Ransomware shuts down US pipeline

[Adam Peter]

1 hour ago, JasonJ said:

I don't know, it seems pretty difficult to apply countermeasures to cyberattacks other than just making a cybercounter attack.

Like in IRL, best thing is not to shot at at all. Unfortunately, IRL and URL it means security protocols must be adhered to. In my 25 years and many workplaces I found only one boss who did not want the keys for everything, saying he needs access to three reports and nothing else, maybe he accidentally break something. Employees are working for the company to use the other menu items, not the leaders, he said.

[JasonJ]

6 minutes ago, Adam Peter said:

Like in IRL, best thing is not to shot at at all. Unfortunately, IRL and URL it means security protocols must be adhered to. In my 25 years and many workplaces I found only one boss who did not want the keys for everything, saying he needs access to three reports and nothing else, maybe he accidentally break something. Employees are working for the company to use the other menu items, not the leaders, he said.

Not wanting all the keys means less access which means less accountability thus positioned to not even have the option to shoot, which is desirable sometimes. Or something like that I guess.

[Adam Peter]

6 minutes ago, JasonJ said:

less accountability

He was accountable for the whole company. He needed three reports to see the general status. He did not need access to reach over his employees' head, or work instead of any of the ~500 employee.

Any other workplace, the passwords had to be made known by the boss - single point of failure to be tricked by the next Kevin Mitnick.

[rmgill]

1 hour ago, RETAC21 said:

You are right, but this is a bit armor vs ammunition, it's better not to say what the actual armor is and keep the other side guessing, and conversely, if you know yuor ammo will penetrate the armor, better keep it quiet in case the other side up armours

The best armor is to not put your critical infrastructure network accessible to the internet. 

[rmgill]

I also would not be surprised to find that this had a security vulnerability related to the Solar Winds Breach. 

[Stuart Galbraith]

19 hours ago, bojan said:

Sad to see that you are also clueless about why such things would be acquired.

And right away we are back into 'Anyone that doesnt agree with Bojan has to be a vegetable'. Yes thank you, I got the memo several times before.

 

19 hours ago, bojan said:

What part of "vast majority of pipelines did not have any centralized control" you fail to understand?

 

  I can think of other Soviet pipelines that may have required computer equipment, not least the main fuel pipeline from the Western USSR to Western Europe. That the author may have misattributed it to the Siberian explosion, does not mean there was no effort by the CIA to attack pipeline equipment. He may have had knowledge of such an operation, saw the pipeline explosion, and come to the wrong conclusion. We simply dont know enough yet about CIA operations against line x to write it off as complete nonsense.

Yes, I concede he may have made the whole thing up. The problem is there is absolutely no reason why somebody with that level of classification would need to do so. Which is why I think there is something to it, even if he may have some of the facts wrong.

You dont agree, as per usual, thats fine, zero fucks given here.

 

 

 

Edited May 11, 2021 by Stuart Galbraith

[Stuart Galbraith]

12 hours ago, wilhelm said:

You don't understand.

It's a chance to pollute yet another thread with his anti-Russian hatred.

When the USN managed to crash one of its destroyers a while back, he "wondered" in that thread whether the Russians did it through "jamming". The penny dropped then with me that this is basically pathological.

It's become ridiculous, and has ruined this site ages ago. Almost every f*cking thread... relentlessly.

Pretty sure I didnt. I DID say it could have been jammed, but my thinking was Islamic terrorists. Of course the easy answer was incompetence, which seems ot be very popular these days.

But hey, why should I get in the way of reinventing reality for your own purposes? Everyone else on the site does it, so have at it.

[Ivanhoe]

https://grahamcluley.com/darkside-ransomware-gang-fear/

 

Now personally, I doubt the DarkSide gang (if they are the actual perps) is that worried. What is the Biden administration gonna do?

 

[Ivanhoe]

We know how to minimize the risk. We've always known how to minimize the risk;

https://media.defense.gov/2021/Apr/29/2002630479/-1/-1/1/CSA_STOP-MCA-AGAINST-OT_UOO13672321.PDF

The root cause isn't software flaws, or Russians. It is stupid and/or dishonest executives.

 

[DKTanker]

4 hours ago, Ivanhoe said:

Now personally, I doubt the DarkSide gang (if they are the actual perps) is that worried. What is the Biden administration gonna do?

Evidently nothing.  WH says it was an attack on a private company, no biggie.

[bojan]

6 hours ago, Stuart Galbraith said:

...Yes, I concede he may have made the whole thing up. The problem is there is absolutely no reason why somebody with that level of classification would need to do so. ..

To stroke his ego with telling an unique story. Or he might have believed it w/o critical thinking. To laugh at the people believing it*. You would be surprised how many people believe shit they should know is unlikely at least. Or he might have flat out lied. Or... whatever. Point is that story is impossible in a form it was told, no matter how you spin it.
You really seem to suffer from a "Tom Cooper syndrome", just because someone told you something and you like way it was told, you automatically decide it is one and only truth.

*One local pilot privately admitted that he invented stories about encounters with UFO in the '70s in order to see who is an idiot that will believe them. Those who knew him had idea about that, 10s of 1000s believed it.

Edited May 11, 2021 by bojan

[MiloMorai]

1 hour ago, DKTanker said:

Evidently nothing.  WH says it was an attack on a private company, no biggie.

There is meeting with Putin coming up in June. Things are already a bit tense with Russia as is. Why make it worse?

[rmgill]

izzint this the part of the song where you and Stuart chorus with "Russian Stooge!"

Edited May 12, 2021 by rmgill

[nitflegal]

14 hours ago, MiloMorai said:

There is meeting with Putin coming up in June. Things are already a bit tense with Russia as is. Why make it worse?

I'm sorry, with several years of Russian collusion allegations and rhetoric by the people in the Biden administration (including Biden, BTW) that Russia was America's true enemy NOW we decide not to make it worse over an actual effective attack on our infrastructure?  I wonder, were you feeling similar things about anti-Russian rhetoric prior to January 2020?

[TonyE]

[Ivanhoe]

1 hour ago, TonyE said:

Shouldn't that key be marked with Unified Han characters?

[BansheeOne]

Any well-run media office should have often-used arguments saved to their computers' F-keys. Like, F1 = blame the current administration, F2 = blame the previous administration, F3 = blame the US, F4 = blame Russia, F5 = blame China, F6 = blame Europe, F7 = blame Israel, F8 = blame Muslims, F9 = blame old white men, F10 = blame cultural Marxism. Etc. 

Edited May 12, 2021 by BansheeOne

[Ssnake]

You forgot the most important one:

 

[Josh]

9 hours ago, nitflegal said:

I'm sorry, with several years of Russian collusion allegations and rhetoric by the people in the Biden administration (including Biden, BTW) that Russia was America's true enemy NOW we decide not to make it worse over an actual effective attack on our infrastructure?  I wonder, were you feeling similar things about anti-Russian rhetoric prior to January 2020?

I was most definitely anti Russian then, the fact that Trump was more concerned with spreading the Big Lie then doing anything about Solar Winds not withstanding. I don't know if Russia is behind this particular hack; no government agency has stated that yet. But Russia is clearly a hostile power and I don't see any advantage to attempting to mollify them.

[nitflegal]

1 hour ago, Josh said:

I was most definitely anti Russian then, the fact that Trump was more concerned with spreading the Big Lie then doing anything about Solar Winds not withstanding. I don't know if Russia is behind this particular hack; no government agency has stated that yet. But Russia is clearly a hostile power and I don't see any advantage to attempting to mollify them.

I can respect that position.  I tend to think China is far more of an enemy from an impact standpoint but I see Russia as an enemy as well.  Short of a shooting war I see little reason to back off either.

[Angrybk]

 

1 hour ago, Josh said:

I was most definitely anti Russian then, the fact that Trump was more concerned with spreading the Big Lie then doing anything about Solar Winds not withstanding. I don't know if Russia is behind this particular hack; no government agency has stated that yet. But Russia is clearly a hostile power and I don't see any advantage to attempting to mollify them.

It wasn't nation-state stuff, it was a ransomware affiliate program that [insert metaphor] bit off more than they meant to and are kind of freaked out about it now. (This is all open sources). The ransomware team is Russian-language, but that's pretty typical. 

Good read here https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/

Edited May 12, 2021 by Angrybk

[DKTanker]

55 minutes ago, Angrybk said:

 

It wasn't nation-state stuff, it was a ransomware affiliate program that [insert metaphor] bit off more than they meant to and are kind of freaked out about it now. (This is all open sources). The ransomware team is Russian-language, but that's pretty typical. 

Good read here https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/

But not too freaked out to fix what they broke.  Unless you're part of this particular ransom terrorist gang, how can you be certain they aren't working within the auspices of a nation state?

[Josh]

3 hours ago, DKTanker said:

But not too freaked out to fix what they broke.  Unless you're part of this particular ransom terrorist gang, how can you be certain they aren't working within the auspices of a nation state?

They might be, but no government org is accusing a nation state yet. Though honestly I think that it isn't particularly relevant; I suspect they were supported or paid by a nation state.

So what again was Trump's reaction to the Solar Winds hack? Did he lay down the law?

[Angrybk]

3 hours ago, DKTanker said:

But not too freaked out to fix what they broke.  Unless you're part of this particular ransom terrorist gang, how can you be certain they aren't working within the auspices of a nation state?

Russian cyber crime and nation state activity blurs a bit. there are a lot of open-source examples where Russian malware developers get the option of either being conscripted to Siberia or getting a cushy job making Trojans for Putin. I still completely believe that this was a case of Russian cyber criminals getting in over their heads though, and that’s the opinion of basically everybody who seriously studies this stuff. 

Edited May 13, 2021 by Angrybk

[MiloMorai]

(Reuters) - The hacking group blamed for crippling a major U.S. pipeline company has claimed responsibility for breaking into three more companies on Wednesday, saying it was publishing hundreds of gigabytes of data from a Brazilian battery firm, a Chicago-based tech company, and a British engineering firm.

 

 

Edited May 13, 2021 by MiloMorai