Tag: Hackers

Categories
Politics

U.S. Vitality Independence Threatened by Hackers and Local weather Change

U.S. Energy Independence Threatened by Hackers and Climate Change

HOUSTON – When OPEC banned oil exports to the United States in 1973 and created long gasoline lines, President Richard Nixon promised an effort that would combine the spirit of the Apollo program and the determination of the Manhattan Project.

“By the end of this decade we will have developed the potential to meet our own energy needs without being dependent on foreign energy sources,” he said in a televised address.

Its timing was wrong – it took more than 40 years – but the country has come pretty close to energy independence in recent years thanks to an increase in domestic shale oil and natural gas production and the use of solar and wind power.

However, this independence is fragile. Cars lined up at gas stations in much of the Southeast last week after the colonial pipeline was paralyzed by a cyber attack by a criminal group seeking a ransom. The power grid is also under greater strain from climate change. Last year, a heat wave in California and a freezing state in Texas forced rolling blackouts as demand for electricity exceeded supply.

“Eight presidents wanted energy independence, and now that we have achieved that, we are more resilient to the global oil market,” said Daniel Yergin, energy historian and author of The New Map: Energy, Climate and the Clash of Nations. ”” However, resilience is still a question of how the system works under stress, whether it’s pipelines or electricity. “

The colonial pipeline disruption had nothing to do with turbulence in the Middle East or insufficient American power generation. Nonetheless, panic buying, which had seldom been seen for decades, led to bottlenecks, and pump prices rose by up to 20 cents per gallon for regular gas in a few days, according to the AAA.

Mr. Yergin said drivers who lined up at pumps to fill gas cans and even plastic bags made the situation worse. The impulse to hoard stems from the oil shocks of the 1970s and seemed to touch a chord in the national psyche.

“People remembered gas pipes even though they weren’t born yet,” said Yergin.

Colonial Pipeline, a privately held company, resumed full operations over the weekend, but it will be a few more days before many gas stations are refilled.

Energy companies are under increasing pressure from governments and investors to strengthen their defenses against cyberattacks, but these and other vulnerabilities will not be easy to overcome, especially after years of underinvestment.

In the case of networks in California and Texas, there are few simple solutions to the weaknesses exposed by heat waves and freezing temperatures that are costing these states billions of dollars and leaving many dead and thousands homeless. That the country’s two most populous states have been located low suggests that power plants and electrical lines are unprepared for the extreme weather events that climatologists say will happen in the coming years due to the build-up of gases that warm the planet, will be more common in the atmosphere.

Nationwide, weather-related power outages have risen by two thirds since 2000, according to the Ministry of Energy.

“Our traditional strategies for generating and delivering energy are threatened by the climate and cyber terrorists,” said Mark Brownstein, senior vice president, Environmental Defense Fund. “On the way to a cleaner and more sustainable energy future, we must also move towards a future that is fundamentally more resilient.”

Upgrading the energy system will not be easy. Dozens of competing companies operating a vast network of oil and gas wells, pumping stations, transmission lines, and power plants need to be persuaded to make their operations more resilient to weather and criminal attack. Significant resources must be made available by companies, government agencies and research to stay one step ahead of cybercriminals. President Biden’s $ 2 trillion infrastructure plan provides $ 100 billion for the transmission network.

The pursuit of energy independence has never been in a straight line, and there have been many unfortunate twists and turns. Reliance on Middle Eastern oil has been a major consideration in military action and diplomatic strategy, including alliances with countries like Saudi Arabia with disruptive human rights records. Half a century ago, the country switched from burning fuel oil to becoming more dependent on coal, which contributed to climate change.

The search for energy independence also led to innovations. Fracking – the hydraulic fracturing of shale oil and natural gas – not only reduced energy imports, but also made the United States a major exporter. Suddenly, oil and gas were no longer a national security hole, but a tool for advancing American interests.

For the past 15 years, US oil and gas production has kept energy prices down at home and abroad and strengthened the global economy. By exporting energy, Washington has been able to compete with Russian gas supplies to Europe, help allies like Japan, who import a lot of energy, and block Iranian and Venezuelan oil supplies.

In a twist, the shale boom also made some parts of the United States more vulnerable. In recent years, half a dozen refineries along the east coast have closed because they could not compete with more advanced refineries on the Gulf Coast that benefited from cheap and abundant oil and gas in Texas. The rivers on the Colonial Pipeline, which connects the Gulf Refineries to New Jersey, grew steadily, supplying nearly half of the region’s fuel needs.

When hurricanes hit and Gulf refineries shut down, gasoline and diesel prices tend to rise on the east coast. Usually this is not a huge problem as companies store a lot of fuel near where it is used and trucks and barges can usually make the difference. This time, however, uncertainty about how long it would take to restore supplies made the colonial pipeline shutdown much more disruptive.

The ransomware attack was the work of DarkSide, an extortionate ring that was responsible for numerous attacks on companies in several countries. But it is hardly the only group that infiltrates computer systems in order to extort money. Others have names like REvil, Maze, and LockBit.

“Technology is moving so fast that you fix a potential vulnerability or two or twenty in your computer systems and the hackers find another way to get in.” said Drue Pearce, a former assistant administrator for the Federal Pipeline Hazardous Materials Safety Administration.

The criminal groups pose a threat to industries beyond energy. However, experts say that energy is of particular concern as it is essential for a functioning economy. The threat is no less complex than reducing the United States’ dependence on foreign oil, said Bill Richardson, a former energy secretary.

“This is a new threat that we are not prepared for,” he said.

Categories
Politics

Colonial Pipeline paid $5 million ransom to hackers

Colonial Pipeline paid $5 million ransom to hackers

WASHINGTON – Colonial Pipeline paid hackers a ransom after the company fell victim to a widespread cyber attack, a source familiar with the situation confirmed to CNBC.

A US official who spoke on condition of anonymity confirmed to NBC News that Colonial had paid nearly $ 5 million in ransom to the cybercriminals.

It wasn’t immediately clear when the transaction took place. Colonial Pipeline did not immediately respond to CNBC’s request for comment. The ransom payment was first reported by Bloomberg.

The previous Thursday, President Joe Biden declined to comment when asked if Colonial Pipeline had paid the ransom. White House press secretary Jen Pskai told reporters during a briefing that it remains the federal government’s position not to pay ransom as this could encourage cybercriminals to launch further attacks.

Last week’s attack, carried out by a cyber criminal group called DarkSide, forced the company to shut down about 5,500 miles of pipeline, causing half the fuel supply on the east coast and gasoline shortages in the southeast.

Ransomware attacks are malware that encrypts files on a device or network and causes the system to become inoperable. Criminals behind such cyber attacks usually demand a ransom in return for releasing data.

On Monday, White House National Security officials labeled the attack financially motivated but did not say whether the Colonial Pipeline agreed to pay the ransom.

“Usually this is a private sector decision,” Anne Neuberger, deputy national security advisor on cyber and emerging technologies, told White House reporters when asked about the ransom payment.

Anne Neuberg, Deputy National Security Advisor for Cyber ​​and Emerging Technologies, speaks about the colonial pipeline failure following a cyber attack during the daily press conference at the White House in Washington, USA, on May 10, 2021.

Kevin Lemarque | Reuters

“We recognize that cyber attack victims often face a very difficult situation and often only have to weigh the cost-benefit ratio when they have no other choice but to pay a ransom. Colonial is a private company, and we will postpone information about your decision. ” about paying a ransom to them, “said Neuberger.

She added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

On Monday before, the DarkSide group described its actions as “apolitical” in a Cybereason statement to CNBC.

“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government and look for our motives,” wrote the group.

“Our goal is to make money and not create problems for society. Starting today, we are introducing moderation and reviewing every company that our partners want to encrypt in order to avoid social consequences in the future,” added the statement.

Biden told reporters on Monday that the US currently has no information linking the DarkSide group’s ransomware attack to the Russian government.

“So far there is no evidence from our intelligence officials that Russia is involved, although there is evidence that the actor’s ransomware is in Russia. You have a certain responsibility to deal with it,” Biden said from the White House on Monday.

He added that he would continue to discuss the situation with Russian President Vladimir Putin.

The Kremlin has previously denied claims that it launched cyberattacks against the United States.

On Wednesday, the Colonial Pipeline said in an evening statement that it had resumed operations days after its entire system was shut down due to the cyber attack. The company described its decision to temporarily close its pipeline service as a precautionary measure.

“Some markets served by Colonial Pipeline may or continue to experience intermittent business interruptions during the launch phase. Colonial will and will continue to move as much gasoline, diesel and jet fuel as possible until markets return.” normal, “added the company.

The Colonial Pipeline hack is just the latest example of criminal groups or state actors exploiting US cyber vulnerabilities. Last year, software from IT company SolarWinds was breached, allowing hackers to access communications and data in multiple government agencies.

In April, Washington officially made the Russian foreign intelligence service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the incident as “the largest and most sophisticated attack the world has ever seen”. Microsoft’s systems were also infected with malicious software.

The Russian government denies all allegations behind the SolarWinds hack.

Categories
Business

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

In a separate ransomware attack on the Metropolitan Police Department in Washington, DC, hackers said the price offered by the police was “too low” and this week posted 250 gigabytes of the department’s data online, including databases of gang members become.

In his remarks on Thursday, Mr Biden used the Colonial Pipeline hack as further evidence that the United States needs to improve its critical infrastructure and urged lawmakers to end its $ 2.3 trillion proposal for road rebuilding, Support bridges, pipelines and other projects.

Republicans have defied the size of Mr Biden’s proposals, accusing the president of wanting to levy taxes to pay for things they don’t see as infrastructure, like housekeeping programs. Mr Biden has suggested raising taxes for wealthy people and businesses to pay for his expenses, but has said he is open to other ideas.

“I am ready to negotiate, as I indicated to members of the House and the leadership yesterday,” said Biden. “But it is clearer than ever that doing nothing is not an option.”

Gasoline prices in South Carolina and Georgia rose around 3 cents Wednesday through Thursday, about half what it had in the past few days. But prices in Tennessee, which depend on an offshoot of the pipeline, rose 6 cents to $ 2.87 for a gallon of regulars. Nationwide, the average price for a gallon of regular guests rose by 2 cents to $ 3.03, according to the AAA car club.

Gasoline supplies vary from state to state along the pipeline, partly because some locations have more storage than others. New Jersey was only 1 percent missing from gas stations early Thursday morning, while more than half of gas stations in Virginia, North Carolina and South Carolina ran out of fuel, according to GasBuddy, a fuel monitoring app. Friday is traditionally the biggest day for gasoline sales.

It will likely take at least a whole weekend for supplies to return to normal at all gas stations as it will take some time for fuel to flow through the pipeline.

Categories
Politics

How the US Misplaced to Hackers

How the United States Lost to Hackers

There’s a reason we believed in the fallacy that a crime could protect us: the crime was a bloody masterpiece.

Starting in 2007, the United States and Israel launched an attack on Iran’s Natanz nuclear power plant, which destroyed around a fifth of Iranian centrifuges. Known as Stuxnet, this attack spread through seven holes in Microsoft and Siemens industrial software known as “zero days”. (Only one was previously announced but never patched). In the short term, Stuxnet was a complete success. It set back Iran’s nuclear ambitions years ago and stopped the Israelis from bombing Natanz and starting World War III. In the long term, it showed allies and opponents what they lacked and changed the digital world order.

In the next ten years an arms race was born.

NSA analysts left the agency to set up cyber weapons factories in Virginia like Vulnerability Research Labs, which sold click-and-shoot tools to American agencies and our closest English-speaking allies at Five Eyes. A contractor, Immunity Inc., founded by a former NSA analyst, started a more slippery slope. First, staff say, trained immunity advisors like Booz Allen, then defense company Raytheon, then the Dutch and Norwegian governments. But soon the Turkish army knocked.

Companies like CyberPoint took it a step further, stationing themselves overseas and sharing the tools and crafts that the UAE would eventually use to turn on its own people. In Europe, Pentagon spyware suppliers like the Hacking Team began selling the same tools to Russia and then Sudan that they were ruthlessly using.

As the market expanded beyond the NSA’s direct control, the agency continued to focus on crime. The NSA knew that the same vulnerabilities it found and exploited elsewhere would one day strike back Americans. The answer to this dilemma was to reduce the American state of emergency to an acronym – NOBUS – which stands for “Nobody But Us”. When the agency found a vulnerability that it believed could only be exploited, it hoarded it.

That strategy was part of what General Paul Nakasone, the current NSA director, and George Washington and Chinese strategist Sun Tzu before him, refer to as “active defense.”

In modern warfare, “active defense” means hacking enemy networks. It is a mutually assured destruction for the digital age: We hacked into the Russian troll networks and their grids as a sign of violence. Iran’s nuclear facilities to take out its centrifuges; and Huawei’s source code to penetrate its customers in Iran, Syria and North Korea for espionage and to set up an early warning system for the NSA to theoretically fend off attacks before they hit.

Categories
Business

Microsoft Says Russian Hackers Considered A few of Its Supply Code

Microsoft Says Russian Hackers Viewed Some of Its Source Code

Microsoft said Thursday that the far-reaching Russian hack by US government agencies and private companies had penetrated its network further than the company had previously understood.

While the hackers, who presumably work for the Russian secret service SVR, apparently did not use Microsoft’s systems to attack other victims, they were able to view the Microsoft source code through an employee account.

Microsoft said the hackers couldn’t get into email or their products and services, and that they couldn’t change the source code displayed. No information was given on how long hackers had been on the networks or what source code of the products was displayed. Microsoft originally said it was not injured in the attack.

“Our investigation of our own environment has revealed no evidence of access to manufacturing services or customer data,” the company said in a blog post. “The ongoing investigation also found no evidence that our systems were used to attack others.”

The hack, which may still be ongoing, appears to have started as early as October 2019. At the time, hackers breached SolarWinds, a Texan company that provides technology monitoring services to government agencies and 425 of the Fortune 500 companies. The compromised software was then used to break into the Commerce, Treasury, State and Energy departments, along with FireEye, a leading cybersecurity company that first exposed the breach last month.

Investigators are still trying to understand what the hackers stole, and active investigations suggest that the attack is more widespread than originally thought. Last week, CrowdStrike, a FireEye competitor, announced that it had been unsuccessfully attacked by the same attackers. In this case, the hackers used Microsoft resellers, companies that sell software on Microsoft’s behalf, to try to gain access to their systems.

The Department of Homeland Security has confirmed that SolarWinds was just one of several ways the Russians attacked American agencies, tech and cybersecurity companies.

President Trump has publicly suggested that China, not Russia, may have been the culprit behind the hack – a finding that has been denied by Secretary of State Mike Pompeo and other senior members of the administration. Mr Trump has also privately referred to the attack as a “joke”.

President-elect Joseph R. Biden Jr. has accused Mr. Trump of downplaying the hack, saying his administration will not be able to trust the software and networks that federal agencies rely on to do business.

Ron Klain, Mr Biden’s chief of staff, said the administration was planning a response beyond sanctions.

Economy & Economy

Updated

Dec. Dec. 23, 2020 at 8:59 p.m. ET

“Those responsible will have consequences,” Klain told CBS last week. “It’s not just sanctions. There are also steps and things we could do to reduce the ability of foreign actors to repeat this type of attack or, worse, carry out more dangerous attacks. “

Security experts said the scope of the hack cannot be fully known yet. SolarWinds has announced that its compromised software has found its way onto 18,000 networks of its customers. While SolarWinds, Microsoft, and FireEye believe the number of actual casualties could be limited to dozens, ongoing research suggests the number could be much larger.

“This hack is far worse and more powerful than we realize today,” said Dmitri Alperovitch, chairman of the Silverado Policy Accelerator and former chief technology officer at CrowdStrike. “We should be prepared for the fact that many more shoes will fall in the coming months.”

American officials are still trying to understand whether the hack was traditional espionage, similar to what the National Security Agency does with foreign networks, or whether the Russians built so-called backdoors into systems at government agencies, large corporations, the power grid, and the United States have nuclear weapons labs for future attacks.

Officials believe the hack stopped on unclassified systems but are concerned about sensitive unclassified data that the hackers may have obtained.

Microsoft said Thursday that its investigation found unusual activity on a small number of employee accounts. It was then found that one was used to display “a number of source code repositories”.

“The account did not have permission to change any code or technical systems, and our investigation also confirmed that no changes were made,” the company said on its blog post.

Unlike many technology companies, Microsoft does not rely on the secrecy of its source code to keep its products safe. Employees can easily view the source code, and the risk models assume that attackers can access it immediately, which suggests that the consequences of the breach could be limited.

Some government officials have been frustrated that Microsoft, which for a private company may have the largest window into global cyber activity, did not recognize the government and alerted them to the hack sooner. Federal agencies and intelligence agencies learned of the SolarWinds breach from FireEye.

Brad Smith, president of Microsoft, said the hack was a government failure to share threat intelligence intelligence between government agencies and the private sector. In a December interview, he called the hack a “moment of reckoning”.

“How will our government react to this?” Asked Mr. Smith. “It feels like the nation has lost sight of the lessons of September 11th. Twenty years after something terrible happened, people forget what they need to do to be successful. “

Categories
World News

Russian Hackers Broke Into Federal Companies, U.S. Officers Suspect

Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect

According to investigators, the global campaign included the hackers who put their code into regular updates to software used by a company called SolarWinds to manage networks. Its products are widely used on corporate and federal networks, and the malware has been carefully minimized to avoid detection.

The Austin, Texas-based company says it has more than 300,000 customers, including most of the country’s Fortune 500 companies. However, it is unclear how many of them are using the Orion platform that the Russian hackers infiltrated or if they were all targets.

If the Russia connection is confirmed, it will be the subtlest known theft of American government data by Moscow since a two-year rampage in 2014 and 2015 that gave Russian intelligence agencies access to the unclassified email systems at the White House State Department and the joint chiefs of staff. It took years to undo the damage, but President Barack Obama decided at the time not to name the Russians as the perpetrators – a move many in his administration now see as a mistake.

Encouraged, the same group of hackers penetrated the systems of the Democratic National Committee and top officials in Hillary Clinton’s campaign, sparking investigations and fears that permeated both the 2016 and 2020 competitions. Another, more disruptive Russian intelligence agency, the GRU, is believed to be responsible for posting the hacked emails to the DNC

“There seems to be a lot of casualties to this campaign, both in government and in the private sector,” said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a geopolitical think tank that co-founded CrowdStrike, a cybersecurity company four years ago that helped Find Russians in the systems of the Democratic National Committee. “No different from what we saw from this actor in 2014-2015 when he ran a massive campaign and successfully compromised numerous victims.”

Russia was one of several countries that also hacked American research institutions and pharmaceutical companies. That summer, Symantec Corporation warned that a Russian ransomware group was taking advantage of the sudden change in American work habits caused by the pandemic and injecting code into corporate networks at unprecedented speeds and breadth.

According to private sector investigators, the attacks on FireEye resulted in a wider hunt to find out where else the Russian hackers would have been able to infiltrate both federal and private networks. According to official sources, FireEye provided the NSA and Microsoft with some critical pieces of computer code that were looking for similar attacks on federal systems. That led to the emergency warning last week.