

The largest gasoline pipeline on the East Coast, and the US in general, was shut down on Friday after its operator struggled to contain a cyberattack which threatened its systems. The 5,500-mile Colonial Pipeline, which is the single largest refined-products pipeline in the United States, halted transit as the company was forced to take "certain systems offline to contain the threat, which has temporarily halted all pipeline operations," according to The Wall Street Journal on Saturday. It's reportedly still offline into early Saturday.

Colonial's network is responsible for supplying fuel that originates with refiners on the Gulf Coast to most of the eastern and southern US, accounting for over 2.5 million barrels per day in gasoline, diesel, and jet fuel, or other refined products transferred, making up 45% of all the East Coast's fuel supply. It spans from Texas through southern states and up to New Jersey.

"At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation," the Alpharetta, Georgia-based company stated. "This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers."

The last time there was a significant shutdown of Colonial's lines was during Hurricane Harvey in 2017, which shot spot Gulf Coast gasoline prices to a five-year high and diesel to near a four-year high.

This fresh cyberattack against vital American infrastructure has reportedly already seen federal agencies and law enforcement get involved, alongside a third-party cybersecurity firm brought in by Colonial to launch an investigation. Some of the early details of the investigation suggest a ransomware attack, which is being reported as follows:

The Washington Post reported that ransomware was used in the attack, citing two U.S. officials it didn’t identify. It wasn’t clear if the attack was carried out by foreign government hackers or a criminal group, the officials told the Post. In ransomware attacks, hackers typically encrypt an organization’s computer files and then demand a ransom payment to unlock the data.

This message has been edited. Last edited by: wcb6092,


_________________________
"Sometimes I wonder whether the world is being run by smart people who are putting us on or by imbeciles who really mean it."
Mark Twain
 
Posts: 13479 | Registered: January 17, 2011Reply With QuoteReport This Post
Info Guru
Picture of BamaJeepster
posted Hide Post
Wouldn't surprise me if it turned out to be woke Millennials at the NSA or CIA that shut it down.



“Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and evidence.”
- John Adams
 
Posts: 29408 | Location: In the red hinterlands of Deep Blue VA | Registered: June 29, 2001Reply With QuoteReport This Post
Drill Here, Drill Now
Picture of tatortodd
posted Hide Post
Several of the states where Colonial is located have zero refineries (GA, SC, NC, VA) so they're 100% dependent on Gulf Coast refinery deliveries via pipeline or world open market via barge and tanker.

Here is Colonial's Map:


Here is screenshot of EIA.gov map of US with all refineries (squares) and all refined product pipelines:



Ego is the anesthesia that deadens the pain of stupidity

DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.
 
Posts: 23957 | Location: Northern Suburbs of Houston | Registered: November 14, 2005Reply With QuoteReport This Post
Drill Here, Drill Now
Picture of tatortodd
posted Hide Post
quote:
Originally posted by BamaJeepster:
Wouldn't surprise me if it turned out to be woke Millennials at the NSA or CIA that shut it down.
I'd wager more money on a foreign government



Ego is the anesthesia that deadens the pain of stupidity

DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.
 
Posts: 23957 | Location: Northern Suburbs of Houston | Registered: November 14, 2005Reply With QuoteReport This Post
Political Cynic
Picture of nhtagmember
posted Hide Post
I'd bet money on the Chinese
 
Posts: 54069 | Location: Tucson Arizona | Registered: January 16, 2002Reply With QuoteReport This Post
Serenity now!
Picture of 4x5
posted Hide Post
quote:
Originally posted by nhtagmember:
I'd bet money on the Chinese

Ding ding ding! We have a winner!



Ladies and gentlemen, take my advice - pull down your pants and slide on the ice.
ʘ ͜ʖ ʘ
 
Posts: 4950 | Location: Highland, UT | Registered: September 14, 2006Reply With QuoteReport This Post
Ubique
Picture of TSE
posted Hide Post
quote:
Originally posted by nhtagmember:
I'd bet money on the Chinese


Perhaps through Iran as a proxy. I doubt China would do this directly and it really serves no purpose other than testing processes for them.


Calgary Shooting Centre
 
Posts: 1522 | Location: Alberta | Registered: July 06, 2004Reply With QuoteReport This Post
Be not wise in
thine own eyes
Picture of kimber1911
posted Hide Post
CIA, Iran, or China are all enemies of America.
Take your pick.

Rumors of a ransom attack, if so, maybe China needed more funds to pay Hunter.

Honestly think we are at war and don’t even know it.
Biological warfare with the Wuhan Virus, Cyber warfare with the election, disinformation, propaganda and now our energy infrastructure.

The war is ramping up and Joe is struggling to read his teleprompter and cue cards.



“We’re in a situation where we have put together, and you guys did it for our administration…President Obama’s administration before this. We have put together, I think, the most extensive and inclusive voter fraud organization in the history of American politics,”
Pres. Select, Joe Biden

“Let’s go, Brandon” Kelli Stavast, 2 Oct. 2021
 
Posts: 5294 | Location: USA | Registered: December 05, 2004Reply With QuoteReport This Post
Down the Rabbit Hole
Picture of Jupiter
posted Hide Post
quote:
Originally posted by tatortodd:
quote:
Originally posted by BamaJeepster:
Wouldn't surprise me if it turned out to be woke Millennials at the NSA or CIA that shut it down.
I'd wager more money on a foreign government


I'd wager my money on the same folks that are behind the Plandemic. Other nations like the Chinese and Woke hackers in their mom's basement would be a distant 2nd in the suspect list.


Here is a little information along the same lines as the Cyberattack on the Gasoline pipeline.
It would be wise to take what they are saying in the video below seriously.

Jeremy Jurgens, WEF Managing Director:
“I believe that there will be another crisis. It will be more significant. It will be faster than what we’ve seen with COVID. The impact will be greater, and as a result the economic and social implications will be even more significant.”

Klaus Schwab:
“We all know, but still pay insufficient attention, to the frightening scenario of a comprehensive cyber attack could bring a complete halt to the power supply, transportation, hospital services, our society as a whole. The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyberattack.
To use the COVID19 crisis as a timely opportunity to reflect on the lessons the cybersecurity community can draw and improve our unpreparedness for a potential cyber-pandemic.”



Diligentia, Vis, Celeritas

"People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf."
-- George Orwell

 
Posts: 4968 | Location: North Mississippi | Registered: August 09, 2002Reply With QuoteReport This Post
I'd rather have luck
than skill any day
Picture of mjlennon
posted Hide Post
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

Reuters article this morning

This threat is real, all organizations ought to take it more seriously than they’re apparently doing. “It won’t happen to me” is not a plan.
 
Posts: 1859 | Location: Fayetteville, Georgia | Registered: December 08, 2005Reply With QuoteReport This Post
Raptorman
Picture of Mars_Attacks
posted Hide Post
Treat the stupid employee that opened the link as a corporate saboteur.


____________________________

Eeewwww, don't touch it!
Here, poke at it with this stick.
 
Posts: 34586 | Location: North, GA | Registered: October 09, 2002Reply With QuoteReport This Post
Member
Picture of P250UA5
posted Hide Post
quote:
Originally posted by mjlennon:
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

Reuters article this morning

This threat is real, all organizations ought to take it more seriously than they’re apparently doing. “It won’t happen to me” is not a plan.


Yep, we've been rolling out protection at work against it. 2FA & external software.

My mother in law's former job got hit a couple years ago. Lots of data lost.




The Enemy's gate is down.
 
Posts: 16289 | Location: Spring, TX | Registered: July 11, 2011Reply With QuoteReport This Post
Member
Picture of CQB60
posted Hide Post
Somebody needs a cruise missile stuck in there ear..


______________________________________________
Life is short. It’s shorter with the wrong gun…
 
Posts: 13873 | Location: VIrtual | Registered: November 13, 2009Reply With QuoteReport This Post
Eschew Obfuscation
posted Hide Post
quote:
Originally posted by mjlennon:
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

...

This threat is real, all organizations ought to take it more seriously than they’re apparently doing. “It won’t happen to me” is not a plan.

In my last job, we hired a security firm to run fake cyberattacks on our employees. They sent fake emails with links and attachments to test how many employees would open them. They did a great job; their emails were very convincing. Even though I was one of the few people who knew about the test, I still fell for one of the emails and opened it. (And yeah, they made sure to call me out in their report. Eek)


_____________________________________________________________________
“One of the common failings among honorable people is a failure to appreciate how thoroughly dishonorable some other people can be, and how dangerous it is to trust them.” – Thomas Sowell
 
Posts: 6645 | Location: Chicago, IL | Registered: December 17, 2007Reply With QuoteReport This Post
Member
Picture of powermad
posted Hide Post
quote:
Originally posted by mjlennon:
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

Reuters article this morning

This threat is real, all organizations ought to take it more seriously than they’re apparently doing. “It won’t happen to me” is not a plan.


My work didn't.
I posted about their ransom earlier this year when it locked them out of everything.
Needless to say they take it seriously now.
 
Posts: 1565 | Location: Portland Oregon | Registered: October 01, 2011Reply With QuoteReport This Post
Member
Picture of Ironbutt
posted Hide Post
This sort of attack will become more frequent. Whether it's a left wing ransom ware attack, or a foreign government probing for weaknesses in our infrastructure security.

Instead of the idiots in Congress using the infrastructure money for pet projects, they need to upgrade our actual infrastructure & it's security.


------------------------------------------------

"It's hard to imagine a more stupid or dangerous way of making decisions, than by putting those decisions in the hands of people who pay no price for being wrong."
Thomas Sowell
 
Posts: 2048 | Location: PA | Registered: September 01, 2013Reply With QuoteReport This Post
Member
Picture of PGT
posted Hide Post
It's not a "cyberattack". Low-level email phishing compromised an account and someone gained access and somehow worked that into privileged access to a critical system control. I wish journalists would learn how to report properly.

as someone responsible for industrial control systems (ICS) and operational technology (OT), the convergence of IT and OT/ICS has been a troubling trend. Some separation of critical infrastructure is prudent.
 
Posts: 3189 | Location: Loudoun VA | Registered: December 21, 2014Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by mjlennon:
Specifically it’s a ransomware attack. Typically these infiltrate the network via email.

Yup.

Which is why I spent so much time and effort, when I was in I.T., to educate my internal customers. Contrary to what my colleagues in the field of I.T. security felt, I found end-user education very effective. I think I could count on one hand the number of times employees opened something they shouldn't and, in all but one case, each of them immediately alerted me to the fact they'd done so.

The exception, ironically, was my boss at the time. He released the original malware-infected .zip attachment on my network. And, boy, was he embarrassed In his defense, he had been expecting an email, with an attachment, from the individual from which the email arrived. It was just his bad luck that individual had, himself, been infected with that malware before most people knew it existed.

It was my "good luck" that I had become aware of the threat as soon as it appeared (it was a very fast-mover), figured I best check, logged into the network from home, saw the suspicious activity on the mail servers, and shut them down, thus containing the spread nearly immediately.

I identified which desktops had downloaded the email containing the malware and removed them from the network--just to be safe. Then went through the email stores on the server, removed the offending email from each of them, put in a rule blocking .zip attachments, restarted the mail servers, and sent out a warning. The next morning I went in early and cleaned the half-dozen or so machines that had downloaded the email. None of them had opened it, yet, so the only infected machine, in the end, had been my boss'.

Over the following few days my mail servers tossed back a ton of externally-originated email with .zip attachments.

Meanwhile, a certain Big-3 auto manufacturer lost all their mail services for three days. D'you suppose they learned anything from that? Couldn't tell it by me. They got nailed again a year or two later.

quote:
Originally posted by PGT:
as someone responsible for industrial control systems (ICS) and operational technology (OT), the convergence of IT and OT/ICS has been a troubling trend. Some separation of critical infrastructure is prudent.

It's funny you should mention that. I've a story related to that, too Smile

Our CFO at the time wanted to run an ActiveX control on his laptop to track stocks in real time. (This guy was a complete asshole and could not be reasoned with.) So I was obliged to remove the ActiveX blocking on our firewall proxy server. (One of the few times in my career I lost a network security argument with management.)

Got to thinking and called the stock exchange that was promulgating this security threat. He insisted the ActiveX control was "safe." "So you say," I responded. "Let me ask you this: Do you allow random ActiveX controls on your network?" "Yes," he replied, "we do." "Really? You allow random ActiveX controls on your trading systems' networks?!?!" "Oh, no. We'd never allow that" he responded, obviously horrified at the thought. "Then why do you think it's a good idea to insist your customers allow them on their secured networks?" He had no answer to that. I hadn't thought he would.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26034 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
Picture of cyanide357
posted Hide Post
Probably just compromised the monitoring / control nodes (probably outdated/unmanaged Windows CE or XP) since it is reported to be a ransomware attack. Not a direct compromise of the OT/ICS systems.

I assume since it is a pipeline, when you can't monitor the pipeline (flow rate, pressure, temp, etc) then you have to shut it down as it is considered 'unsafe'.

If it had been an actual cyber attack.. the pipeline would have likely been physically crippled (like how stuxnet destroyed centrifuges).
 
Posts: 261 | Registered: November 24, 2005Reply With QuoteReport This Post
Member
posted Hide Post
^^^^^^^^^^^^
Thank you for clarifying. The media should have to print retractions for fear mongering.
 
Posts: 17706 | Location: Stuck at home | Registered: January 02, 2015Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2 3 4 ... 13 
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Cyberattack Forces Shutdown Of Largest Gasoline Pipeline In United States/ Update: Colonial paid hackers 5 million dollars.

© SIGforum 2024