I was looking to see if we’re going to get any oversight or accounting about the Colonial Pipeline hack, and I found this jack off waste of time headline at the AP:
Mein hertz schwimmt im blut at the thought of a former AP exec taking over from Marty Baron at the Post.
Anyway, back to the actual peril from this hack. The National Transportation Safety Board investigates pipeline accidents. I assume they’ll investigate this incident, and I’m looking forward to the report. I hope that we get some oversight of pipelines and other infrastructure because, to put it mildly, hackers shutting down key energy infrastructure is fucked up and bullshit.
Hack attacks like this are battles in a war where nobody dies and nothing blows up, so they seem to be quickly forgotten. If the Colonial outage was the result of a bomb that blew up part of the pipeline, we’d be in the middle of a full-scale freak out, with the National Guard out patrolling, and home state Senators fighting each other to get in front of a TV camera. Instead, I bet it will be a distant memory in a few weeks.
ETA: As John b notes in the comments, Bloomberg is reporting that Colonial paid $ 5 million in cryptocurrency as ransom to Russian or Eastern European hackers.
germy
I don’t know anything about Buzbee.
Will she be an improvement over Baron?
Benw
My 13 yo has a vaccine appointment today!
NotMax
Decent backgrounder.
Cermet
And you can be fairly certain that the company had custom software that is antiquated, used poor software security, and was likely indifferent to the threat; that we paid huge costs thank’s to their indifference should be reflected in fines they should be hit with. Only in this way will companies pay attention to this critical aspect of their software.
Elizabelle
I disagree. The hack will not be forgotten, because if it happened to Colonial, it can happen to any number of organizations. Healthcare, cities and states, all manner of businesses.
Relieved to have Biden and his sane and competent administration in charge of the response. I think TFG would have just arranged a cut of the hackers’ ransom proceeds.
This will be a jobs program for people good with the cyber.
Elizabelle
@germy: The AP provenance bothers me. That was Ron Fournier’s perch, for way too long.
Although: maybe Marty Baron had a big say in who was chosen to replace him.
WaterGirl
@Benw: That’s great! I just scheduled thread for the 12-15 group at 11am.
RepubAnon
Encrypted data storage and shutting off the ability to use USB storage devices like flash drives has been an IT best practice for many years. Nice to see people running critical infrastructure are thinking about implementing standard security practices from 10+ years ago.
Cheryl Rofer
Don’t store your gasoline in plastic bags.
Four Seasons Total Landscaping mistermix
@Elizabelle:
It “can happen”? LOL. Check this out:
https://www.beckershospitalreview.com/cybersecurity/the-new-wave-of-hacking-attempts-hitting-hospitals-6-things-to-know.html
It’s been happening for a long time and has been ignored or forgotten.
NotMax
Analogy of exploding physical structure is flawed. The pipeline itself was not targeted, the IT systems of the company which owns and runs it were.
The Moar You Know
I have been telling this to anyone who will sit still for fifteen seconds for at least the last decade: Americans and American business will not take computer/network security seriously until the day comes when we wake up to find every bank balance in the country is at zero.
At that point, of course, it will be far too late.
The reaction to that statement is always nervous laughter, by the way. Nobody believes it’s possible. But they know I work in security and they always wonder if I know something they don’t. Not really. I’ve just thought it through.
Four Seasons Total Landscaping mistermix
@NotMax:
Well, the net effect was the same: pipeline shutdown and gas shortages. And it was done remotely without any risk to the perpetrator, unlike a physical attack.
The Moar You Know
speaking of hospitals, since it was bought up, five out of the eight major local hospitals (Scripps chain) in San Diego county are shut down entirely due to a ransomware attack. All of their associated clinics and doctors as well. (They all used the same computer network). Even the cafeterias and coffee kiosks. This is not breaking news. This has been the case as of today for TWO WEEKS. The only reason I know this is because I went to my hospital (not Scripps) this weekend and couldn’t help but notice that there were, for the first time, patients lined up in every hallway and in a tent in the parking lot. Not from Covid. They’re just one of the few places where you can get care now in the county. The staff is exhausted.
The media has been very cooperative with Scripps and the criminals. Backpaged in every local outlet, crickets nationally. One of the most populous counties in the United States is teetering on the verge of having no medical care because of a terrorist attack and the media won’t cover it.
Cermet
@NotMax: While true, the pipeline does use pumps that are computer controlled that, hopefully, do not connect via any outside link to main control centers; however, if that is the case it is certainly possible to cause a pipe line to burst leading to many bad scenarios.
Tony Jay
Elections have consequences, it seems. Especially when the elections take place in two rapidly separating countries and one of those countries elected a bunch of fascist wannabe race-baiters.
tl:dr – Do not fuck with the neighbours of Glaswegians, ever, and especially not on Eid, because sometimes one of your Base-feeding stunts might ‘trigger’ more than you planned for.
bbleh
@NotMax: @Four Seasons Total Landscaping mistermix: @Cermet: IIRC, they shut down the control system precisely to avoid “infection” from the systems that were infected. So the control system shutdown was precautionary rather than caused directly by the attack, but it’s nevertheless a consequence of the attack, and indeed they did fear a spread, which means there are at least some connections.
And the only practical differences I can see between this and a physical attack is (1) it will be faster to fix and (2) it doesn’t lead to the kind of massive flaming wreckage that is catnip for TV, its duller-witted viewers, and the politicians that come buzzing like flies to sh!t.
japa21
Just to clarify. The pipeline was shut down by the owners not the hackers.
bbleh
Also, too, despite the lack of flaming wreckage, the MSM are still trying their level best to turn this into a Giant Unforeseen Catastrophe. It’s apparently working well in some places too, where frantic media coverage has led to panic buying, which the media then descend upon with cameras and helicopters, leading to further panic buying, and meanwhile Wise Political Knowers are writing Heavy Thinkpieces on the political damage this is causing an increasingly vulnerable Biden at possibly the most crucial moment of his presidency yadda yadda.
Who was it said we will entertain ourselves to death? It’s borderline psychotic …
hells littlest angel
@Cheryl Rofer: Related tip: don’t store high explosives next to your furnace.
Spanky
And it bears repeating – constantly – that if you hear “Russian hackers”, the immediate assumption should be that they are state controlled.
Spanky
@Cheryl Rofer: No problem! I’m aware enough of the environmental problems to always use tote bags.
Matt McIrvin
@Elizabelle: The Haverhill public school system got hit by a massive ransomware attack recently. They actually had to shut down for a day or two.
Miss Bianca
@Cermet: My pal D said he saw a comment from an inspector who looked at Colonial’s system a few years back and said, “an eighth-grader could have hacked into this.”
L85NJGT
Hot takes, get yer hot takes……
There is such a thing as ransomware insurance. That may be preferable from a PR and business continuity perspective than taking a multi-week outage.
john b
According to Bloomberg, Colonial paid a $5M ransom to get their data back:
ETA: Well this is embarrassing:
Steeplejack (phone)
azlib
@Cermet: Amen brother. Network security tends to be pretty lax in many cases. I remember doing security consulting for a certain paper company many years ago. Their control system for a papermill was accessible from the Internet! I told them this was a very bad idea. I hope it got corrected, but who knows.
I also consulted for a bank which did large wire transfers over unencypted telco trunks. Their IT staff was trying to get this problem solved, but their trading floor objected and said encryption was too expensive.
You think awareness would be a lot higher these days, but the pipeline fiasco suggests network security is still pretty lax.
Another Scott
Repost – 4 slides with more information about what happened and the timeline for getting things back to normal.
Cheers,
Scott.
Baud
You don’t remember the political peril to Obama when he didn’t immediately fix the Deepwater Horizon leak?
The media was salivating about this story.
Le Comte de Monte Cristo, fka Edmund Dantes
@The Moar You Know:
Kill a few dozen hackers every now and then, and this shit stops.
I picture some greasy, plump neckbeard in a dirty “Han Shot First” t-shirt whining that “it’s just the internet and kind of a hobby that I shouldn’t die for, man” and smile as I imagine the impact of the rounds….
L85NJGT
@azlib:
The banking transfers were standard stuff – wait, you’re using ftp?
Le Comte de Monte Cristo, fka Edmund Dantes
@john b:
And the fuckers now have money to develop new hacking tools. Well done, Colonial bean counters, well-fucking done. You saved some money on airgapping critical control functions, and now have cost us all.
One of the first things that the entire new Colonial board of directors and c-suite team should be doing is unceremoniously throwing all the bean counters and MBAs involved in those decisions roughly into the streets, along with all the shit in their desks. Shatter the vases, coffee cups, plants, awards, etc. with rough handling on the way out. Tell them they’re fucked on refererences, too.
L85NJGT
@john b:
Restoring from backup is SOP. Sounds like Colonial has an ongoing cluster fuck rather than executing a disaster recovery plan.
You can plan and practice recovery for outages.
catclub
@NotMax:
Interesting point. I was previously aware that internet enabled (WHY? WHY? WHY?) critical infrastructure pipeline control pieces had terrible password control. Maybe that was not even the problem here. Just that the head office does not know what the pipeline settings are.
You would think that best practice would be: 1) change default passwords on those internet enabled valves and pumps. 2) whitelist the network addresses that can log into those valves and pumps.
gvg
There also a bunch of morons on NextDoor trying to blame Biden for the gas shortage and tying it to proposed raising taxes. No amount of facts changes their minds. It’s just a couple but the scream it’s Biden’s fault about everything the notice wrong including local traffic and homeless people. Pretty recent trend. I think it means they now notice Trump lost for real. The seem to be real sourpusses.
My next door has mostly been lost pets, finding good repairmen and chit chat. Also a couple of dog attacks and fussing about helicopters.
WV Blondie
Biden issued an executive order late yesterday (https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/) that clearly has been in the works for a while.
opiejeanne
@bbleh: Meanwhile, WaPo has the most misleading headline this morning, and they’re getting a lot of pushback. The author is Sean Sullivan and it’s a crappy article.
cs
Biden administration struggles to limit political damage from gas shortage
Le Comte de Monte Cristo, fka Edmund Dantes
@L85NJGT:
But that costs money that can’t be used to buy C Suite guys a fourth retirement home, a bigger yacht or be used in ways to artificially reflect some mythically increased value for the exercise of promised stock options.
Where’s the capitalistical free market fun in that?
WaterGirl
@gvg: My NextDoor is filled with pet stuff, good vaccine info and more. But there are also a bunch of whiners. “Concern” about schools not being open and mask wearing.
The latest is “concern” about a residential substance abuse center that is opening up. A whole lot of “not in my backyard” and the neighborhood property values are going to go to pot.
catclub
@john b:
ETA: Well this is embarrassing:
>> Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.<<
I am impressed that their backup system was working. They TELL us they are backing up all the files, but then when you need one the backup recovery often… fails.
Le Comte de Monte Cristo, fka Edmund Dantes
@gvg:
FTFY
Le Comte de Monte Cristo, fka Edmund Dantes
@WaterGirl:
Next Door is basically twitter for old white people.
catclub
Pun intended?
opiejeanne
@Le Comte de Monte Cristo, fka Edmund Dantes: This old white person uses Twitter as God intended. NextDoor sucks.
john b
@catclub:
To be clear, this detail is not embarrassing for their IT dept., but their execs who thought it the best idea to secretly pay off the hackers when they had a backup that was working as intended. Of course, they should be shamed for their security practices otherwise (but my guess is that this was a corporate decision as well, as most security folks know what is NEEDED, but what is actually implemented falls short of that because of shortsighted execs).
laura
@Le Comte de Monte Cristo, fka Edmund Dantes: True, but BestofNextDoor rocks!
https://mobile.twitter.com/bestofnextdoor/with_replies
The Pale Scot
The ransomers made a mistake, they should have waited until hurricane season
JaneE
Colonial pays 5 million to buy crypto. I can only hope its value sank before the hackers tried to spend it.
Another Scott
Oh, WiFi is broken, also too. Android Police:
(sigh)
But it’s yet another reminder – One cannot prove that a system is virus-free. There will always be exploits and failures as long as we have computers.
Cheers,
Scott.
Mart
@Matt McIrvin: High School buddy put a code in the computer so the staff had to re-enter their password four times. We went thru the punch tape in the trash and found the password. We went in and deleted the attendance records thinking all hell would break loose. Did not think about manually taking attendance. Messed them up for about two days. Hacking 1975 style.
Suzanne
@Four Seasons Total Landscaping mistermix:
Hospital hacks have been a huge problem for years and I don’t know if anyone bats an eye. It’s a mess.
WaterGirl
@Le Comte de Monte Cristo, fka Edmund Dantes: I won’t totally bash NextDoor because that’s how I learned when the local Health Dept opened up the vaccine to my group way ahead of schedule.
And it looks super useful if you have lost a pet.
I also found my current lawn mower that way.
Other than that, I mostly think “what a bunch of whiny bigots”.
WaterGirl
@Suzanne: Seems like it would be cheaper to have a crack IT staff at the hospital than it would be to pay 5 million or 50 million when the ransomware folks get you.
Nora Lenderbee
It’s been good for my employer (network security). The stock peeked above 20 for only the second time in at least 5 years. My Friskies coupons, aka RSUs, might actually break even some day. So … yay?
catclub
@WaterGirl:
Where did it get to?
The Pale Scot
@Cermet:
And I’ll bet it was running on ‘Doze XP.
Ruckus
@WaterGirl:
If they have abuse issues, wouldn’t going to pot be an improvement?
Ruckus
@WaterGirl:
A hard cost against a possible future cost, in the world of “All the Monies Are Mine!”
An MBA absolutely fixed tenet, Never pay up front unless it’s 1000% impossible not to.
NotMax
@Four Seasons Total Landscaping mistermix
Assumption that a shutdown was the aim not substantiated by reportage from knowledgeable sources. It was, as far as info provides right now, a consequence, not a goal.
The Pale Scot
@Cermet:
Red Sorm Rising