US pipeline fuel system shuts down after cyberattack

1
The main fuel supply line to the U.S. East Coast was shut down on Friday after the pipeline's operator was hit by what is believed to be the largest successful cyberattack on oil infrastructure in the country's history.

The attack on the Colonial Pipeline, which runs 5,500 miles and provides nearly half the fuel used on the East Coast, affected some of the company’s IT systems. Colonial said it has engaged a third-party cybersecurity firm to investigate the incident, which it confirmed was a ransomware attack, and has contacted law enforcement and other federal agencies.

The attack presents a major test for how the Biden administration will respond to cyber attacks on critical infrastructure at a time when hackers are increasingly targeting essential utility services. The outage, depending on its duration and who is found to be behind it, could send fuel prices in the southeastern U.S. above $3 a gallon, market analysts said.

“This was not a minor target,” said Amy Myers Jaffe, a long-time energy researcher and author of Energy’s Digital Future. “Colonial Pipeline is ultimately the jugular of the US pipeline system. It’s the most significant, successful attack on energy infrastructure we know of in the United States. We’re lucky if there are no consequences, but it’s a definite alarm bell.”

The Cybersecurity and Infrastructure Security Agency believes that the intrusion is the work of the criminal ransomware gang known as Darkside and not a nation-state, according to a security researcher who requested anonymity to speak freely. CISA did not immediately respond to a request for comment.

Sen. Ben Sasse (R-Neb.) said the attack is the latest indication that the government isn't ready for potentially debilitating cyber strikes.

"There’s obviously much still to learn about how this attack happened, but we can be sure of two things: This is a play that will be run again, and we’re not adequately prepared," Sasse said in a statement. "If Congress is serious about an infrastructure package, at front and center should be the hardening of these critical sectors — rather than progressive wishlists masquerading as infrastructure.”

Fuel imports into New York Harbor should cushion the blow for drivers in Baltimore and places north, market analysts said. But if Colonial remains down past the start of this coming week, drivers could begin to hoard fuel and prices will rise dramatically even before the normal start of the summer driving season, when prices normally increase.

"Colonial delivers products to terminals every five days," said Andy Lipow, president of consulting firm Lipow Oil Associates. "There may be some terminals that had been depending on deliveries yesterday, today or tomorrow that will be immediately affected. But on a widespread basis, in four to five days you’ll see signs of impact, especially when consumers get wind of what’s going and start filling up their cars."
The Federal Energy Regulatory Commission said it is working with other federal agencies to monitor developments on the cyberattack. The FBI and the Department of Energy could not be immediately reached for comment.

Improving cybersecurity in the energy sector has been a key task for several federal agencies. Last month, the DOE and CISA launched an initiative to work with industrial control system operations in the electric sector to improve cybersecurity detection.

Colonial Pipeline is the largest refined products pipeline in the United States, transporting 2.5 million barrels per day, and about 45 percent of all fuel consumed on the East Coast, including gasoline, diesel, jet fuel and heating oil.

The pipeline attack could be a litmus for the Biden administration’s overall cyber strategy, which has been slowly taking shape. So far, officials have been keen on using sanctions and indictments to respond to major events, as seen in President Joe Biden’s executive order last month in response to the SolarWinds cyber espionage campaign. And the latest development has the potential to put more pressure on the Biden administration and lawmakers as they debate adding cybersecurity funding to the administration’s $2 trillion-plus infrastructure proposal, which has been scrutinized for lacking those funds.

Last year, a crack in in the pipeline that went undetected for days or weeks leaked 1.2 million gallons of gasoline in a nature preserve near Charlotte, N.C. And in February, hackers gained access to a water treatment facility’s computer system near Tampa, Florida, and attempted to raise the amount of sodium hydroxide, or lye. Russian military hackers also targeted computer systems belonging to banks, energy firms, senior government officials and airports in Ukraine in June 2017 as a part of the so-called “NotPetya” cyberattack.

The Darkside group is a relatively new player in the ransomware space, but it has quickly gained a reputation for patience, competence, sophistication and large ransoms.

“The Darkside ransomware attack campaigns stood out for their use of stealthy techniques, especially in the early stages,” according to the security firm Varonis, which investigated several Darkside breaches. “The group performed careful reconnaissance and took steps to ensure that their attack tools and techniques would evade detection on monitored devices and endpoints.
https://www.politico.com/news/2021/05/0 ... ack-485984
"Everyone is entitled to their own opinion, but not their own facts." - Daniel Patrick Moynihan

Re: US pipeline fuel system shuts down after cyberattack

6
The US government issued emergency legislation on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack. The Colonial Pipeline carries 2.5 million barrels a day - 45% of the East Coast's supply of diesel, gasoline and jet fuel.

It was completely knocked offline by a cyber-criminal gang on Friday and is still working to restore service. The emergency status enables fuel to be transported by road.

A total of 18 states have been granted a temporary hours of service waiver for transporting gasoline, diesel, jet fuel and other refined petroleum products.

They are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia.

Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer.

Independent oil market analyst Gaurav Sharma told the BBC there is a lot of fuel now stranded at refineries in Texas. "Unless they sort it out by Tuesday, they're in big trouble," said Mr Sharma. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York."

He said oil futures traders were now "scrambling" to meet demand, at a time when US inventories are declining, and demand - especially for vehicular fuels - is on the rise as consumers return to the roads and the US economy attempts to shake off the effects of the pandemic.
While DarkSide is not the largest such gang in this space, the incident highlights the increasing risk ransomware is posing to critical national industrial infrastructure, not just businesses.

It also marks the rise of an insidious criminal IT eco-system worth tens of millions of pounds [dollars], that is unlike anything the cyber-security industry has ever seen before. In addition to a notice on their computer screens, victims of a DarkSide attack receive an information pack informing them that their computers and servers are encrypted.

The gang lists all the types of data it has stolen, and sends victims the URL of a "personal leak page" where the data is already loaded, waiting to be automatically published, should the company or organisation not pay before the deadline is up. DarkSide also tells victims it will provide proof of the data it has obtained, and is prepared to delete all of it from the victim's network.

According to Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online, DarkSide operates like a business.
Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic - the rise of engineers remotely accessing control systems for the pipeline from home.

James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.
Mr Chappell added that Digital Shadows' research showed the cyber-criminal gang is likely based in a Russian-speaking country, as it seems to avoid attacking companies in the Commonwealth of Independent States - an organisation of the countries of Russia, Ukraine, Belarus, Georgia, Armenia, Moldova, Azerbaijan, Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan.
https://www.bbc.com/news/business-57050690
"Everyone is entitled to their own opinion, but not their own facts." - Daniel Patrick Moynihan

Re: US pipeline fuel system shuts down after cyberattack

7
I actually think these criminals benefit us in the long term. Because they’re criminals, they seek short term profit through ransom, exposing our vulnerability in the process. Putin would never do something like this, he’d rather collect it and keep it in his pocket until he has the ability to shut down the entire USA. Come to think of it, he may already has that ability, and this gang blew it for money.
Glad that federal government is boring again.

Re: US pipeline fuel system shuts down after cyberattack

9
Saw that Darkside is already out with a "ethics statement" indicating that this attack was a mistake and that they will vet future targets for attack to limit social impacts. They claim not to target hospitals, educational facilities, or nonprofits and are making noises about making charitable donations. That's an interesting dilemma for the recipients. They're probably based in Russia, but they clearly loved Robert Redford in Sneakers. "Cattle mutilations are up." Wait, that was Dan Ackroyd.

The more I think about it, the more Putin probably wants these guys dead. Not just competition, but dangerous competition in many, many ways.

Re: US pipeline fuel system shuts down after cyberattack

11
Image
https://www.bbc.com/news/business-57050690

New details emerged Monday that Colonial had staved off one potential effort at extortion, though it still grappled with the ransomware issue. Over the weekend, a hosting provider in New York essentially shut down a server containing the stolen data after being contacted by a cyber firm helping Colonial investigate the incident, according to a U.S. official and three people familiar with the matter. The provider contacted the FBI, which worked with Colonial on the matter. The move to isolate the server basically prevented the flow of stolen data to the hackers, whom analysts believe operate mostly out of Russia.

Bloomberg News first reported the effort to stop the data flow.

Still, experts saw risks throughout the energy grid.

Like the Colonial pipeline, which is more than 40 years old, the country is full of “legacy assets” equipped with more recent digital technology “that’s been bolted on top,” said Lev Simonovich, a vice president at Siemens Energy specializing in security.
Such “ransomware” attacks have become a global scourge, affecting banks, hospitals, universities and municipalities in recent years. Almost 2,400 organizations in the United States were victimized last year alone, one security firm reported. But the attackers are increasingly targeting industrial sectors because these firms are more willing to pay up to regain control of their systems, experts say.

Utilities, pipelines and refineries maintain a critical network of energy supply, without which the country would shut down, but they have become so much a part of Americans’ mental landscape that they typically go unnoticed, except during spectacular failures such as the Texas freeze-up in February.
Over the past decade, industrial companies have moved away from keeping their operational systems “air-gapped,” or isolated from the Internet and separated from business or “information technology” systems. “Today the IT and [operational technology] systems are so heavily converged that it’s really difficult to contain a malware infection just to one part of the network,” Edwards said.

Another factor that has tended to depress cybersecurity spending in the energy sector is the effect of rate regulators, said Robert M. Lee, chief executive and co-founder of Dragos, a cyber-incident response company. Where the utility or provider has a monopoly in the market, the regulator often caps the rates the company can charge, he said. That in turn affects cybersecurity budgets.

“Cybersecurity expenses are heavily scrutinized and very hard to justify in many industries,” he said.
The halting of the data extortion over the weekend took place with the aid of the hosting provider DigitalOcean, which had been notified by the company helping Colonial, an incident response firm called Mandiant. As it investigated the incident, Mandiant, which is a division of the cyber firm FireEye, saw that Colonial data had been stolen and stored on a DigitalOcean server, said the people familiar with the matter, who spoke on the condition of anonymity because the investigation is ongoing.

DigitalOcean and Colonial did not immediately respond to requests for comment. FireEye declined to comment.

Criminal hackers typically store their data on a midpoint server or series of servers — sometimes in the United States — before pulling the data back to their servers overseas. They do that to help throw investigators off the trail.
https://www.washingtonpost.com/business ... l-markets/
"Everyone is entitled to their own opinion, but not their own facts." - Daniel Patrick Moynihan

Re: US pipeline fuel system shuts down after cyberattack

12
It wouldn't surprise me if Darkside was controlled by Putin's Government. He just has layers in between for plausible deniability. Sound rather familiar.

Unfortunately as we have seen over the years, companies many times don't want the expense or the hassles of securing their data networks and servers along with training employees on good computer security habits.

Prime example: I had taken a break from nursing and had taken the Cisco Certification classes and become a CCNA. Later went back to nursing it paid better. I was doing home health. One day I was in the office when our director called out my name in a panic. Went to the office asked what was the problem. She said her computer was acting funny. I asked What had she done. She said she had downloaded a new screen saver that was in an email somebody had sent her. I went over and unplug the ethernet cable. She had been infected by a virus. The real issue was this computer had access t the medical and business server in the office and to the corporate offices in Georgia. Corporate had to reimagine the drives on the computer, and I was given the task of training the office staff about good computer security.
Facts do not cease to exist because they are ignored.-Huxley
"We can have democracy in this country, or we can have great wealth concentrated in the hands of a few, but we can't have both." ~ Louis Brandeis,

Re: US pipeline fuel system shuts down after cyberattack

14
Clicking on an unknown e-mail is the classic entry point for viruses and malware to get into systems, downloading an app is even worse. I pitied the poor IT staff where I worked, the network administrators were constantly battling hackers trying to get into the network and the IT techs had to cope with staff like your boss TT. When a virus or malware got into the network we'd get an e-mail that the system would be going down while they tracked it down and ran a full system check.


lurker wrote: Tue May 11, 2021 11:15 am weren't hackers once supposed to be anti-authoritarian? russian hackers should have plenty to do right at home in russia. unless maybe they're working for their government. maybe they've run out of dissidents to abuse?

Yes Wikileaks, often suspected to be Russian GRU with inside help Edward Snowden and Chelsea Manning. Some in the West saw them as blowing the whistle on Big Government but it was all manipulation.
"Everyone is entitled to their own opinion, but not their own facts." - Daniel Patrick Moynihan

Re: US pipeline fuel system shuts down after cyberattack

15
lurker wrote: Tue May 11, 2021 11:15 am weren't hackers once supposed to be anti-authoritarian? russian hackers should have plenty to do right at home in russia. unless maybe they're working for their government. maybe they've run out of dissidents to abuse?
If they do that against the Russian government, we wouldn’t hear about it. The media over there is tightly controlled by Putin. Also, the guys who do this would go from hidden to disappear. If Putin doesn’t shy away from assassinating dissidents in UK, imagine what he’ll do to an unknown random Russian.
Glad that federal government is boring again.

Re: US pipeline fuel system shuts down after cyberattack

16
highdesert wrote:Clicking on an unknown e-mail is the classic entry point for viruses and malware to get into systems, downloading an app is even worse. I pitied the poor IT staff where I worked, the network administrators were constantly battling hackers trying to get into the network and the IT techs had to cope with staff like your boss TT. When a virus or malware got into the network we'd get an e-mail that the system would be going down while they tracked it down and ran a full system check.


lurker wrote: Tue May 11, 2021 11:15 am weren't hackers once supposed to be anti-authoritarian? russian hackers should have plenty to do right at home in russia. unless maybe they're working for their government. maybe they've run out of dissidents to abuse?

Yes Wikileaks, often suspected to be Russian GRU with inside help Edward Snowden and Chelsea Manning. Some in the West saw them as blowing the whistle on Big Government but it was all manipulation.

I have to laugh a bit Becuase after wiki-leaks, DoD got real serious about this type of training. Cyber security training is Taken every year - I highly doubt any DoD employee isn’t aware of these basic vulnerabilities, like a spear phishing email attack. I laugh Becuase the training is often maligned, spoofed and memed; but that doesn’t make it Ineffective at preventing some easily avoided attacks, through behavior modification, Because the training is so repetitive. I wouldn’t dream of opening and email attachment from a non-secure source.



I agree that hackers are just pawns in the great powers game. Easily manipulated with slush money, shell companies, etc.


Sent from my iPhone using Tapatalk

Re: US pipeline fuel system shuts down after cyberattack

17
Gas stations from Florida to Virginia began running dry and prices at the pump jumped on Tuesday as the shutdown of the biggest U.S. fuel pipeline by hackers extended into a fifth day and sparked panic buying by motorists.

About 7.5% of gas stations in Virginia and 5% in North Carolina had no fuel on Tuesday as demand jumped 20%, tracking firm GasBuddy said. Prices rose to their highest in more than six years, and Georgia suspended sales tax on gas until Saturday to ease the strain on consumers. North Carolina declared an emergency.

Driver Caroline Richardson said she was paying 15 cents more per gallon than a week ago as she refueled at a gas station in Sumter, South Carolina. "I know some friends who decided not to go out of town this weekend to save gas," she said.

Colonial Pipeline has forecast that it will not substantially restore operations of the 5,500-mile pipeline network that supplies nearly half of the East Coast's fuel until the end of the week.
The Environmental Protection Agency issued a waiver on Tuesday that allows distributors to continue supplying winter fuel blends through May 18 in three Mid-Atlantic states to help ease supplies.

North Carolina and the U.S. Department of Transportation, meanwhile, relaxed fuel-driver rules, allowing truckers hauling gasoline to work longer hours. read more

There are growing concerns that the pipeline outage could lead to further price spikes ahead of the Memorial Day weekend at the end of this month. The weekend is the traditional start of the busy summer driving season.

Gulf Coast refiners that rely on Colonial's pipeline to move their products have cut processing. Total SE trimmed gasoline production at its Port Arthur, Texas, refinery and Citgo Petroleum pared back at its Lake Charles, Louisiana, plant, sources told Reuters.

Marathon Petroleum is "making adjustments" to its operations due to the pipeline shutdown, a spokesman said without providing details. read more

While the pipeline outage is having big short-term consequences in some regions, some experts believe the longer term impact will be small.

"Markets will go crazy, but two weeks later no one knows it happened," said Chuck Watson, director of research at ENKI, which studies the economic effects of natural and other disasters.
https://www.reuters.com/business/energy ... 021-05-11/
"Everyone is entitled to their own opinion, but not their own facts." - Daniel Patrick Moynihan

Re: US pipeline fuel system shuts down after cyberattack

18
It’s like the 70’s here. Lines at all the gas stations. Panic buying. We had an employee with a long commute not come in today. My car is about to be on fumes. Good thing I can ride my bike anywhere I might need to go. I ain’t waiting in no stinking gas line. I think there’s some diesel in my truck if I really need to drive somewhere.
'Sorry stupid people but there are some definite disadvantages to being stupid."

-John Cleese

Re: US pipeline fuel system shuts down after cyberattack

22
Mason wrote: Tue May 11, 2021 4:38 pm It’s like the 70’s here. Lines at all the gas stations. Panic buying. We had an employee with a long commute not come in today. My car is about to be on fumes. Good thing I can ride my bike anywhere I might need to go. I ain’t waiting in no stinking gas line. I think there’s some diesel in my truck if I really need to drive somewhere.
Any other reports from the front lines? Hope you all get the spice flowing again soon.

Re: US pipeline fuel system shuts down after cyberattack

23
featureless wrote: Wed May 12, 2021 9:58 am
Mason wrote: Tue May 11, 2021 4:38 pm It’s like the 70’s here. Lines at all the gas stations. Panic buying. We had an employee with a long commute not come in today. My car is about to be on fumes. Good thing I can ride my bike anywhere I might need to go. I ain’t waiting in no stinking gas line. I think there’s some diesel in my truck if I really need to drive somewhere.
Any other reports from the front lines? Hope you all get the spice flowing again soon.
Gas stations and stupidity are a major traffic hazard right now. Lines of cars into major roads and general bad driving. It makes me laugh seeing the all giant jacked up douchemobile trucks that have become so common waiting in line. I guess maybe it wasn't such a good idea to spend $10K making your truck get 8 miles to the gallon. :lol:

I have enough gas to get myself home from work and my kid to sailing practice. My totally unjacked truck, which I use for towing and hauling big heavy stuff, has about half a tank of diesel which will get me about 200 miles around town, if I need it.

I refuse to spend any of my life waiting in panic buying lines because so many of my countrymen are selfish idiots! And I've very deliberately set my life up so I don't have to. :)
'Sorry stupid people but there are some definite disadvantages to being stupid."

-John Cleese

Re: US pipeline fuel system shuts down after cyberattack

24
Shades of the 1970s with the even and odd days for fueling. Even if Colonial gets the pipeline running at the end of the week, it could take a few weeks for things to get back to normal. Hang in there folks.
"People are taking their entire family fleet of vehicles to the gas station and filing up when they don't need to," Wright told CNN's Dianne Gallagher. "We are our own worst enemy in this situation because we are over-consuming at the pump."

Energy Secretary Jennifer Granholm pleaded with Americans not to hoard gas as the pipeline attempts to resume operations. "Let me emphasize that much as there was no cause for say, hoarding toilet paper at the beginning of the pandemic, there should be no cause for hoarding gasoline," Granholm said during Tuesday's White House press briefing, "especially in light of the fact that the pipeline should be substantially operational by the end of this week and over the weekend."
US gasoline demand jumped 20% on Monday compared with the prior week, according to GasBuddy.

In just five states served by Colonial Pipeline — Georgia, Florida, South Carolina, North Carolina and Virginia -- demand was up by a collective 40.1%, GasBuddy said.

"I got scared that I could not go to work or take my daughters to school," Florida resident Linderly Bedoya told CNN on Tuesday. "All the gas stations in my area were without gas and when I finally found one I had to stay an hour in line and I had to fill up with the premium unleaded."
https://www.cnn.com/2021/05/11/business ... index.html
"Everyone is entitled to their own opinion, but not their own facts." - Daniel Patrick Moynihan

Who is online

Users browsing this forum: No registered users and 3 guests