Ransomware Attacks and the Impact on Bitcoin's Legality

  • Thread starter Office_Shredder
  • Start date
In summary: These days it's a given that this kind of activity will happen, since it's been happening ever since people connected to the internet. In summary, people are panicking buying gasoline since the pipeline shut down which is causing stations to run out of fuel. A couple states declared emergencies, maybe just to keep gas stations from increasing their prices. It seems worrisome that a ransomware attack can kind of do this by accident.
  • #1
Office_Shredder
Staff Emeritus
Science Advisor
Gold Member
5,666
1,568
https://www.cnn.com/us/live-news/us-gas-demand-hack-05-11-21/h_aec99324453877809802aa2247db9403

Apparently people are panicking buying gasoline since the pipeline shut down which is causing stations to run out of fuel. A couple states declared emergencies, maybe just to keep gas stations from increasing their prices.

Anyone have any thoughts on the situation? It seems worrisome that a ransomware attack can kind of do this by accident.
 
Physics news on Phys.org
  • #2
It seems worrisome that a ransomware attack can kind of do this ...
I'd feel better if a Seal Team would take out the perpetrators. :devil:
 
  • Like
  • Love
Likes 2milehi, russ_watters and berkeman
  • #3
Office_Shredder said:
Anyone have any thoughts on the situation?
I like price gouging. It encourages people to buy only what they need, unlike the ^%^$# at Costco who bought an entire pallet of toilet paper last March. (That's 2880 rolls)
 
Last edited:
  • Like
Likes NTL2009, Mondayman and russ_watters
  • #4
Vanadium 50 said:
I like price gouging. It encourages people to buy only what they need, unlike the ^%^$# at Costco who bught an entire pallet of toilet paper last March. (That's 2880 rolls)

I agree if someone is going to go fill up 200 gallons of canisters in a situation like this that you should make sure they really need that gas in some way, and charging them double or triple is a pretty good method. There are other ways to achieve this though, for example make everyone wait in line for 30 minutes and let them get at most 10 gallons of gas at the end of it. If you really need 200 gallons of gas you'll need to spend 10 hours of time to get it.

I know this sounds crazy, but I think this is might be preferable for reasons I would be happy to talk about, but maybe not in this thread since we would probably swamp the ability of anyone to talk about the actual pipeline or other things surrounding it.
dlgoff said:
I'd feel better if a Seal Team would take out the perpetrators. :devil:

https://www.theverge.com/2021/5/10/...eline-ransomware-attack-apology-investigation

The hackers basically apologized for hitting too high value of a target and said they would be more careful in the future. Obviously they are hoping to avoid exactly something like this.
 
  • Like
Likes russ_watters
  • #5
The hackers basically apologized for hitting too high value of a target and said they would be more careful in the future. Obviously they are hoping to avoid exactly something like this.
:doh:
 
Last edited:
  • #6
Office_Shredder said:
The hackers basically apologized for hitting too high value of a target and said they would be more careful in the future. Obviously they are hoping to avoid exactly something like this.
Link? That's not what I heard on the US national TV news 30 minutes ago...
 
  • Love
Likes dlgoff
  • #7
How is this persumed attack, by a bunch of Russian hackers, distinguished from an attack by the Russian governement, hiding behind the fromt of a bunch of hackers (conveniently in Russia as I understand)?
 
  • #9
BillTre said:
How is this persumed attack, by a bunch of Russian hackers, distinguished from an attack by the Russian governement, hiding behind the fromt of a bunch of hackers (conveniently in Russia as I understand)?
Russian government wouldn't care about extracting a few tens of thousands of dollars from random small entities. For them it would be all about the damage.
 
  • Like
Likes Astronuc
  • #11
russ_watters said:
Russian government wouldn't care about extracting a few tens of thousands of dollars from random small entities. For them it would be all about the damage.
You can bet your sweet bippy the Russian government (and the Chinese, and everyone else) is watching this closely to gauge the US's resilience. (And no, I don't think the Russian government was behind this; for them it was a happy accident.)
 
  • Like
Likes russ_watters
  • #12
berkeman said:
Oh, thanks. Apologized for the social consequences, hmm. Not sure I believe they are sincere in that apology -- possibly part of the end game...
I do. These types of guys are known for excellent customer service, limiting collateral damage and being discrete. It's critical to their business model to have that reputation, since you have no repeat customers, but instead rely heavily on word of mouth to entice new buyers. Triggering a public disaster is potentially very bad for them.
 
  • #13
russ_watters said:
Russian government wouldn't care about extracting a few tens of thousands of dollars from random small entities. For them it would be all about the damage.
Sounds just like interfering with an election to me ,and seems similar to this situation.
 
  • #14
Office_Shredder said:
Anyone have any thoughts on the situation? It seems worrisome that a ransomware attack can kind of do this by accident.
These days it's a given that this kind of activity will happen, since it's been happening ever since people connected to the internet. Colonial Pipeline had poor cybersecurity practices to allow hackers to breach whatever security they had (there are two ways: 1) they sent a phishing email with a line to malware, or 2) they breached a firewall or server security. This is why many companies demand employees use hard passwords, receive cybersecurity training (e.g., be aware of suspicious emails), why the network and devices connected to the network should use some reasonably strong encryption and/or two part authentication, and so on.

I've heard various discussions about the cost of cybersecurity. For some companies, they feel it is less expensive to pay the ransom than the millions of dollars required to secure their systems.

I've also heard someone suggest the critical infrastructure like oil/gas/chemical pipelines, water supply systems, electrical transmission and distribution systems, power plants, . . . all have a separate, secure network, which is not connected to the public internet. Well, duh! The financial system in the US, and perhaps other nations, has such a secure network.
 
Last edited:
  • #15
BillTre said:
Sounds just like interfering with an election to me ,and seems similar to this situation.
I don't see what similarity you are referring to. The people involved, tactics and outcomes are all different. When your goal is to cause damage in secret, you don't identify yourself, apologize or willfully act to reduce/end the damage*.

This looks like just a run-of-the-mill low-end ransomware attack that happened by coincidence/accident to take down a piece of critical infrastructure. That's a disastrous outcome for the attackers.

[edit]
*Let me elaborate on that just so it's clear: an entity that is doing ransomware is in it for the money, not the damage it causes. It's a business. The business sells a product: encryption keys. It wants to operate quietly, but can't be totally secret because it needs to communicate with the victims to exchange money and the encryption key. It also needs the product to be reliable, otherwise word would get out that it isn't reliable and people would stop buying it. So it needs good customer service/technical support. They want the victim to get their system back up and running as quickly and painlessly as possible, minus the cost of course.

They also don't want publicity. Governments discourage paying the ransom - they've even considered making it illegal. That would destroy the industry, so they want to operate below the radar, making their simple transactions quickly and quietly. I haven't seen it said, but I assume the publicity surrounding this and the long delay in getting service back means that Colonial didn't pay the ransom. Instead of a simple, low-key transaction worth a few tens of thousands of dollars for a week's work, the attackers now have international press and an FBI investigation. This all went very badly for the attackers.

This is wholly different from an attack intended to cause damage. Heck, I'm not even sure what "interfering with the election" even means here. It's kind of a vague, catch-all.
 
Last edited:
  • Like
Likes Vanadium 50
  • #16
Office_Shredder said:
It seems worrisome that a ransomware attack can kind of do this by accident.
Astronuc said:
These days it's a given that this kind of activity will happen, since it's been happening ever since people connected to the internet. Colonial Pipeline had poor cybersecurity practices...

I've heard various discussions about the cost of cybersecurity. For some companies, they feel it is less expensive to pay the ransom than the millions of dollars required to secure their systems.

I've also heard someone suggest the critical infrastructure like oil/gas/chemical pipelines, water supply systems, electrical transmission and distribution systems, power plants, . . . all have a separate, secure network, which is not connected to the public internet. Well, duh! The financial system in the US, and perhaps other nations, has such a secure network.
It is worrisome and the attitude Astronuc is describing is bizarre to me. In some cases the better security practices are free or cheap. I've been in this conversation before: "Does this piece of process equipment really need an internet connection tunneled through our firewall so the vendor can see how it is running?" How about; "No."
 
  • Like
Likes NTL2009 and ChemAir
  • #17
I have some sympathy for Astronuc's position. To do it right takes actual design. To the question "Does this piece of process equipment really need an internet connection tunneled through our firewall so the vendor can see how it is running?" the answer may be "yes", but the follow-up question would be "from every IP address in every country?"And then "24/7?" One secure network I am familiar with grants access based on a phone call - you run an app on the computer that requests access, then you call, and someone talking to you can see the request and approve it. Or not.

The problem - or at least one big problem - is that security people often have "No - you don't need that" as their response to every question, without understanding (or wanting to understand) the business case. Because people need to do their jobs, they create workarounds that are often much worse than what they asked for in the first place. For example, shared passwords.

It's not that designing in good security is impossible. It's just that it's cheaper to hire someone whose job it is to say "no" than to have a team in place that can build a robust system that is secure and can adapt and evolve.
 
  • Like
Likes Twigg and russ_watters
  • #18
russ_watters said:
Instead of a simple, low-key transaction worth a few tens of thousands of dollars for a week's work, the attackers now have international press and an FBI investigation. This all went very badly for the attackers.
To be fair, the responsibles promised to do a better job of picking their victims in the future.
 
  • Haha
Likes russ_watters
  • #19
Vanadium 50 said:
To be fair, the responsibles promised to do a better job of picking their victims in the future.[emphasis added]
Customers. We're not a cable company here.
 
  • Haha
Likes Twigg, Frisbee and Vanadium 50
  • #20
Here us the actual statement: "Our goal is to make money and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

I don't want to speculate which country they are from, but notice that there aren't many articles in there. Must keeel Moose and Squirrel.
 
  • Like
Likes russ_watters
  • #21
Vanadium 50 said:
"Our goal is to make money and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
I wonder if that means they won't target hospitals anymore...

https://www.beckershospitalreview.c...urs-prompts-us-advisory-8-things-to-know.html

6 hospital ransomware attacks in 24 hours prompts US advisory: 8 things to know
 
  • Like
Likes russ_watters
  • #22
berkeman said:
I wonder if that means they won't target hospitals anymore.
I don't think it means a damn thing.
 
  • Like
Likes berkeman
  • #23
https://www.acronis.com/en-us/articles/darkside-ransomware/

This group does actually claim to not target hospitals.

The idea of a hacker group that finds targeting midsize companies profitable enough to not hit hospitals seems plausible enough to me. It may or may not be true for this group, who knows.
 
  • Like
Likes russ_watters
  • #24
  • #25
Office_Shredder said:
This group does actually claim to not target hospitals.

Dreyfuss: The beggar was the lookout man for the gang!
Clouseau: That is impossible.
Dreyfuss: Why?
Clouseau: He was blind. How can a blind man be a lookout?
...
Dreyfuss: How do you know he was blind?
Clouseau: He told me.

Office_Shredder said:
was there actually any gas shortage anywhere
Are you asking that in a counterfactual world where the gas was not flowing but people did not know that would any station have run out? Probably. Gas stations get their gas every 2 or 3 days and the outage was 5 days long.
 
  • Haha
  • Like
Likes 2milehi and Astronuc
  • #26
Vanadium 50 said:
Are you asking that in a counterfactual world where the gas was not flowing but people did not know that would any station have run out? Probably. Gas stations get their gas every 2 or 3 days and the outage was 5 days long.

Yes, that is what I'm asking. I think I read somewhere that gas demand was increased by 40% in the southeast, but I wasn't actually able to verify this statement with a more primary source.
 
  • #27
Office_Shredder said:
Yes, that is what I'm asking. I think I read somewhere that gas demand was increased by 40% in the southeast, but I wasn't actually able to verify this statement with a more primary source.
I heard on the radio (NPR) that the SE would be hit particularly hard, and so, I expect some people went immediately to fill up. I saw someone today filling up multiple cans in the back of a truck. I don't know if that is normal, e.g., filling cans to fuel portable generators for a remote site that does not have electric service.

Yesterday, an tanker truck pulled into a neighborhood station, so it seems our area has plentiful supply, which probably comes from suppliers other than Colonial Pipeline. Prices have only increased $0.04/gal since the pipeline shutdown.

Colonial Pipeline restarts operations days after major hack
https://apnews.com/article/europe-g...ogy-business-938b33938fe3a750367fb1dc2f7ce6e0
Colonial initiated the restart of pipeline operations late Wednesday, saying in a statement that “all lines, including those lateral lines that have been running manually, will return to normal operations.”
I heard or read the following on different media (new sources)
The pipeline runs from the Gulf Coast to the New York metropolitan region, but states in the Southeast are more reliant on it.
So I suspect that folks in SE US probably heard it too, and some went panic-buying.
 
Last edited by a moderator:
  • #28
Additional info on the attack:
https://www.cnn.com/2021/05/12/politics/colonial-pipeline-ransomware-payment/index.html

Evidently they asked for millions (not tens of thousands like I speculated) and over-estimated their customer's ability to pay. A pipeline company has high cash flow (not a pun), but very low margins and ransom demands tend to be based on gross revenue. It also says the pipeline infrastructure itself was not compromised, and the pipeline was shut down by Colonial because the attack compromised payment systems. So they could still deliver product, but not bill people for it.
Among the signs that the hackers were novices is the fact that they chose a high-risk target that deals in a low-margin business, meaning the attack was unlikely to yield the kind of payout experienced ransomware actors are typically looking for, the sources told CNN.

"This was a gross miscalculation on the hackers' part," a source previously told CNN, noting the hackers likely had not anticipated that their attack would lead to the shutdown of one of the US' largest refined products pipeline system, spurring emergency White House meetings and a whole-of-government response.
Oops.
 
  • #29
russ_watters said:
Oops.

It will be interesting to see the reaction of the US and Russian Pottsylvanian government. What happens if the US demands that Pottsylvania turns over the perps? And if Pottsylvania protects its citizens by refusing to do so, and the US backs down, what happens when this happens again? Several of the states hit hardest are swing states.

The other thing that's interesting is to see what happens to US companies who are likely to have had some involvement. Almost certainly the attack did not come directly from Pottsylvania. It almost certainly originated with a cloud service provider in the US. The Pottsylvanians buy time on one of these machines, load it with their attack software, and launch the attack. Some cloud service providers take a dim view of this: they monitor outgoing traffic and immediately kill anything suspicious, and might not even have taken on the Pottsylvanians as customers.

Others are looser. If the check clears, well..."Our policy is to shut down any bad actor. After a thorough investigation. Perhaps taking weeks. Or months."

If this is the case, I think the civil courts will have a lot to say about how this goes forward. If the Cloud Service Provider was one that was not the most diligent, and they are sued into oblivion, it's going to be a lot harder to find a sketchy cloud service provider in the future.
 
  • Like
Likes dlgoff, russ_watters and Astronuc
  • #30
Bloomberg - Colonial Pipeline paid nearly $5 million to Eastern European hackers on Friday after a crippling cyberattack that shut the largest fuel pipeline network in the U.S.

The company paid the ransom in untraceable cryptocurrency within hours after the attack.
https://news.yahoo.com/colonial-pipeline-paid-hackers-nearly-143713149.html
The discussion I heard this morning was that no one commenting on a payment, which is a good policy. Now it's out there.
The hackers provided Colonial Pipeline with a decrypting tool to restore its disabled computer network after they received the payment, but the company used its own backups to help restore the system since the tool was slow, Bloomberg News reported.

After a six-day outage, the top U.S. fuel pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, moved some of the first millions of gallons of motor fuels on Thursday.
Officials telling companies they should not pay a ransom is not helpful.

But certainly, companies should adopt more stringent security so as not to allow themselves to get hacked.

I'm curious if this had anything to do with the SolarWinds network software, or if someone activated a link that downloaded malware from a server, or if this was a direct attack on the server/network.

I worked for a company that was repeatedly attacked (several thousand times a day). We had a robust firewall, and for critical safety-related work, we had a dedicated computational system that was isolated (air-gapped) from our main network.
 
  • #31
Colonial Pipeline didn't tell CISA about ransomware incident, highlighting questions about information sharing
https://www.cyberscoop.com/colonial-pipeline-senate-homeland-solarwinds/

olonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators.

Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee.
 
  • #32
Never heard of CISA.

They called the feds. Is the problem that they didn't call the right feds? FBI sounds like the right place. DOE? (Or DoE,,,never can seem to get them straight). It's energy, after all. The attack came from overseas - doesn't that make it State's business? Or maybe Defense?

The US government has set up an alphabet soup of agencies with unclear and overlapping responsibilities. It seems a bit unfair to expect the citizens to sort this all out on their own.
 
  • Like
Likes russ_watters
  • #33
Vanadium 50 said:
It seems a bit unfair to expect the citizens to sort this all out on their own.
But that's a company. And (I think) not really a small one.
I would expect them having some kind of guideline about major IT troubles?
 
  • Like
Likes russ_watters
  • #35
Astronuc said:
The $-value dropped after the seizure.
That's an interesting commentary on the underlying value of Bitcoin.

I wonder if Colonial is going to get the money back.
 

Similar threads

Current and Future AI Threats to Humanity and the Human Response
Replies
10
Views
3K
Can electric vehicles have battery packs exchanged at gas stations?
Replies
13
Views
2K
News Bush Honest & Trustworthy Until How Many Lies?
2
Replies
65
Views
9K
News Bolivian Leader's Ouster Seen as Warning on U.S. Drug Policy
Replies
2
Views
2K
ECONOMICS: It's stupid to be afraid (Lee Kuan Yew to Der Spiegel)
Replies
6
Views
4K
Three Mile Island 25th Anniversary Actions
Replies
3
Views
5K

Hot Threads

Recent Insights

Back
Top