When computer hacks threaten infrastructure
On May 7th, the Russian hacking group known as DarkSide unleashed a cyber attack on the Colonial oil pipeline. Ransomware was deployed against Colonial, targeting its back office systems (such as those used for managing payroll and reporting data). Given the potential risk posed if rogue actors had interfered with systems controlling the oil pipeline itself, Colonial took the decision to shut that down too while it evaluates its options and assesses the damage.
The temporary closure of the pipeline is significant given that it runs 5500 miles from Houston, Texas to Linden, New Jersey and is responsible for delivering 45% of the gasoline, diesel and jet fuel required on the east coast of the USA. The decision by Colonial Pipeline of Alpharetta, Georgia to shut down the entire primary pipeline system was based on uncertainty over whether hackers had yet been able to take control of the relevant computer systems.
In addition to locking up Colonial Systems until the ransom is paid, DarkSide claim to have stolen 100Gb of sensitive data that will be released online in the event of non-compliance.
The response to the attack was quick and significant, and while Colonial have begun the process of service restoration and are promising a "substantial" recovery of operations by the end of next week, it's still unclear what this really means. In the meantime, the financial markets reacted accordingly - the surge in gasoline prices witnessed this year could gain further momentum based on the hack with the national average price approaching $2.99 per gallon - a 6 and a half year high.
President Biden was quick to respond, announcing an emergency order on May 9th. Meanwhile, the Transportation Department exempted truckers transporting fuel in 17 states and Washington, D.C., from regulations restricting how long they can drive without taking a break. The transportation of fuel by road rather than pipeline is seen as a temporary means of maintaining the distribution network until the Colonial Pipeline is recovered.
What is ransomware?
Cyber attacks are becoming increasingly common and often targeting utility firms like Colonial as well as schools, hospitals and the like. While many think of hackers as favoring banks and online stores as targets, organisations like Colonial have a tendency to be more susceptible to hacking attempts as their computer systems are often aged and out of date.
According to FBI reports, ransomware attacks have increased by 37 percent from 2018 to 2019 and by 20 percent from 2019 to 2020. During such attacks, rogue software (malware) is planted by hackers. This software 'locks up' the target systems and enables the hackers to demand a ransom in return for the malware being removed. For organisations that are targeted it becomes particularly problematic.
First, it requires a degree of trust between the hacker and the victim that the malware will be removed upon payment of the ransom. Secondly it is illegal to pay ransoms to entities on the Treasury Department’s sanctions list. This puts victims in a difficult position in having to establish if the hackers are from a nation or entity that's under sanctions - if so then it's illegal for them to pay the ransom.
Organisations are left with few options other than to try and negotiate with hackers, to try and remove them and their malware from networks or to engage with cyber security firms to help out.
Cyber attacks on public services
While most tend to think of cyber attacks being about the stealing of money or data, there have been a number of significant hacks in recent years that have threatened public services.
- In April and later in June 2020 cyberattacks were carried out by Iran upon water management facilities in Israel with the intention of increasing chlorine levels in water supplies to a dangerous extent.
- In June 2019 it was alleged that the USA had been co-ordinating attacks upon electricity supplies in Russia. It was later conceded by Russia that the attacks had been ongoing.
- A series of intense cyberattacks were carried out upon the Ukraine in June 2017. These mainly involved ransomware known as Petya, and attacked various Ukranian organizations, including banks, ministries, newspapers and electricity firms.
It's about more than just the money
The attack on Colonial Pipeline demonstrates once again that it's not only large tech corporations and banks that are susceptible to cyberattacks. Hackers are interested in how they can most easily, effectively and efficiently cause disruption to the nations and organisations they target.
Attacks often have a financial incentive of course - DarkSide have confirmed that their intention wasn't to cause such disruption but rather to make money from the ransom. But the disruption that the attacks bring about besides financial harm can be wide-reaching. Such attacks could become more prominent in future, particularly as incidents like Colonial Pipeline demonstrate to hackers the chaos that can be brought about.