Your Tech Story

U.S Government

Colonial Pipeline

The White House working to aid the recent Colonial Pipeline Cyberattack.

Colonial Pipeline is the top U.S. pipeline operator which was recently attacked by a ransomware group. The U.S. government said that this group of hackers might be new but they aren’t amateur hackers. This attack has plummeted the oil supply thus forcing the company to shut down the oil supply in the eastern states of the nation. The White House is working closely with Colonial Pipeline to help them recover the losses after the cyberattack.

The suspect behind this Colonial Pipeline cyberattack is not yet made official but a couple of industry resources have informed Reuters that the group DarkSide is one of the suspects. Cybersecurity has mentioned that veteran cybercriminals constitute the group of DarkSide whose main focus is to squeeze as much as possible from their target. Tension among government officials and lawmakers has increased and this attack is one of the most disruptive digital ransom schemes ever reported. (Reuters)

Colonial Pipeline

After the change of the political scenario in the U.S., the pipeline fix became one of the top priorities for the Biden administration and Washington, said Gina Raimondo, Commerce Secretary. The U.S. government was working vehemently so that Colonial Pipeline could restart the 8,850km pipeline network stretching from Texas to New Jersey. She further mentioned that the White House is working closely with the company, state, and local officials so that the company gets back and up running as soon as possible.

Colonial Pipeline
Image Source: bloombergquint.com

Colonial Pipeline has mentioned on Sunday that the main pipeline network is not in operation at this moment. But there are some smaller lines between the terminals and delivery points which are currently operational. The company is uncertain as to when the company can resume the entire pipeline network again.

Oil Supply Disrupted

Colonial Pipeline is responsible for transporting approximately 2.5 million barrels of gasoline per day and other fuels. It is shipped from the Gulf Coast refiners to the mid-Atlantic and southeastern United States consumers. This pipeline network supports the major airports of the U.S. including  Atlanta’s Hartsfield Jackson Airport. One spokesperson from the Charlotte Douglas International Airport said that the airport has a supply on hand which is supplied by another major pipeline along with Colonial.

The compromise of the oil supply network will have a significant impact on the regional fuel supplies. Since the company is uncertain about when the company will be fully operational again, this outage will affect the southeastern United States, said American Automobile Association. Once the crisis tends to continue prices will accelerate substantially in the southeastern states. Some of the U.S. states that are very vulnerable to this situation are Tennessee, Georgia, and Maryland.

Suspected Criminals for the Cyberattack

The investigation led by the U.S. government is in its early stage but still many of the industrial experts and a former U.S. official suspect it to be the cybercriminal group called DarkSide. DarkSide is a professional ransomware group that avoids setting targets in the post-Soviet states. Their goal is to break into a network and then use software to encrypt the data while they steal data at times. Once this is done they ask for payment to decrypt the data. Additional payments are charged as they continuously threaten to publish the stolen content.

An unnamed source has said that this time the hackers stole more than 100 gigabytes of data from Colonial. While the FBI was working with both government and private officials, the hackers took the cloud computing system offline that they used to collect the stolen data. It seems that the data of Colonial was not further transported to any other system. The company has declined to make any further comments regarding DarkSide.

The Biden Administration

On Saturday, President Joe Biden was briefed about the Colonial Pipeline cyberattack and that the government was trying to restore the company and prevent disruption in supply. The lawmakers are looking forward to working more with privately-held critical infrastructure companies to guard against cyberattacks. (Reuters) U.S. Senator, Bill Cassady has said that this is a question and threat to national security and something that the Democrats and Republicans can work on together.

The Federal Motor Carrier Safety Administration is issuing temporary hours of service exemption so that refined products are transported to 17 southern and east coast states including Alabama, Delaware, Florida, Georgia, New Jersey, and New York. Alternative transportations can be required at any hour and the oil refining companies are looking into it.

U.S

U.S government agencies attacked by hackers putting the Russians in question

According to FireEye, a top cybersecurity Silicon Valley company, hackers broke into the network during the software update. FireEye is the first call for any U.S. government agencies to detect and prevent major cyber attacks. The company said that the hackers used “novel techniques” to breach the network and these techniques could possess a new threat to the world. It was only a few days ago that the U.S. warned the nation’s cybersecurity department that cyber actors linked to the Russian government are trying to manipulate sensitive data.

After FireEye was attacked by this “global intrusion campaign” many experts including the company suspect that Russian hackers are responsible for this act. The U.S. government hasn’t publicly identified Russians as hackers. But, the fact that a few days ago foreign government hackers broke into FireEye’s network and stole their own hacking tools makes everything very shady.

How badly it can affect the U.S?

Yesterday, FireEye posted a blog post saying that they have identified a global campaign that introduces a compromise in private and public networks of any targeted organizations through the software supply chain. It also further said that “This compromise is delivered through updates to a widely-used IT infrastructure management software – the Orion network monitoring product from Solar Winds.”

If the nation, most probably, the Russians were able to successfully plant this compromise in the network, this will shake the security system of the United Nations. Solar Winds Corporation is responsible for selling technology products to a Who’s Who list of sensitive targets. It involves a vast network including the State Department, the Centers for Disease Control and Prevention, the FBI, the U.S. military, most companies of Fortune 500, and many more. This is a very intense situation as the vulnerable information of major departments of a nation’s security and the multination companies are involved.

U.S

FireEye further informs that these hackers not only hit organizations in the U.S. but also Europe, North America, Asia, and the Middle East. They target mainly government sectors, telecommunication industry, oil, and gas, etc. The U.S. government has been made aware of the entire situation. John Ullyot, a spokesperson for the National Security Council said that the government is taking all the necessary steps to provide a remedy to every identified damage caused. Currently, the FBI and the Department of Homeland Security’s cybersecurity arm are investigating the matter.

Focus on the U.S. government 

According to Reuters, the attack involved the hackers snooping around on emails of the U.S. Treasury Department and a part of the Commerce Department. According to some experts, these hackers are backed by the Russian government themselves. A thorough analysis by FireEye showed that this campaign has targeted the U.S. government and beyond involving top-tier operational tradecraft and resourcing companies from the spring of 2020.

These hackers are very efficient and they rarely keep track behind. It can be a possibility that the hackers saw an advantage of timing as the American government agencies including FireEye were all focused on securing the servers for the presidential election. This is not new as the Russians also targeted the election system during 2016. The 2016 hack was known as the biggest cybersecurity theft and the group remains unidentified.

For several months the U.S. government is focusing on detecting and countering the Russian interference in the nation’s presidential election. Through the government agencies were quite successful in creating stronger cybersecurity, a senior director at FireEye said that “it is the most effective cyber-espionage operations we have seen in quite some time.”

A proper investigation by the FBI

The number of casualties is increasing due to the compromise in the networks. Solar Winds mentioned that one of the software update systems for a particular product was used to send malware to the customers. Since the products got manipulated, the number of victims will eventually cross thousands. Yesterday, the company was aware of 25 entries that were affected by the update system.

The investigators are trying to trace the digital tracks of these hackers. While investigating they have discovered that FireEye is the first victim to spot this breach in the network. This means there are possibly many victims whose server has already been compromised. It will take days and weeks to estimate the damage already caused by these hackers. According to the Washington Post, a Russian hacking group known as Cozy Bear is behind this campaign.