Who hacked the US’ oil pipeline?

Who hacked the US’ oil pipeline?
Source: Drone Base, Reuters
DarkSide began attacking moderately large companies primarily in Western Europe, Canada and the United States last year, reportedly holding data for ransom while requesting anything from several hundred thousand dollars to a few million dollars worth of US currency in the form of bitcoins.

  • The White House has become aware of the increasing threat of ransomware attacks, especially as the most recent attack has caused a lot of trouble for US citizens.

What’s going on with the pipeline?

  • Sections of one of the largest pipelines operating on the East Coast of the United States, responsible for carrying gasoline and jet fuel from Texas to New York, were shut down after being hit by a ransomware attack.
  • Colonial Pipeline, the company responsible for the pipeline, said in a statement on May 7 that it was forced to shut down 5,500 miles of pipeline, which carries 45% of the East Coast’s fuel supplies.
  • The company made another statement on Saturday stating that a criminal group had extorted it through a ransomware attack, which locks either the entire operating software or individual digital files. The hacker then demands money (i.e. a ransom) for its release.
  • After learning that the company had been targeted, Colonial Pipeline said it took specific systems offline to contain the threat.

Who are the hackers?

  • The Federal Bureau of Investigation (FBI) accused a hacker group that calls itself DarkSide as the primary entity responsible for the ransomware attack on the Colonial Pipeline.
  • DarkSide began attacking moderately large companies primarily in Western Europe, Canada and the United States last year, reportedly holding data for ransom while requesting anything from several hundred thousand dollars to a few million dollars worth of US currency in the form of bitcoins.
  • DarkSide described its actions as “apolitical” In a statement provided to CNBC on Monday by the Boston-based cybersecurity company, Cybereason.
  • “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives," wrote the hackers.
  • “Our goal is to make money and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

How is this affecting US citizens?

  • Despite the hackers’ claims of “not creating problems for society," Virginia Governor Ralph Northam on Tuesday declared a state of emergency due to the current shutdown of the Colonial Pipeline.
  • North Carolina Governor Roy Cooper made a similar call in his state on Monday.
  • Beyond that, the Department of Transportation also issued an emergency declaration covering 17 states affected by the shutdown.
  • Cybereason also reports that DarkSide, despite their attacks affecting everyday citizens’ lives, wants to appear ethical by having a code of conduct for who they are allowed to attack.
  • While Darkside claims not to harm specific organizations such as hospitals and schools, the current attack is placing a strain on transportation services such as school buses.

How is the White House responding?

  • On Monday, President Joe Biden commented on the current disruption of the pipeline by the hackers and their affiliation with Russia.
  • “It’s a criminal act, obviously. We have efforts underway with the FBI and DOJ [Department of Justice] to disrupt and prosecute ransomware criminals," Biden said.
  • “So far, there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia. They have some responsibility to deal with this."

Have a tip or story? Get in touch with our reporters at tips@themilsource.com