Pages


Thursday, May 13, 2021

How nice - now we can expect this shit on a regular basis

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction. 

The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.
-Murray

23 comments:

  1. They did NOT spend funds dedicated to Golden Parachutes-or cut into dividends/shareholder returns-

    They merely fronted the hackers cash they'll extract from US. We will pay for their malfeasance and incompetence.

    QHM

    ReplyDelete
    Replies
    1. Erroneous! Untrue! You peasants will have the *honor and privilege* of paying for their malfeasance and incompetence!
      - Your Friendly Government

      Delete
  2. Now they should put another 5 mil bounty on the hackers. A nice public execution in some 3rd world country would slow that shit down real quick.

    ReplyDelete
    Replies
    1. And clip a few of the execs of the company, pour encourages les autres.

      Delete
  3. Yeah, not how I'd have handled it.

    http://bussjaeger.us/blog/?p=912

    ReplyDelete
  4. One has to wonder if they'll spend the time and money to disconnect their command and control network from the Internet, isolating it from the outside world? Of course not. It would make too much sense to do so. It will take something more like a scenario out of the movie Live Free or Die Hard where a cracker organization took control of all utilities - electricity, communications, air traffic control, water, natural gas, all infrastructure. Colonial Pipeline is but one small part of such infrastructure, it got stupid, opened itself to infiltration, and has paid the price as has their customers.

    ReplyDelete
  5. "paid...within hours after the attack."

    Yet, the southeast and mid-Atlantic states ran short of gasoline anyway.

    It's like getting vaccinated and STILL being masked, distanced, and scared shitless.

    This is now the new normal? GMAFB

    ReplyDelete
  6. Once you pay Danegeld you NEVER get rid of the Dane. I WONDER what their NEXT Payday will be? Electric Grid? EBT cards (I wish, that would be a riot ALL over America)?

    I *still* wonder if this "Event" had anything to do with the leaks this pipeline was rumored to be having recently?

    ReplyDelete
  7. And to think all you need to stop this shit is users who can avoid having "password" as their password. Or image backups of everything, then tell them to go F themselves, wipe and restore the system from prior to the hack. Wonder how many backups you can get for 5 mil.

    ReplyDelete
    Replies
    1. The problem with restoring from backups is that you also restore the hole(s) that allowed the hackers in, in the first place. [This assumes that the hackers immediately attacked, vs spending some time mapping the system and embedding themselves in it by creating backdoors. If that is the case, then restoring the backup also restores the hacker(s) and their backdoor access]

      Also, depending on the date of your backup, you would overwrite your most current data and that is usually the most valuable. Although that point, it becomes a calculation of the value of the data, vs losing it.

      Delete

  8. I would have thought that Colonial would have operated that pipeline using a secure SCADA ( Supervisory Control And Data Acquisition system )Like every utility in the country uses. Totally free from the internet no cross over at all.Very curious.

    Vermillion

    ReplyDelete
    Replies
    1. I'm not sure they are all free from the internet. Thats the friggen problem

      Delete
    2. SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations
      https://www.sciencedirect.com/science/article/pii/S0167404819302068
      "Growing dependency and remote accessibility of automated industrial automation systems have transformed SCADA (Supervisory Control and Data Acquisition) networks from strictly isolated to highly interconnected networks. This increase in interconnectivity between systems raises operational efficiency due to the ease of controlling and monitoring of processes, however, this inevitable transformation also exposes the control system to the outside world."

      Delete
    3. OK....old guy here.....have purposely NOT learned all of the kewl new schtuff about tre intrawebs...(just some of the jargon). Anywho....is this that, "I can control my business from the interweb stuff that Ive been hearing about?
      Ya know, "I can be taking a dump and watch the pipeline and how many gallons is flowing....the pipeline I mean".
      Seems to me that the "toy" of the interweb is going to bite America in the arse and my life is going to be affected.
      I don't like to be affected in that way....so stop it.

      Delete
  9. Cryptocurrency is difficult to trace? I thought that since it's all part of the blockchain and 100% digital, that made it rather easy to trace. Is that incorrect?

    ReplyDelete
  10. Yep, the ransom was paid by the taxpayers via the government.

    $5MM is probably 2 seconds worth of what's delivered through the pipeline.

    When seeking ransom or settlement from a gov entity, ask for enough to make the juice worth the squeeze, but not enough to cause difficulty in payment.

    ReplyDelete
  11. Why do you think it hackers to begin with. Not trying to be a conspiracy theorist but why couldn't it our own government. It was just a test to see how it would work out

    ReplyDelete
  12. The way to stop this stuff is to take the KGB route when one of their people was kidnapped in Lebanon by a Palestinian "liberation" group -- grab one and start sending parts to the hackers. Couple or three days, KGB got their man back, with all his parts intact.

    ReplyDelete
  13. You reward illegal immigration.....
    You get more illegal immigration....

    You reward hackers and pay the ransom....
    Well you know......Better paying for a c/k team.

    Ed357

    ReplyDelete
  14. It’s already started. Company in CA that makes over the road trailers for the trucking industry got ransom zapped already.

    ReplyDelete
  15. In our Financial News: Warren Buffett just announced a $5 Million windfall this week.

    ReplyDelete
  16. The FBI could not be reached, due to doxxing "wicked insurrectionists" of Jan 6th.

    ReplyDelete
  17. Imagine if it was done in January at peak winter heating fuel demand.” A few days “ could be really problematic.

    ReplyDelete

All comments are moderated due to spam, drunks and trolls.
Keep 'em civil, coherent, short, and on topic.