09:40 GMT23 June 2021
Listen Live
    Get short URL

    The Colonial Pipeline carries oil 5,500 miles from refineries in Texas to the east coast of the United States. Its vulnerability was highlighted when hackers managed to sabotage it last week.

    Supplies of gasoline, diesel and jet fuel are slowly returning to normal along the eastern seaboard of the United States after days of disruption caused by a cyber-attack.

    A hacking group called Darkside claimed responsibility for an attack which locked the company's payment records. Darkside said it had also targeted four other companies including a Toshiba subsidiary in Germany.

    ​Bloomberg News and the New York Times said the owners of the Colonial pipeline paid a ransom of around US$5 million to Darkside.

    The pipeline carries 100 million gallons of fuel each day to the East Coast from Texas and more than 16,000 gas stations suffered interruptions to their supplies because Colonial was not prepared to keep pumping when it was not sure it would get paid by customers.

    Colonial said the pipeline would resume normal operations on Monday, 17 May but some gasoline shipments are now 10 days behind schedule.

    ​Steve Boyd, managing director at fuel delivery firm Sun Coast Resources, told Reuters it could take 12 to 20 days for new deliveries from Gulf Coast refineries to reach the end of the pipeline in Linden, New Jersey.

    Sun Coast has resorted to using 75 trucks to taking supplies from terminals in Alabama and Georgia to customers further north.

    ​But the Darkside incident has highlighted the fragility of US infrastructure and its vulnerability to cyber-attacks.

    In 2005 Israel deployed the Stuxnet computer virus against Iran in an attempt to derail their nuclear industry.

    But the Colonial incident is not the first cyber-attack by individuals on infrastructure using ransomware.

    In her book about the Stuxnet affair, Kim Zetter wrote about an incident in 2000 in Maroochy Shire in Australia’s Queensland state.

    ​She wrote: "In early 2000 Maroochy Shire’s beauty took an ugly turn when, over the course of four months, a hacker caused more than 750,000 gallons of raw sewage to spill from a number of wells and pour into public waterways." 

    An investigation later identified a vengeful former employee called Vitek Boden as the culprit and found he had been sending “malicious commands” to the sewage wells using two-way radio signals.

    He was arrested one night and a laptop in his car was found with proprietary software on it.

    Zetter wrote: “Boden’s case was the first cyberattack against a critical infrastructure system to come to light, but it likely wasn’t the first to occur.”

    She said it should have been a “wake-up call” to many industries but it appears many are still vulnerable.

    ​On 10 May US President Joe Biden said of the Dark Side attack: “It’s a criminal act, obviously. We have efforts under way with the FBI and DoJ (Department of Justice) to disrupt and prosecute ransomware criminals.”

    Late last week it appeared the operator of the Darkside ransomware have themselves been ripped off.

    Darksupp, one of the ransomware’s operators, were reported by Recorded Future threat intelligence analyst Dmitry Smilyanets as having posted: “A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers.”

    The Record reported that cryptocurrency funds had been withdrawn from the group’s payment server.

    The Record wrote: “The funds, which the Darkside gang was supposed to split between itself and its affiliates (the threat actors who breach networks and deploy the ransomware), were transferred to an unknown wallet, Darksupp said.”

    hack attack, oil pipeline, New Jersey, Texas, US
    Community standardsDiscussion