Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

Thread Starter

nsaspook

Joined Aug 27, 2009
8,382
https://www.bloomberg.com/news/arti...eline-paid-hackers-nearly-5-million-in-ransom
“They had to pay,” said Ondrej Krehel, chief executive officer and founder of digital forensics firm LIFARS and a former cyber expert at Loews Corp., which owns Boardwalk Pipeline. “This is a cyber cancer. You want to die or you want to live? It’s not a situation where you can wait.”
...
Krehel said a $5 million ransom for a pipeline was “very low.” “Ransom is usually around $25 million to $35 million for such a company. I think the threat actor realized they stepped on the wrong company and triggered a massive government response,” he said.
It's time to send the IMF team for a hacker raiding party.
 

Lo_volt

Joined Apr 3, 2014
189
When you cause pain to millions of people in pulling a stunt like that, you've got to expect a pretty aggressive response. I hope they nail the perpetrators.

That being said, any company the size of Colonial should already have backups and redundancies in place to avoid this kind of situation. As far as I understand ransomeware attacks, daily backups are instrumental in rebuilding networked systems and are the best insurance along with a rebuild plan should an attack take place. In these times, there's no excuse for an IT department not to have remotely stored backups.
 

SamR

Joined Mar 19, 2019
3,409
Strange... Read a news article saying they weren't going to pay? Thought it was against US law to pay bribes/ransom? Time to electronically "nuke" somebody. Agree that someone at Colonial dropped the ball with IT security.
 

Thread Starter

nsaspook

Joined Aug 27, 2009
8,382
Strange... Read a news article saying they weren't going to pay? Thought it was against US law to pay bribes/ransom? Time to electronically "nuke" somebody. Agree that someone at Colonial dropped the ball with IT security.
I'm pretty sure the lawyers approved the payment and notified the government as usually as it's a small amount in the big scheme of things. Overseas we were told to pay a reasonable amount if a family member was held just for money by common criminals.


They should have done this.
Put a bounty on the head of the hackers.
 

SamR

Joined Mar 19, 2019
3,409
We don't even get any gas from the Colonial pipe here in south GA and N FL but stations have run out due to panic buying because of what idiots think they see or read.
 

Thread Starter

nsaspook

Joined Aug 27, 2009
8,382
There is a simple way to avoid being hacked... unplug from the internet.
Why can't companies figure that one out?
If only that were possible in the modern age. It's not even a consideration because connectivity is a absolute requirement to run a modern business across several states and most likely countries.
 

SamR

Joined Mar 19, 2019
3,409
We had a Defender dial up system. You dialed in and IF your number was on the approved list it called you back at the approved number. Of course vetting personnel is always a problem. All MS games were removed from the approved Windows install on all corporate computers. Then we gave all employees an email address. Didn't take them long to figure out they could email themselves from home with games attached. IT security is a constant battle and BIG headache. Now with USB thumb drives...
 

MrChips

Joined Oct 2, 2009
23,528
If only that were possible in the modern age. It's not even a consideration because connectivity is a absolute requirement to run a modern business across several states and most likely countries.
True, I understand. I also understand why people want/need to connect to their computers remotely. But when security is at stake, why not have your own private network?

Why is the global community running on MS WIN that is so flawed?
There is a simple way to make networked computers immune to hacking.
 

Thread Starter

nsaspook

Joined Aug 27, 2009
8,382
True, I understand. I also understand why people want/need to connect to their computers remotely. But when security is at stake, why not have your own private network?

Why is the global community running on MS WIN that is so flawed?
There is a simple way to make networked computers immune to hacking.
We have VPN's build on public connectivity so we do have private networks with encryption. You simply can run't a business without internet public access today. The simple act of ordering spare parts requires internet access. Vendor information is accessed online, the list is endless. The NSA can't make networked computers immune to external hacking unless you have compartmentalized access and even that is not perfect (Edward Joseph Snowden) , you can only have resistance to hacking.
 

MrChips

Joined Oct 2, 2009
23,528
When you need vendor information you use computers set up for that purpose.
You don't run your secure system on the same computer that is connected to the internet.
 

MrChips

Joined Oct 2, 2009
23,528
Imagine that you have contracted a builder to build your home.

After you have moved in, the builder requests a key to your home so that they can come in and correct mistakes and make upgrades as they please. Imaging coming into you home and finding all the furniture, wiring and plumbing moved around. You would never allow that to happen.

Yet that is what we do with all of our electronic gadgets such as smart phones and computers.

You might as well give a key to house burglars to come in and raid your home. But they don't need it. There are enough unsecured doors and windows designed by the builder that burglars have easy access.
 

Ylli

Joined Nov 13, 2015
1,051
The normal procedure to recover from Ransomware is to reboot and restore from your latest backup. For something as critical as a pipeline, I would expect they would be doing backups on an almost continuous basis. With all the $$ this company was likely paying its IT team, why did this turn into a big deal?
 

SamR

Joined Mar 19, 2019
3,409
Why is the global community running on MS WIN that is so flawed?
You can lay the blame for that on IBM. It was so popular that clones started appearing and MS-DOS had NO software protection. So most clones were running on bootleg software. When companies finally started buy clones they bought the MS-DOS that the clone manufacturers were packaging with the product. Same thing with AutoCAD. When CAD first started out there were bootleg copies of AutoCAD running on desktop clones at home. So when engineering managers asked their guys about CAD, they smiled and pulled their bootleg copy of AutoCAD out of their desk drawer. The first AutoCAD I saw was a terrible hatchet job of MS-Paint. It was absolutely horrible and more akin to Paint than an actual engineering drawing solution. Most CAD of the time required an Engineering Workstation or Mini Mainframe to run on and the cost per seat was ~$100,000 and up. Tom Lazear developed at that time VersACAD which beat AutoCAD hands down and was a true engineering drawing package. But! It required a dongle to run and the per seat cost was ~$10,000. Once again, when the boss came around there were NO bootleg copies. VersACAD was every bit as good as the big iron workstation apps. When DOS went to windows, VersACAD got sold by the developer to CADAM which promptly put it on the shelf so it wouldn't compete with their big iron apps and it never made the transition to windows and AutoCAD did. Tom Lazear eventually bought VersACAD back and transitioned it to windows but it was too late and the industry in the meantime had transitioned to AutoCAD on desktops. VersACAD still exists but with a very minor market niche. Laughingly some of the first desktop computers went to secretaries for word processing who were utterly clueless about what to do with them.
 
Last edited:

Thread Starter

nsaspook

Joined Aug 27, 2009
8,382
When you need vendor information you use computers set up for that purpose.
You don't run your secure system on the same computer that is connected to the internet.
It's obvious you don't work in a modern engineering dept with diverse systems. I say this because every IT and EE system past the front door is secure in the sense that the people inside those doors provide a security environment to stop external threats. The idea that some sort of air-gap separation of public and private office computers is the key to hackers is impractical for modern business system that need to interface with scores of networked systems needed to manage a typical daily work-flow.
 
Last edited:

MrChips

Joined Oct 2, 2009
23,528
You can design networked systems for efficient and effective flow of information. Once you allow someone to be able to download executable binary into your system, well, all bets are off.

I have a robotic mower on my lawn. There is absolutely no way that someone can remotely access the system and download rogue software.
 

Thread Starter

nsaspook

Joined Aug 27, 2009
8,382
You can design networked systems for efficient and effective flow of information. Once you allow someone to be able to download executable binary into your system, well, all bets are off.

I have a robotic mower on my lawn. There is absolutely no way that someone can remotely access the system and download rogue software.
Executable binaries. That's a 1990's threat.

If it has WiFi there's a very good chance it can be hacked using 20y.o. networking implementation bugs in just about every wireless product known to man unless it's been recently patched.
https://www.krackattacks.com/
https://techxplore.com/news/2021-05-newly-wi-fi-vulnerabilities-fragattacks-mobile.html
 

MrChips

Joined Oct 2, 2009
23,528
I make the analogy with the internet and money. Both were created with good intentions and huge benefits to individuals and society. Both have been co-opted by power and greed and used for nefarious activity.
 
Top