Hackers Have the Upper Hand

Ransomeware!

.

Hackers have used a ransomware attack to shut a major American oil pipeline down for several days, forcing the Biden administration to declare a regional state of emergency to keep some of the oil supply moving until the pipeline can function again. The cyberattack looks to be the largest ever on an American energy system, and yet another example of cybersecurity vulnerabilities that President Joe Biden has promised to address. In the meantime, gas prices have spiked and gas stations are running out of supply due to customer hoarding.
.
/snip/
.
“It’s much easier to understand the impact of a cyberattack if it directly impacts your day-to-day life,” he added.

The FBI has confirmed that the ransomware used is linked to the hacker group called DarkSide, believed to be based in Eastern Europe. DarkSide does not appear to be linked to any nation-states, saying in a statement that “our goal is to make money, [not to create] problems for society” and that it is apolitical.

According to cybersecurity company Check Point, however, DarkSide supplies its ransomware services to its partners. “This means we know very little on the real threat actor behind the attack on Colonial, who can be any one of the partners of DarkSide,” Lotem Finkelstein, Check Point’s head of threat intelligence, told Recode. “What we do know is that to take down extensive operations like the Colonial pipeline reveals a sophisticated and well-designed cyber attack.”

.

When are we going to wake up about the unmitigated disaster of digital technology? There is no way to prevent hacking of anything -- all you can do is make it harder, sending the criminals off to easier targets elsewhere.

Our society is eating itself alive, from the inside out.
.

Ransomware attacks generally use malware to lock companies out of their own systems until a ransom is paid. They’ve surged in the past few years and cost billions of dollars in ransoms paid alone — not counting those that aren’t reported, or any associated costs with having systems offline until the ransom is paid. Ransomware attacks have targeted everything from private businesses to the government to hospitals and health care systems. The latter are especially attractive targets, given how urgent it is to get their systems back up as soon as possible.

Tags: 
Share
up
11 users have voted.

Comments

When are we going to wake up about the unmitigated disaster of digital technology? There is no way to prevent hacking of anything -- all you can do is make it harder, sending the criminals off to easier targets elsewhere.

Businesses just see this as a potential cost of doing business. What gets me is the negligence, when applicable. Companies would rather risk a situation than spend the money to secure systems because doing it right costs and there is always a chance you don’t get hacked. Behind so much of this is an IT person who tried to warn them.

But I don’t see things changing. So much of this stuff would almost be impossible to take off line even if you wanted to.

up
15 users have voted.

Just another Bozo on the bus.

@Dr. John Carpenter .

along with a shit load of other things that we have built into the structure of our daily life.

Most of them unsustainable.

Might as well enjoy the ride, I actually agree. It beats wearing a sandwich board.

up
11 users have voted.

I cried when I wrote this song. Sue me if I play too long.

@fire with fire I’m trying not to get bent out of shape over things I can’t control and make the right decisions on the things I can. Always trying to be excellent to those around me and welcome others who are seeing this stuff to the club. Lol

up
10 users have voted.

Just another Bozo on the bus.

@fire with fire The open source OS named Linux works well and IMO is a lot less vulnerable to attacks.
You can get by using Linux Operating System on your computer with a minimal amount of tech knowledge.

up
4 users have voted.

@jbob .
.

Personally, I do not care if my little laptop computer gets hacked. The only money I have in the bank is not accessible online. Beyond that, more power to the hackers if they want to read my thousands of tedious emails.

They have ten zillion ways to get my credit card numbers, and they could get them from my computer, too. I look at that as a society-wide threat which is the point of this thread.

Thanks for the advice on Linux. As I said in my opening note, the best anybody can do at any level is reduce the risk. The technology itself that I am using right now is the problem. It is inherently insecure as this story shows. Days into the "event" the authorities were still trying to figure out how to break the lockout of the pipeline company's computer system.

For my job, I am required to watch cyber security videos. Each of 65 sessions so far begins with a short description of a real hack that happened to real people. Just as the part of the Vox article I quoted, these "incidents" are proliferating. At least billions of dollars have already been "earned" by the cyber gangsters -- there is no realistic incentive for them to stop playing the mafia shakedown game.

Nothing is going to reverse this trend. Therefore, eventually, the gangsters will have everything and society will collapse.

Sandwich Board Out.

up
3 users have voted.

I cried when I wrote this song. Sue me if I play too long.

@fire with fire Hey, If you were hit at home by a ransomware attack everything you have on your computer that you seem to enjoy using would be lost unless you are either backing it up several times every day or you pay the ransom. Including the use of that device in the short term. So your ranting about money in the bank and how you don't care if they read your email doesn't fit in with your original post subject. I don't get it! WTF?

up
2 users have voted.

@jbob
.

I did not make myself clear about my point. Almost nobody on the thread got what I was intending to convey -- the problem I am lamenting is not ransomware. That is just the specific headline du jour showing that society, as a whole, has cut its own throat by putting its faith in digital technology. The first response was very reasonable -- a fatalistic take of what are ya gonna do?

A couple of posters find some kind of fault in the opening post because maybe there wasn't any ransomware attack. Maybe it was a fake ransomware attack. Gotta love computer geeks. Craziest human beings in the history of the planet. I am ready to believe that the pipeline company made a false flag attack on itself to hide other bullshit they were pulling. Damned plausible take.

And this is supposed to reassure me that hacking isn't really the cause of this particular "news" story?. Hacking just provides the excuses for Hillary and anybody else who fucked up. Just claim you got hacked.

Why does that story "work"? Because it is so fucking plausible!!!

.

Shifting from the global to the personal -- I bought my laptop computer three years ago for about $450. It is a very useful tool for internet access, email and word processing. I had a malware attack on a PC about 15 years ago and the result was for me to throw that box away. It had cost about a grand two years earlier and I had to buy a new computer. I have been careful since then not "store" anything I really care about in any personal computer or smart phone.

If I were to get a ransom demand, I would do the same thing. Take the piece of shit to the nearest recycling center and throw it away. I would "lose" all my Word files -- just like I always lose my Word files when I get a new computer. No loss at all.

If they enjoy reading other people's mail they can have all of the 20,000 or so emails that are stored through Outlook. I never put anything in an email that I would not want to hear read out loud in court -- I am in a very contentious business.

None of these personal adjustments to the reality of a Suicidal Digital Culture have any bearing on my assessment that Digital Technology is Cultural Suicide. As an individual, I can keep my money in a bank without internet access to keep anybody from robbing me through my computer. Obviously, hackers could steal my money through the bank.

My defense is the old fashioned defense. I don't have enough money for anybody to care much about stealing it. If you can hack into a multi-national bank, you're not looking for my piddling little savings account. I would much prefer not to have to worry about that, but installing Linux on my laptop will not help at all.

Final note, I stick out like a sore thumb on this board because I look at things from a very wide perspective -- as wide as possible. On the internet, people mainly argue about details -- such as the "real" story behind this ridiculous gasoline shortage. If you can tell yourself that someone is to blame -- or at least that there is some rational explanation for such a weird frustration for hundreds of thousands of our fellow citizens -- it is a little easier to rationalize the crumbling of civilization that is taking place right before our eyes.

If any geek can offer a way to prevent hacking altogether, I will stand up and cheer. Otherwise, nothing is secure.

up
2 users have voted.

I cried when I wrote this song. Sue me if I play too long.

@fire with fire If you needed to get set up again after an attack, all you need to replace is the hard drive. This is an inexpensive (using free OS linux) and easy to do on your own kind of task. Unless you're ready for an upgrade anyway no need to toss the entire machine.
One reason linux is generally safer is that very few people use it. This makes development of malware to attack it a loser in cost / benefit analysis.

up
2 users have voted.
QMS's picture

not a bug (shh, it's secret)
just ask the nsa, cia, fbi
and the other subsidiaries of alphabet.com

up
11 users have voted.
Pricknick's picture

There are questions about whether or not the attack shut down the pipelines or shut down billing.
If the lines were shut down by colonial because of the inability to receive payments, heads should roll.
I know......in my dreams.

up
10 users have voted.

Regardless of the path in life I chose, I realize it's always forward, never straight.

PriceRip's picture

          I am troubled by the suggestion that back door access is in anyway inherently nefarious.

          I am wondering if you think hackers are somehow "the enemy", or criminal, or whatever derogatory term you prefer.

          I wonder how old some of you are, and/or how much you know about how computers actually function.

          The sad truth is that too many "computer science" students don't really understand their subject. That is they are not real computer scientists, and they really muck up the system from time to time.

up
8 users have voted.

@PriceRip What exactly are you saying?
Hacking is good? Back doors are good?
Computer science students of today aren't as savvy as cs students of yore? What do the old timers know that the youngsters do not?
The 2 FBI employees I know explained to me that back door was pure spying mechanism.
Well, they said hacking for good is good, but for bad is bad, meaning, when law enforcement does it, it saves democracy. Otherwise, not good.
BTW, both persons were computer tech wizards for the FBI.

up
9 users have voted.
PriceRip's picture

@on the cusp

          Hacking is not a necessarily a bad thing. The best sys admins are the best because they are able to hack with very little effort.

          Back doors allow sys admins to recover from all sorts of user fuck-ups.

          Your FBI employees are lying to you.

Well, they said hacking for good is good, but for bad is bad, meaning, when law enforcement does it, it saves democracy. Otherwise, not good.

They sound like corrupt cops to me. The "when law enforcement does it" exemption is a "big tell".

          Back in the old days we sometimes used the terms "black hat hacking (hackers)" versus "white hat hacking (hackers)". The term "hacker" is neutral and only implies a set of skills needed to do a job well.

          As for the new generation versus us "old timers" far too many don't really understand how a computer works. I got bored with computer "science" classes. So, I just spent my time doing machine coding, exploring how to write "pseudo-thinking machine" programs, and dreaming of the day (not in my lifetime) we can actually construct functioning quantum computers that will surprise the classicists.

up
11 users have voted.

@PriceRip The fbi woman quit. She was EXTREMELY concerned. Neither were my employees. The guy was an expert witness for the state at the time I was the defendant's attorney. My expert witness was the computer tech guy who designed the module for the moon landing at NASA. The woman is a person I took into my home every summer for her high school years to help her family, who could not afford to feed her. She is practically family.
I get your point about good/bad hackers, at least I think I do. I just do not agree with the capability of anyone to hack into a computer of a private citizen for any reason. Maybe you are pointing towards corporations.
But, unlike the fbi guy, the fbi girl, and the NASA renown expert, all of whom had computer science degrees, everyone else is a do it yourself, self-taught.
I can put them on the stand as an expert witness, but not self-taught.

up
9 users have voted.
PriceRip's picture

@on the cusp , that's why we have a bit of a barrier between us just like the one I have with my daughter.

          If you look at my profile this all will make a bit more sense, maybe. In reality the word "hacker" is ill defined when used without a modifier. It has become the custom to use it in the narrow sense of "bad". This is like the time lawyers allowed the testimony of an expert "hydrologist" to be recorded into hearing's documents even though the testimony was gibberish. For technical reasons I could not be sworn in, so I could not discredit this unconscionable hack.

I just do not agree with the capability of anyone to hack into a computer of a private citizen for any reason.

          If you have ever had a computer repaired, the tech probably hacked it seven ways from sunday. My favorite tech is Sam at Simply Mac in Lincoln Nebraska, he is an especially adroit hacker. He created the best machine ever for me. Then, unfortunately, a short time ago I made the mistake of taking it to a ship of fools out here on the west coast. I may never see Sam again, and all will be lost.

          The best expertise probably resides in those "do it yourself, self-taught" savants. It is unfortunate that the rules of engagement in a courtroom are so very out of touch with reality. My daughter faces it daily, but she is a very clever person. So, I see a very bright future for her.

up
8 users have voted.
Lookout's picture

to drive up the price of oil, which was beginning to fall. After all, the banks are overextended funding our nonprofitable (lose-lose) fracking industry.

Oil is now increasing in price

oil price.png
up
6 users have voted.

“Until justice rolls down like water and righteousness like a mighty stream.”

@Lookout
.

I would not rule that out, but that just restates the problem with digital technology providing the locus for almost all economic activity. The social purpose of moving petroleum from Texas to New Jersey is to get energy to tens of millions of people -- all of whom have their own economic contributions to make with that energy.

It does not matter if criminals can shut down hundreds of gas stations or if the owners of the company can hide behind "criminals" to close hundreds of gas stations. The result is the same for society.

No security.

up
1 user has voted.

I cried when I wrote this song. Sue me if I play too long.

earthling1's picture

@Lookout
Colonial had to shut down the pipeline to repair a horrible leak that was first noticed last August by a couple of teens riding ATVs. Over a millipn gallons of fuel drained away since just that time. It is not known how long it has been leaking.
Knowing it was going to cause havoc ( gas lines, shortages, impacting the economy nationwide), Colonial probably faked the attack to avoid the bad PR and insulate itself from lawsuit by blaming the shutdown on Russia, or some such, making it a terrorist attack.
It doesn't take a week to ten days to remedy a software attack. It does take that long to repair a major leak.
You can bet Colonial won't be cleaning up the spill either. That will be left to the taxpayers if it happens at all.
The teens that discovered the massive leak were awarded the "Keys to the City of Huntersville, NC
Story from WCNC Charlotte.

up
3 users have voted.

After six years, still getting robo-calls from Marriot Hotels.
They're like herpes.

PriceRip's picture

@earthling1 , the original post was incomplete.

RIP

up
2 users have voted.
enhydra lutris's picture

qua disputation between some.

For the record, I haz hacked, more than once, no further details on 'puter/network hacking will be forthcoming, but I suspect some here know that such endeavors can run the gamut from trivial and mundane to much, much more.

However, I wish to point out some language history. This just might be very clarificatory, or maybe not. Back before computers were remotely commonplace the word "hack" entered the language in various forms. One, derogatory form, was to hack at something as opposed to doing it smoothly, properly and with finesse, leading to the descriptor of those who followed such an approach to certain things as being "just a/some hack", like maybe the shade tree mechanic who cross threaded your fan belt tensioning bolt.

For the other version, directly leading to today's use I give you phantom dialogue

Distraught person "This [thing or process] won't [work, come apart, go together, start, stop, whatever]. Joe, Mary and Sam all tried and none of them could get it either"

Known Puzzle Solver [often part or fully self taught & often something of a jack-of-all-trades]: "OK, let me take a hack at it"

In that usage, vast numbers of haxxors are out there and have been for long ages now, including a lot of you. The genesis of the modern usage lies in the fact that there isn't some sort of comprehensive manual and specified routine being followed and, often, experimentation is/was involved - "have you tried hitting control C right about NOW?".

be well and have a good one

up
9 users have voted.

That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

@enhydra lutris

up
5 users have voted.

"Without the right to offend, freedom of speech does not exist." Taslima Nasrin

PriceRip's picture

@enhydra lutris , I have (maybe had ... it's been many decades) a friend that was given a position at a very prestigious institution. After a short time he resigned as the daily routine was so very repetitive and not challenging ... go figure ... Pardon

up
3 users have voted.
PriceRip's picture

@PriceRip reply in wrong pew.

RIP

up
0 users have voted.