A War Without Borders Has Begun: Colonial Pipeline Cyberattack

on
Categories: Blog,

“Only the dead see the end of war.”

― George Santayana, 1922

We are entirely dependent upon a technological infrastructure that is going to, without a doubt, continue to fail with increasingly more regularity.  Today, infrastructure is so much more than roads, bridges, damns, and powerplants.  Infrastructure is laced between bordering countries and encompasses everything from transportation and shipping to finances and banking.  

It’s sewers, telecommunications, broadband, WiFi, and wires.  It’s farming to forestry.  It’s manufacturing and processing.  It’s power generation to waste management.  It’s levees, parks, and a host of societal demands.  Infrastructure has come to mean any system or structure that the public relies upon, even if they don’t recognize their dependence upon it.  So, the further we move away from our agrarian and do-it-for-myself roots, the more dependent upon these systems we become.  The more dependent upon these systems we are, the more likely that we will suffer when they fail, and they will fail.

The full extent of the compromise of critical systems from the SolarWinds hack has yet to be realized.  This year, we have seen water treatment plants being hacked, and right now, the Colonial Pipeline that carries almost 50% of East Coast fuel from Texas to New Jersey will result in a surge in gas prices and greatly diminished supplies of fuel.  The Colonial Pipeline is the US’s largest pipeline, and the attack is being described as the most successful assault on infrastructure to date.  The pipeline services the Hartsfield-Jackson Airport in Atlanta, one of the busiest by numbers of passengers in the United States.

While shortages haven’t really been experienced all along the system as reserves were at reasonable levels, and many of the smaller, attached pipelines have re-opened, the main Colonial Pipeline remains shut down several days after the attack.  Fuel Oil futures and options are spiking, and this will result in a spike in the price of fuel.  That will translate into price increases far beyond the pump or the plane ticket.  In this video, I’ll take a look at the basics of this attack, how it will impact you far beyond the pump, other vulnerable infrastructures, and what you should be doing right now…without delay…to position yourself to survive the worst, which I believe is still to come.

COLONIAL PIPELINE CYBER ATTACK

To understand the Colonial Pipeline attack, we have to go back to the beginning of 2020.  While the connections haven’t been wholly charted out yet, the SolarWinds attack at the beginning of 2020 exposed 33,000 of their clients, 85% of which were government, to several months of surveillance, copying of files, and capturing of passwords.  An infected system’s terminal might have been used to log in to another system not directly attacked through the SolarWinds Orion patch, and the login information may have been recorded.  Countless systems could have been exposed and could be breached later.  The SolarWinds hack was so extensive that it cannot be said with any certainty that systems throughout the United States and many other countries aren’t still being currently monitored.  It was the most significant attack in history.  The troves of data stolen and copied cannot even be fathomed.

The SolarWinds hack likely provided a means for a group of hackers calling themselves the “DarkSide” to access the Colonial Pipeline system.  Once in, they sequestered large chunks of data and encrypted it.  They also shut down the pipeline and demanded a ransom to re-open it and release the files.   Sometimes paying the ransom is the only way to save the system.  Most times, paying the ransom won’t do anything.  Ransomware attacks, though, cost billions of dollars.  In the last five years alone, TeslaCrypt, Petya, WannaCry, SamSam, Ryuk, and countless other ransomware attacks that remained unnamed have resulted in infrastructure, individual, software, and hardware upgrade costs probably more than the original ransom asking price.  While most ransomware was confined to individual PC users many years ago, their sophistication and state-sponsored upgrades have propelled them and empowered them so much that the targets have become far more significant.  The city of Atlanta, the Port of San Diego, the Colorado Department of Transportation, major manufacturers, hospitals, municipalities, FedEx, Nissan, pharmaceutical companies, even national banks have all been exploited and held for ransom.  Sometimes the ransom is paid.  Sometimes the systems have to be pulled offline.  Sometimes the information is recovered.  Sometimes the data is lost forever.  We can see in this Colonial Pipeline how extensive of a reach just one attack can have.

In the case of the Colonial Pipeline, DarkSide, this particular group of hackers first emerged in August 2020, not surprisingly several after the SolarWinds hack was discovered.  This group’s Modus Operandi is to find vulnerabilities in a network, gain access to administrator accounts, and then harvest data from the victim’s server and encrypt it.  The malicious software leaves a ransom note file with demands.  On average, ransoms from this group have netted them 6.5 million dollars, and their attacks led to an average of five days of downtime.  Five days’ downtime for the Colonial Pipeline is equivalent to 12.5 million barrels of oil.  The DarkSide hackers are believed to be based in Russia, and a preponderance of evidence points to the Kremlin directly sponsoring, funding, and training them.  The DarkSide hackers are so well funded and supported that the group has a phone number and even a help desk to facilitate negotiations with victims.  In this attack, they took 100 gigabytes of data out of Colonial’s network on Thursday and then shut down the pipeline on Friday.  This data is more than just your run-of-the-mill customer data.  It’s also executable files right down to valves and pressure sensors.  Even if and when Colonial reobtains the data, it’s possible that malicious code has been inserted and further corrupted the files.  Supposedly, the system is offline from its connection to the world, and they are slowly rebuilding it. Still, there is no telling if malicious code was inserted in that 100 gigabytes of data before DarkSide encrypted it.  It’s akin to getting back stolen food but now wondering if it has been poisoned while the thieves had it.  At the time of this video, the primary system remains offline.

A WAR WE CAN’T WIN IS ALREADY RAGING

You can’t dismiss an attack of this extent with a simple acknowledgment that you will pay a few more cents at the pump. There are far greater implications.  We are engaged in a World War where the borders are ill-defined.  While one nation might retaliate against another nation through sanctions or seizures of assets, even the United States’s ability to control or sanction cross-border transactions is potentially evaporating.  Before, the US dollar influenced the Society for Worldwide Interbank Financial Telecommunication, or SWIFT, system.  That power has been eroded with cryptocurrencies and China’s introduction of their digital currency.  In essence, America can’t stop or even slow the flow of international transactions as it could before.  Sanctions are swiftly becoming all bark and no bite.  We have moved from wars with nation-states to wars with people as nation-states in the global war on terror to where we are now– seeking to combat unknown, well-organized, and well-funded enemies with little to no means of inflicting punitive damage on the nations supporting these groups of bad actors.  In this case, we so very rarely can even capture the criminals, let alone locate them.

Even the frontlines are not well defined.  Russia, Iran, China, and North Korea are known supporters of state-sponsored hacking efforts.  From phreaking, which is just wanton destruction, to ransomware, which is the capture of operating systems and data for money, the attacks are only bound by the fact that they seek to inflict maximum damage and extract the most money they can.  Independent hackers engaged in these activities are arrested by their governments and then better equipped and deployed in service to their governments.  The attacks are growing in frequency and extent.  Information, fiscal, infrastructure are all vulnerable targets in this war which is actively and often quietly being waged behind the scenes.  It is in the interests of these nation-states supporting these groups of hackers to inflict maximum damages on the economies of other adversarial countries.  If the Colonial Pipeline is shut down for longer than a week, refineries in the United States will have to slow down refinery output.  Already, Motiva Enterprises has shut down its 607,000 barrel per day two distillation units at its refinery in Port Arthur, Texas.  Fuel oil will need to be purchased offshore.  This will increase global oil demand, and that’s a win for both Iranian and Russian oil producers selling to the then strained European customers.

It’s not just America under attack, too.  It is any country.  A destructive cyberattack on Saudi Aramco in 2012 crippled the oil giant’s computer network but left production more-or-less unscathed. A more recent ransomware incident at Norsk Hydro, a Norwegian aluminum, and renewable energy company, temporarily pushed the aluminum maker to switch away from automated production at its smelters.  Suppose hackers from one country steal the trade secrets of another country’s manufacturers or shut down the electricity, water, or other means of production. In that case, there are ripples all across the system.  In the Colonial Pipeline situation, the United States has had to turn to fuel trucks to keep the vital resource flowing.  Unfortunately, COVID has parked many of the fuel-truck drivers.  Their transporting is down over 25% because of coronavirus infections.  If truckers are pulled from other industries, assuming there are fuel-truck licensed drivers that can be drawn from other licensed trucking industries, doing so hurts the vital transportation of other goods.  The pennies more at the pump add to transport costs.  So, even if the attack looks pretty contained and regionalized, the ripple effects transport into price increases everywhere and can contribute to the collapse of other industries.

WHY DOES IT MATTER

Why does it matter to you and me?  Even if you keep your money under your mattress, these attacks affect you daily.  The most obvious way is increasing costs on the products of the industry attacked.  In this case, fuel costs go up a little or a lot depending upon the length of the disruption.  That impacts transportation costs on everything from leisure and business travel to the transport of goods.  When the economy is struggling to regain its footing, this is another gut punch to the recovery efforts.  Those dollars under your mattress buy less products that are increasingly less available.  If you haven’t taken a look at City Prepping’s video on 2021 being the year of shortages, you will want to see that to get a sense of the detrimental compounding and cascading effects of these just-in-time, razor-thin inventory systems.  From aluminum to lumber to pharmaceuticals, we are on the cusp of experiencing shortages and failures in a multitude of systems, and these attacks on infrastructure targets merely speed up the avalanche of failures.  

Beyond these observable effects on those dollars under your mattress, the power generating plants and water treatment plants, and manufacturers of every kind all need fuel and energy to operate.  When power plants pay higher prices for fuel or fuel is scarce, the output is reduced or grinds to a halt.  Costs are passed on to the consumer.  Costs paid by manufacturers for the same energy required to make their products get passed along to you, the consumer.  One system failing for any extended duration of time can result in higher costs and the failure of every linked system in the chain that ends with you, the consumer.  Economic stagnation, inflation, recession, even economic depression can result from a continuing series of system failures over an extended period.  While one ransomware attack likely won’t bring the whole system down, attacks compounded by additional attacks, compounded by the effects of COVID, compounded by strained global relations, exacerbated by a decrease in sanction effectiveness, compounded by increased civil and political tensions can all lead to large scale failures and dramatic downturns in economies. 

If you wake up one fine morning to find that your electricity isn’t flowing, or you can no longer buy flour in your grocery store, or the price of meat has skyrocketed 400%, it might not affect you at all.  Perhaps you can survive off-grid and have enough supplies to last you a century or more, but do your neighbors?  Can the folks in the next town or neighborhood over make the same claim?  And, if the systems of government like firefighting and policing stop, if the critical grid infrastructure providing clean water, electricity, and natural gas suddenly fail, will those millions of people living around you be just fine, or will they clamor for resources, ignore your rights, overwhelm your protections and attempt to take your resources?  After all, what would be the consequences to them?  As one system exacerbates the complications to another and civil unrest rules, would nations be able to restore order?  The fact is that we are globally so tied to infrastructure in industrialized countries that were the rug to be pulled out anywhere, it would have rippling effects across the globe, and other systems could fall like dominoes.

A World War is being waged through state-sponsored cyber attacks, and there isn’t much known about the destructive zones, the front lines, the fallout, the bad actors, or the cascading effects of the individual attacks.  Governments are reacting.  Recent US policy is attempting to strengthen the technology infrastructure of any system servicing more than 50,000 customers.  Systems are being pulled offline, isolated, reprogrammed, and contained, so outside intrusion becomes harder.  Blockchain technology offers multi node authentication processes that could one-day guarantee decisions and actions are made by the real operators, engineers, and not foreign hackers, but these solutions are years or decades away.  The fires of this Word War are burning right now, and they are on the cusp of burning out of control.  

The White House has announced a 100-day initiative aimed at protecting the country’s electricity system from cyberattacks by encouraging owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks, but the words you should pay attention to are “encouraging owners.”  The fact is that the government and many free governments worldwide lack the authority to force the hard and swift changes necessary to divert the coming attacks.  The Justice Department has also announced a new task force dedicated to countering ransomware attacks in which data is seized by hackers who demand payment from victims to release it, but bringing bad actors to justice is a multi-year process that frequently nets zero results.  By the time a single actor can be isolated, a hundred others have sprung up in his place.  These attacks matter because we are losing the war, and winning or turning the tide would require governments to function uncharacteristically faster than they are apt to do.  The machine that pulls the strings of infrastructure and seeks maximum profits doesn’t move fast.  It isn’t likely going to be able to win the current war through its present means.  So, what can you do?

As governments do respond, where they can, through overt sanctions or covert operations, or retaliatory hacks of their own, they risk ever-increasing escalation of the conflicts.  A hacking attack in one instance could lead to a sanction in retaliation, which could lead to a covert terror attack to divert focus and attention.  Never before has there been such an interlaced web of targets and opportunities.  Any one instance can spiral out in effect even as everything is fixed and the initial attack is one for the history books.  Today’s cyber-attack could quickly mutate into larger, more violent attacks in the future as this war rages on and nations continue to retaliate against one another.  The current war is one where it is increasingly more difficult to definitively point the finger of blame at any one country or entity.  A cyber war is like fighting a war in the fog.  The true enemy is unknown.  The extent of their capabilities is unknown.  The extent of any government’s retaliation and overreach is unknown.

PREP TO SURVIVE LONGER

If you just heeded the call and became aware of your need to prep, you should commit and double down on your efforts with the intent of catching up to where you need to be to survive a prolonged grid-down event.  If you have been prepping for a while, you need to align your preps to insulate yourself from the most prominent threats and build redundancy in your supplies.  If you have a well, great, but make sure you also have the means to gather and filter water from other sources.  Make sure you have a supply on hand.  If the aquifer supplying your well is suddenly tapped from multiple sources to compensate for a failure in another system, and the levels drop below your water well depth, you are now the needy and desperate unless you take precautions now.  If you live in the city or the country, it doesn’t matter when the food supply to the stores slows or stops.  Local resources will be rapidly depleted.  Well-known hunting and fishing spots will be over-exploited and depleted.  The struggle for sustenance resources will be genuine.

While patches and fixes can be implemented and governments and municipalities can pivot and compensate in many cases, it may not be enough.  72-hours of preps will only get you through minor disasters. They won’t see you through to the end of a large scale infrastructure failure.  A 3-week supply could result in a region’s successful shift to local resources and independence of national grid systems and processes, but that’s not going to be the case for most areas.  At the least, if multiple systems fail in the infrastructure, anyone with less than a 3-month ability to sustain themselves will be susceptible to the same fate as the unprepared masses.  So, ask yourself what your plan is to store or obtain three months or more of water, food, reduced but vital energy, security, and shelter?  Review your plan B if you are confident you have what you need to survive those three months right now.  If you don’t, it’s time to implement a plan and start making serious steps to achieving that plan.

The number and frequency of cyberattacks from independent profiteering and state-sponsored hackers will not decrease from this point.  The extent and magnitude of damage caused by these bad guys will not decrease from this point.  The security of our infrastructure systems, from banking to communications to industry to agriculture to travel to transportation to maintenance and repair, and on and on, will continue to fail in a series of ever-increasing attacks.  At some point, well before everything can be hardened off against these attacks, more extensive systemic failures will occur.  You can either be ahead of those failures, or you can be a victim of those failures.  You will not be able to decide to be prepared after disaster strikes.  The best time to prepare was yesterday.  The second best time to prepare is today.

CONCLUSION

A dark cyberwar has been raging around the globe for several years now.  The addition and influx of resources and capital by enemy states have made this war in the shadows more prevalent and more dangerous.  This war knows no sovereign boundaries and effortlessly sweeps up masses of people in its wake of destruction.  The water’s surface, the apparent reduction in fuel resources, is just the evident impact we can see.  There is much greater depth to this attack and other similar attacks below the surface.  There are wide-ranging implications, and they will continue to impact your life indirectly and directly for the foreseeable future.  This World War is raging right now, and you must take measures to protect yourself now before your opportunity to do so has passed.  The only way you emerge victorious in this world war is when you don’t fight the battle but shore up your own, personal defenses.

What do you think? How are you preparing now to be able to be self-sustaining when the infrastructure fails?  Is your area doomed, or will you be just fine? 

As always, please stay safe out there.

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments