Tag: pipeline

U.S., Germany strike deal to permit completion of Russian Nord Stream 2 pipeline

Post author By
Post date July 22, 2021

Workers during the pipe production process at the Nord Stream 2 Mukran plant on the island of Ruegen in Sassnitz, Germany.

Carsten Koall | Getty Images

WASHINGTON – The United States and Germany have reached an agreement to enable the completion of the $ 11 billion Nord Stream 2 pipeline, a sensitive, long-standing point of contention between the otherwise steadfast allies.

The agreement between Washington and Berlin announced on Wednesday aims to invest more than 200 million euros in energy security in Ukraine and in sustainable energy across Europe.

“Should Russia attempt to use energy as a weapon or commit further aggressive acts against Ukraine, Germany will act at the national level and press for effective action at the European level, including sanctions, to restrict Russian export capabilities to Europe in the energy sector. “Said a senior State Department official when he called reporters on Wednesday.

The senior State Department official, who requested anonymity to openly discuss the deal, added that the US will also retain the privilege to impose sanctions if Russia uses energy as a coercive measure.

The official said the United States and Germany are “firmly committed to the sovereignty and territorial integrity” of Ukraine and have therefore consulted closely with Kiev on the matter.

Biden, Merkel agree Russia can not use Nord Stream pipeline as weapon

Post author By
Post date July 16, 2021

US President Joe Biden and German Chancellor Angela Merkel hold a joint press conference in the East Room of the White House in Washington, DC, July 15, 2021.

Saul Loeb | AFP| Images

President Joe Biden and German Chancellor Angela Merkel agreed on Thursday that they will oppose any effort by Russia to use the contentious Nord Stream pipeline as a weapon against neighboring nations such as Ukraine.

The completion of Nord Stream 2, an $11 billion gas pipeline that would run directly to Germany from Russia under the Baltic Sea, has long been a source of tension between Washington and Berlin, otherwise close NATO allies.

“While I reiterated my concerns about Nord Stream 2, Chancellor Merkel and I are absolutely united in our conviction that Russia must not be allowed to use energy as a weapon to coerce or threaten its neighbors,” Biden said.

“My view on Nord Stream 2 has been known for some time. Good friends can disagree, but by the time I became president, it was 90% completed and imposing sanctions did not seem to make any sense,” he said.

The president waived sanctions against Swiss-based company Nord Stream 2 AG, which is running the pipeline project, and its German CEO in May. Nord Stream 2 AG is owned by the Russian state energy company Gazprom.

Biden has opposed the completion of the pipeline over concerns that it would allow Moscow to gain increased political leverage over other European nations and more control over energy reserves.

In particular, the U.S. fears that the pipeline would threaten the security and economy of Ukraine by depriving it of crucial gas transport revenues.

The route of a proposed new gas pipeline from Russia to Europe.

nord-stream2.com

Merkel has supported the pipeline, but emphasized on Thursday that Nord Stream would not replace Ukraine’s transit pipelines for natural gas.

“Our idea is and remains that Ukraine remains a transit country for natural gas, that Ukraine, just as any other country in the world, has the right to territorial sovereignty,” Merkel said at the joint press conference.

“We will be actively acting should Russia not respect this right of Ukraine that it has as a transit country,” Merkel said.

Biden said he and Merkel asked their teams to examine practical measures that can be taken to determine if Europe’s energy security is “strengthened or weakened based on Russian actions.”

The pipeline was among the several global issues that the two leaders addressed at the White House on Thursday in what is likely to be Merkel’s last visit to Washington before she steps down from office.

The two leaders also announced a climate and energy partnership, which Biden said will support energy security and the development of sustainable energy in emerging economies in Central Europe and Ukraine.

CNBC Politics

Read more of CNBC’s politics coverage:

Biden and Merkel also signed a pact, called the Washington Declaration, which reaffirms the U.S. and Germany’s commitment to democratic principles and outlines a joint vision to address global issues guided by those values.

“Both our nations understand the imperative of proving that democracies can deliver the needs of our people in the second quarter of the 21st century,” Biden said.

Among the other issues that the two leaders addressed were China, climate change, security issues in Afghanistan and combating Covid-19. Biden said the U.S. is reviewing when it can lift Covid-related travel restrictions that ban most Europeans from entering the U.S., an issue that Merkel had raised prior to the joint news conference.

Merkel’s visit serves as a stark contrast to former President Donald Trump’s notorious clashes with her during his term, which contributed to the deterioration of the two nations’ relationship.

Trump publicly called out Merkel for not meeting the 2% GDP spending goal established at the 2014 NATO summit in Wales, claiming that Germany owed “vast sums of money” to the U.S. Trump also hammered Merkel on trade and moved to withdraw nearly 12,000 U.S. troops from Germany.

In response, Merkel often pushed back on Trump’s rhetoric and criticized policy decisions such as his travel ban targeting citizens of several mainly Muslim countries.

Biden has made it a priority to repair relationships with Germany and other European nations. Merkel is the first European leader to meet with Biden at the White House, and her visit serves as a final farewell to the U.S. as she approaches the end of a historic political career that has lasted nearly 16 years.

Merkel’s visit will end with a dinner hosted by the president and first lady Jill Biden in the State Dining Room. The dinner will be attended by Vice President Kamala Harris, second gentleman Dough Emhoff and others who are boosters for Germany’s relationship with the U.S.

“I know that the partnership between Germany and the United States will continue to grow stronger on the foundation that you’ve helped to build,” Biden said to Merkel.

“But on a personal note, I must tell you, I’ll miss seeing you at our summit, I truly will. So thank you again for making the journey, for a productive meeting today and for your friendship,” he said.

Tags Agree, Biden, Merkel, Nord, pipeline, Russia, Stream, Weapon

Politics

Bitcoin Is Truly Traceable, Pipeline Investigation Reveals

Post author By
Post date June 10, 2021

When Bitcoin hit the market in 2009, fans touted the cryptocurrency as a secure, decentralized, and anonymous way to conduct transactions outside of the traditional financial system.

Criminals, often operating in hidden areas of the internet, flocked to Bitcoin to do illegal business without revealing their name or location. The digital currency quickly became just as popular with drug dealers and tax evaders as it was with contrarian libertarians.

But this week’s revelation that federal officials recovered most of the Bitcoin ransom paid in the Colonial Pipeline’s recent ransomware attack revealed a fundamental misconception about cryptocurrencies: they’re not as difficult to track as cybercriminals think they are.

On Monday, the Justice Department announced that it had tracked 63.7 of the 75 bitcoins – about $ 2.3 million of the $ 4.3 million – that Colonial Pipeline paid to the hackers when the ransomware attack took place the company’s computer systems had shut down, leading to fuel shortages and an increase in revenue for gasoline prices. Officials have since declined to provide any further details on how they precisely recovered the bitcoin, which was fluctuating in value.

Yet for the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators tracked the ransom as it moved through at least 23 different electronic accounts from DarkSide, the hacking collective, before accessing an account, showed that law enforcement grew with the industry.

That’s because the same properties that make cryptocurrencies attractive to cyber criminals – the ability to instantly transfer money without a bank’s permission – can be used by law enforcement agencies to track and track criminals’ funds at the speed of the internet confiscate.

Bitcoin is also traceable. While digital currency can be created, moved and stored outside the jurisdiction of a government or financial institution, every payment is recorded on a permanent fixed ledger called a blockchain.

This means that all Bitcoin transactions are open. The Bitcoin ledger can be viewed by anyone connected to the blockchain.

“It’s digital breadcrumbs,” said Kathryn Haun, former federal prosecutor and investor in the venture capital firm Andreessen Horowitz. “There’s a path that law enforcement can follow pretty well.”

Ms. Haun added that the speed with which the Justice Department confiscated most of the ransom was “groundbreaking” precisely because of the use of cryptocurrencies by hackers. In contrast, she said, obtaining records from banks often requires months or years of searching through paperwork and red tape, especially when those banks are overseas based.

Given the public nature of the ledger, cryptocurrency experts said, all law enforcement agencies need to do is figure out how to connect the criminals to a digital wallet that holds the bitcoins. To do this, the authorities have likely focused on what is known as a “public key” and a “private key”.

A public key is the sequence of numbers and letters that Bitcoin holders use to transact with others, while a “private key” is used to keep a wallet secure. Tracking down a user’s transaction history was a matter of determining which public key they controlled, authorities said.

The seizure of the assets then required obtaining the private key, which is more difficult. It is unclear how federal agents got hold of DarkSide’s private key.

Justice Department spokesman Marc Raimondi declined to say more about how the FBI confiscated DarkSide’s private key. According to court documents, investigators accessed the password for one of the hackers’ Bitcoin wallets, but did not do exactly how.

The FBI didn’t seem to be relying on any underlying flaw in blockchain technology, cryptocurrency experts said. The most likely culprit was good old-fashioned policing.

Federal agents could have confiscated DarkSide’s private keys by infiltrating a human spy into DarkSide’s network, hacking computers that stored their private keys and passwords, or forcing the service holding their private wallet to do so to surrender them by warrant or other means.

“If they get their hands on the keys, they can be confiscated,” said Jesse Proudman, founder of Makara, a cryptocurrency investment site. “Just relying on a blockchain does not solve this fact.”

The FBI has partnered with several companies that specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents and the companies. Startups with names like TRM Labs, Elliptic, and Chainalysis, tracking cryptocurrency payments and exposing possible criminal activity, have emerged as law enforcement agencies and banks seek to forestall financial crime.

Their technology tracks blockchains in search of patterns that suggest illegal activity. It’s similar to how Google and Microsoft tamed email spam by identifying and then blocking accounts that distribute email links across hundreds of accounts.

“Cryptocurrency allows us to use these tools to track funds and financial flows along the blockchain in ways we could never do with cash,” said Ari Redbord, general manager of legal at TRM Labs, a blockchain intelligence company who sells its analytics software to law enforcement agencies and banks. Previously, he was senior financial intelligence and terrorism advisor at the Treasury Department.

Several longtime cryptocurrency enthusiasts said recovering much of the Bitcoin ransom is a win for the legitimacy of digital currencies. That would help change Bitcoin’s image as a criminal playground, they said.

“The public is slowly being shown on a case-by-case basis that Bitcoin is good for law enforcement and bad for crime – the opposite of what many have believed in the past,” said Hunter Horsley, CEO of Bitwise Asset Management, a cryptocurrency company. Investment company.

In the last few months, cryptocurrencies have become more and more mainstream. Companies like PayPal and Square have expanded their cryptocurrency services. Coinbase, a startup that enables people to buy and sell cryptocurrencies, went public in April and is now valued at $ 47 billion. Over the weekend, a Bitcoin conference in Miami drew more than 12,000 attendees, including Twitter CEO Jack Dorsey and former boxer Floyd Mayweather Jr.

As more and more people use Bitcoin, most of them access the digital currency in a way that mirrors a traditional bank, through a centralized intermediary such as a crypto exchange. In the United States, anti-money laundering and identity verification laws require such services to know who their customers are, thereby establishing a link between identity and account. Customers must upload an official ID when registering.

Ransomware attacks have taken a close look at unregulated crypto exchanges. Cyber criminals are flocking to thousands of high risk areas in Eastern Europe that do not obey these laws.

After the attack on the Colonial Pipeline, several financial leaders proposed a ban on cryptocurrencies.

“We can live in a cryptocurrency world or a world without ransomware, but we cannot have both,” Lee Reiners, executive director of the Global Financial Markets Center at Duke Law School, wrote in the Wall Street Journal.

Cryptocurrency experts said the hackers could have tried to make their Bitcoin accounts even more secure. Some cryptocurrency holders go to great lengths to store their private keys for everything connected to the Internet in what is known as a “cold wallet”. Some people remember the sequence of numbers and letters. Others write them down on paper, although they can be obtained through search warrants or police work.

“The only way to preserve the truly invulnerable characteristics of the asset class is to memorize the keys and not have them written down anywhere,” said Mr Proudman.

Justice Department Mr Raimondi said the ransom seizure through the Colonial Pipeline was the federal prosecutor’s latest stabbing operation to recover illegally acquired cryptocurrency. He said the department had “many hundreds of millions of dollars of seizures of non-hosted cryptocurrency wallets” used for criminal activity.

In January, the Justice Department disrupted another ransomware group, NetWalker, which was using ransomware to extort money from communities, hospitals, law enforcement agencies and schools.

As part of that sting, the department received approximately $ 500,000 of the cryptocurrency from NetWalker that was collected from victims of their ransomware.

“While these individuals believe they are acting anonymously in the digital space, we have the ability and tenacity to identify and prosecute these actors to the fullest extent of the law and confiscate their criminal proceeds,” said Maria Chapa Lopez, then US Attorney for the Middle East District of Florida said when the case became known.

In February, the Justice Department announced that it had arrest warrants for the seizure of nearly $ 2 million in cryptocurrencies that North Korean hackers had stolen and debited from two different cryptocurrency exchanges.

Last August, the department also unsealed a complaint against North Korean hackers who stole $ 28.7 million in cryptocurrencies from a cryptocurrency exchange and then laundered the proceeds through Chinese cryptocurrency laundering services. The FBI traced the funds to 280 cryptocurrency wallets and their owners.

In the end, “cryptocurrencies are actually more transparent than most other forms of value transfer,” said Madeleine Kennedy, a spokeswoman for Chainalysis, the start-up that tracks payments in cryptocurrencies. “Certainly more transparent than cash.”

Tags bitcoin, investigation, pipeline, Shows, Traceable

Politics

Colonial Pipeline paid $5M ransom someday after hack, CEO tells Senate

Post author By
Post date June 9, 2021

Joseph Blount, JR., President and Chief Executive Officer, Colonial Pipeline is sworn in as he attends a hearing to examine threats to critical infrastructure, focusing on examining the Colonial Pipeline cyber attack at the U.S. Capitol in Washington, U.S., June 8, 2021.

Andrew Caballero-Reynolds | Reuters

WASHINGTON — Colonial Pipeline’s CEO told a Senate committee on Tuesday the company paid the $5 million ransom one day after Russian-based cybercriminals hacked its IT network, crippling fuel deliveries up and down the East Coast.

Joseph Blount Jr. told members of the Senate Homeland Security and Governmental Affairs Committee in prepared remarks that the company learned of the attack shortly before 5 a.m. on May 7, when an employee discovered a ransom note on a system in the IT network.

The note said hackers had “exfiltrated” material from the company’s shared internal drive, and it demanded approximately $5 million in exchange for the files.

The company was attacked by a ransomware program created by DarkSide, a cyber criminal group believed to operate out of Russia.

Blount said that shortly after discovering the ransom note, the employee notified a supervisor and the decision was made to immediately shut down the entire pipeline.

“At approximately 5:55 A.M. employees began the shutdown process,” Blount wrote. “By 6:10 A.M., they confirmed that all 5,500 miles of pipelines had been shut down.”

The decision to shut down the entire pipeline was driven by “the imperative to isolate and contain the attack to help ensure the malware did not spread to the Operational Technology network, which controls our pipeline operations, if it had not already.”

The shutdown caused major disruptions to gas delivery up and down the East Coast, as trucks struggled to restock gas stations, and long lines developed at pumps, especially in the Southeast. Airline operations also were disrupted.

Blount’s testimony revealed just how quickly the company decided to suspend operations, and it provided new details about the first few days after the attack.

The company believes attackers “exploited a legacy virtual private network profile that was not intended to be in use,” Blount told senators.

But he admitted that the account was not protected by multifactor authentication, which is currently the company standard in most of its operations. Blount said the password was complicated, though. “It was not a ‘Colonial 123’-type password.”

Blount also testified about the approximately $5 million in ransom that the company paid to the DarkSide hackers. He revealed that Colonial Pipeline paid the ransom one day after the attack.

“I made the decision that Colonial Pipeline would pay the ransom to have every tool available to us to swiftly get the pipeline back up and running,” Blount said in his opening statement. “It was one of the toughest decisions I have had to make in my life.”

“At the time, I kept this information close hold because we were concerned about operational security and minimizing publicity for the threat actor,” he said.

In response to a question about whether the company paid ransom to an entity under U.S. sanctions, Blount said the company checked the sanctions list maintained by the Office of Foreign Asset Control before making the payment.

The day before Blount testified, U.S. law enforcement officials announced that they were able to recover $2.3 million in bitcoin from the hacker group.

Blount also told senators that the company contacted the FBI within hours of discovering the attack.

This story will be updated throughout the Senate hearing.

Tags CEO, Colonial, Day, hack, Paid, pipeline, Ransom, Senate, tells

World News

Biden’s technique on the Russia-to-Germany gasoline pipeline complicated and wishes rationalization, says international coverage professional

Post author By
Post date May 22, 2021

Michael O’Hanlon, a Brookings Institution senior fellow, said he thinks the Biden administration’s decision to waive sanctions on a Russian company overseeing the construction of a controversial Russia-to-Germany gas pipeline was about improving relations with Germany.

“I believe they’re essentially deferring to Chancellor [Angela] Merkel to figure out some kind of a strategy that she thinks may work, and maybe get Russia to behave better over Ukraine and other places… But if that’s the strategy, I’d like to hear it explained and defended, not just sort of swept under the rug,” said O’Hanlon.

The Russia-to-Germany gas pipeline, known as Nord Stream 2, would bring natural gas from Russia to Germany and run under the Baltic Sea. Critics from both sides of the political aisle expressed concern that Russia could use the pipeline to gain leverage over European nations.

Republican Senator Rob Portman slammed the decision and has said it was “contrary to our national interests, and at an especially volatile period, helps Russia while hurting Ukraine and our European Union allies.”

New Hampshire Democrat Jeanne Shaheen said in a statement that “completion of this pipeline poses a threat to U.S. security interests and the stability of our partners in the region.”

The White House did not immediately respond to CNBC’s request for comment.

O’Hanlon told CNBC’s “The News with Shepard Smith” that he agreed with the critics.

“It’s confusing why you would give Russia more leeway, more leverage, and also the ability to bypass Ukraine in shipping gas into Europe,” said O’Hanlon. “It doesn’t smack me to be a good decision.”

Tags Bidens, confusing, expert, explanation, foreign, gas, pipeline, policy, RussiatoGermany, Strategy

Politics

Colonial Pipeline paid $5 million ransom to hackers

Post author By
Post date May 17, 2021

WASHINGTON – Colonial Pipeline paid hackers a ransom after the company fell victim to a widespread cyber attack, a source familiar with the situation confirmed to CNBC.

A US official who spoke on condition of anonymity confirmed to NBC News that Colonial had paid nearly $ 5 million in ransom to the cybercriminals.

It wasn’t immediately clear when the transaction took place. Colonial Pipeline did not immediately respond to CNBC’s request for comment. The ransom payment was first reported by Bloomberg.

The previous Thursday, President Joe Biden declined to comment when asked if Colonial Pipeline had paid the ransom. White House press secretary Jen Pskai told reporters during a briefing that it remains the federal government’s position not to pay ransom as this could encourage cybercriminals to launch further attacks.

Last week’s attack, carried out by a cyber criminal group called DarkSide, forced the company to shut down about 5,500 miles of pipeline, causing half the fuel supply on the east coast and gasoline shortages in the southeast.

Ransomware attacks are malware that encrypts files on a device or network and causes the system to become inoperable. Criminals behind such cyber attacks usually demand a ransom in return for releasing data.

On Monday, White House National Security officials labeled the attack financially motivated but did not say whether the Colonial Pipeline agreed to pay the ransom.

“Usually this is a private sector decision,” Anne Neuberger, deputy national security advisor on cyber and emerging technologies, told White House reporters when asked about the ransom payment.

Anne Neuberg, Deputy National Security Advisor for Cyber and Emerging Technologies, speaks about the colonial pipeline failure following a cyber attack during the daily press conference at the White House in Washington, USA, on May 10, 2021.

Kevin Lemarque | Reuters

“We recognize that cyber attack victims often face a very difficult situation and often only have to weigh the cost-benefit ratio when they have no other choice but to pay a ransom. Colonial is a private company, and we will postpone information about your decision. ” about paying a ransom to them, “said Neuberger.

She added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

On Monday before, the DarkSide group described its actions as “apolitical” in a Cybereason statement to CNBC.

“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government and look for our motives,” wrote the group.

“Our goal is to make money and not create problems for society. Starting today, we are introducing moderation and reviewing every company that our partners want to encrypt in order to avoid social consequences in the future,” added the statement.

Biden told reporters on Monday that the US currently has no information linking the DarkSide group’s ransomware attack to the Russian government.

“So far there is no evidence from our intelligence officials that Russia is involved, although there is evidence that the actor’s ransomware is in Russia. You have a certain responsibility to deal with it,” Biden said from the White House on Monday.

He added that he would continue to discuss the situation with Russian President Vladimir Putin.

The Kremlin has previously denied claims that it launched cyberattacks against the United States.

On Wednesday, the Colonial Pipeline said in an evening statement that it had resumed operations days after its entire system was shut down due to the cyber attack. The company described its decision to temporarily close its pipeline service as a precautionary measure.

“Some markets served by Colonial Pipeline may or continue to experience intermittent business interruptions during the launch phase. Colonial will and will continue to move as much gasoline, diesel and jet fuel as possible until markets return.” normal, “added the company.

The Colonial Pipeline hack is just the latest example of criminal groups or state actors exploiting US cyber vulnerabilities. Last year, software from IT company SolarWinds was breached, allowing hackers to access communications and data in multiple government agencies.

In April, Washington officially made the Russian foreign intelligence service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the incident as “the largest and most sophisticated attack the world has ever seen”. Microsoft’s systems were also infected with malicious software.

The Russian government denies all allegations behind the SolarWinds hack.

Tags Colonial, Hackers, million, Paid, pipeline, Ransom

Politics

After Colonial Pipeline hack, all organizations want to spice up cyber defenses

Post author By
Post date May 16, 2021

After Colonial Pipeline hack, all organizations need to boost cyber defenses

Storage tanks at a Colonial Pipeline Inc. facility in Avenel, New Jersey on Wednesday, May 12, 2021.

Mark Kauzlarich | Bloomberg | Getty Images

The recent ransomware attack on Colonial Pipeline was an all-too-familiar story for businesses in the United States.

The pipeline, which supplies around 50 million people from the Gulf Coast to the entire east coast with fuel, was closed last Friday as a precautionary measure after a ransomware attack. The company and the US government are continuing to investigate the extent of the impact.

In the past few months, ransomware attacks have hit businesses of all sizes and hospitals in New York, Nebraska, Oregon, and Michigan, among others. Police and sheriff offices, schools, and local governments, from Atlanta to Baltimore to Fisher County, Texas, have suffered a similar fate.

A recent report from the Ransomware Task Force, a group of 60 cybersecurity experts from industry and government, highlights both the alarming increase in the frequency of these attacks and the size of the ransom they are asking for.

It is estimated that $ 350 million in ransom was paid to attackers in 2020 – an increase of more than 300 percent from the previous year – with an average payment of over $ 300,000.

According to a 2021 report, most of the industrial casualties in 2020 were in manufacturing, professional and legal services, and construction. Healthcare, manufacturing, and education companies saw significant increases. Attacks on industries like aerospace also seem to be increasing.

Organizations affected by ransomware are often faced with a very difficult decision: either have to pay a ransom and fuel a criminal market, or refuse to pay and hope that their computer systems can be restored.

If companies decide to pay the ransom to get back up and running quickly, the price can bring their business to the brink of bankruptcy. In addition, there is no guarantee that their systems will be restored.

In short, businesses in every sector and size need to take this threat seriously and take steps today to protect themselves. By the time you face an attack, it will be too late to take proactive action.

Organizations can also lose access to their protected information, including intellectual property, customer and employee data, and suffer reputational costs.

Protecting the American people and businesses from ransomware must be a top priority as a nation. We can no longer look the other way and simply treat ransomware as a nuisance. This latest attack should serve as a reminder to organizations across the country to step up their cyber defenses and stay one step ahead of future threats.

Like most cyber attacks, ransomware exploits the weakest link. Small businesses are particularly at risk as many of them are financially vulnerable and lack the resources to install cybersecurity software, ensure constant technology monitoring, provide staff training, and hire full-time information technology professionals.

It’s no surprise that small businesses make up half to three-quarters of all ransomware victims. And when these companies become targets, it can have devastating and lasting effects, forcing some to permanently close their doors.

The good news is that you don’t have to do it alone and there are affordable solutions for every budget. That’s why the departments of Homeland Security and Commerce are working together to help businesses prevent and respond to ransomware attacks.

A few simple but important steps can go a long way in protecting against this category of malicious cyber activity. Our two departments strive to work with companies and their CEOs.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is well positioned to help organizations take preventative measures to increase resilience before an attack occurs.

CISA recently launched its “Reduce Your Risk of Ransomware” campaign of free public guidance and resources to help companies prepare for these attacks and assess the strength of their company’s cyber stance.

Practical guide

The CISA website also links to the practical guidance from the Department of Commerce’s National Institute of Standards and Technology (NIST), which draws on its in-depth economic and technical expertise. The National Cyber Investigative Joint Task Force has also provided guidance on how to respond to a ransomware attack.

Improving basic cybersecurity hygiene to prevent ransomware is important, but only part of the solution. The Biden Harris Administration coordinates a strategy across government to increase resilience, disrupt and investigate ransomware networks, and bring perpetrators to justice.

However, the federal government cannot fight ransomware on its own. Prevention, disruption and law enforcement require cooperation at all levels of government and in the private sector – both domestically and internationally.

Our departments will continue to advocate a comprehensive approach to combating ransomware to keep our communities safe. The requirements of malicious ransomware attacks require nothing less.

In the coming weeks, we will be stepping up our departments’ relationships with the private sector and exploring new initiatives to support businesses, healthcare systems and local governments. These public-private partnerships will continue to protect our businesses, our economy, and our national security.

Alejandro N. Mayorkas is the US Secretary of Homeland Security and Gina M. Raimondo is the US Secretary of Commerce.

Tags boost, Colonial, cyber, defenses, hack, organizations, pipeline

Business

Colonial Pipeline Hack Reveals Weaknesses in US Cybersecurity

Post author By
Post date May 15, 2021

For years, government officials and industry executives have been running in-depth simulations of a targeted cyberattack on the US power grid or gas pipeline and imagining how the country would react.

But when the real moment came when it wasn’t an exercise, it didn’t look like the war games.

The attacker was not a terrorist group or a hostile state such as Russia, China or Iran, as was assumed in the simulations. It was a criminal blackmail ring. The aim was not to disrupt the economy by taking a pipeline offline, but rather to save company data as a ransom.

The most visible impact – long lines of nervous drivers at gas stations – resulted not from a government response but from a decision by the victim Colonial Pipeline, which controls nearly half of the gasoline, jet fuel and diesel flowing on the east coast, to turn the spigot. This was done out of concern that the malware that had infected their back office functions could make it difficult to bill for the fuel delivered down the pipeline or even spread to the pipeline’s operating system.

What happened next was a vivid example of the difference between table simulations and the cascade of consequences that can follow even a relatively straightforward attack. The episode aftermath is still playing out, but some of the lessons are already clear, showing how far the government and the private sector must go to prevent and manage cyberattacks and put in place fast backup systems in case that critical Infrastructures fail.

In this case, the long-held belief that the pipeline’s operations were completely isolated from the data systems locked down by DarkSide, a gang of ransomware believed to be operating out of Russia, proved false. And the company’s decision to shut down the pipeline sparked a series of dominoes, including panic buying at the pumps and silent fear within the government that the damage could spread quickly.

A confidential assessment by the ministries of energy and homeland security found that the country could only afford three to five days if the colonial pipeline was shut down before buses and other local transport had to cut operations due to the lack of diesel fuel. Chemical plants and refineries would also be shut down as there was no way to sell what they produced, the report said.

And while President Biden’s advisors announced efforts to find alternative ways to get gasoline and jet fuel to the east coast, none were immediately available. There was a shortage of truck drivers and tankers for trains.

“Every fragility has been exposed,” said Dmitri Alperovitch, co-founder of CrowdStrike, a cybersecurity company and now chairman of the Silverado Policy Accelerator think tank. “We learned a lot about what could go wrong. Unfortunately our opponents too. “

The list of lessons is long. Colonial, a private company, may have thought it had an impermeable protective wall, but it was easy to break through. Even after paying the extortionists nearly $ 5 million in digital currency to recover their data, the company found that the process of decrypting its data and turning the pipeline back on was excruciatingly slow, which means it is still It will be days before the east coast comes back to normal.

“It’s not like flicking a light switch,” Biden said Thursday, noting that the 5,500-mile pipeline had never been shut down before.

For the administration, the event was a dangerous week in crisis management. Mr Biden told the aides it was remembered that nothing could cause political damage faster than television images of gas pipes and soaring prices, with the inevitable comparison to Jimmy Carter’s worst moments as president.

Mr Biden feared the situation would raise concerns that the economic recovery is still fragile and inflation will rise if the pipeline is not restarted, the panic subsides and the price cut is nipped in the bud.

In addition to the numerous measures to promote oil traffic on trucks, trains and ships, Mr Biden published a long-standing regulation that aims to prescribe changes in cybersecurity for the first time.

And he suggested that he was ready to take steps the Obama administration hesitated during the 2016 election campaigns – direct measures to repel the attackers.

“We will also be pursuing a measure to compromise its operability,” said Biden, a line suggesting that the United States Cyber Command, the military’s cyberwarfare force, had authority to take DarkSide out of circulation like another ransomware group in the fall before the presidential election.

Hours later, the group’s website went dark. Early Friday, DarkSide and several other ransomware groups, including Babuk, who hacked the Washington DC Police Department, announced they were getting out of the game.

Darkside alluded to disruptive actions by an unspecified law enforcement agency, although it was not clear whether this was the result of US action or pressure from Russia ahead of Mr Biden’s expected summit with President Vladimir V. Putin. And the silence could have simply expressed a decision by the ransomware gang to thwart retaliation by potentially suspending their operations.

The Pentagon’s Cyber Command referred questions to the National Security Council, which refused to comment.

The episode highlighted the emergence of a new “mixed threat” that may emanate from cybercriminals but is often tolerated and sometimes encouraged by a nation that views the attacks as serving their interests. That is why Mr Biden singled out Russia – not as the culprit, but as a nation that is home to more ransomware groups than any other country.

“We do not believe that the Russian government was involved in this attack, but we have strong reasons to believe that the criminals who carried out this attack live in Russia,” said Biden. “We spoke in direct communication with Moscow about the need for responsible countries to take action against these ransomware networks.”

With Darkside’s systems down, it’s unclear how Mr Biden’s government would take further revenge beyond possible charges and sanctions that Russian cybercriminals have not previously deterred. Fighting back with a cyber attack also carries the risk of escalation.

The government must also expect much of America’s critical infrastructure to be owned and operated by the private sector and still ripe for attack.

“This attack showed how bad our resilience is,” said Kiersten E. Todt, executive director of the nonprofit Cyber Readiness Institute. “We are rethinking the threat if we still don’t lay the foundations to secure our critical infrastructure.”

The good news, some officials said, was that the Americans received a wake-up call. Congress faced the reality that the federal government lacks the power to require a minimum level of cybersecurity from the companies that control more than 80 percent of the country’s critical infrastructure.

The bad news is that American opponents – not just superpowers, but also terrorists and cyber criminals – are learning how little it takes to wreak havoc in a large part of the country, even if they don’t break into the core of the electricity grid or the operational control systems, moving gasoline, water, and propane across the country.

Something as basic as a well-designed ransomware attack can easily do the trick while providing plausible denial to states like Russia, China, and Iran, which often appeal to outsiders for sensitive cyber operations.

It remains a mystery how Darkside first broke into Colonial’s business network. The privately owned company has said practically nothing, at least in public, about how the attack unfolded. It waited four days before having significant conversations with the administration, an eternity during a cyberattack.

Cybersecurity experts also note that the Colonial Pipeline never should have shut down its pipeline if it had had more confidence in the separation between its business network and pipeline operations.

“There should definitely be a separation between data management and the actual operating technology,” said Ms. Todt. “For a company that ships 45 percent of its gas to the east coast, frankly, it is inexcusable not to do the basics.”

Other pipeline operators in the US employ advanced firewalls between their data and their operations that only allow data to flow out of the pipeline in one direction and prevent a ransomware attack from spreading.

Colonial Pipeline did not indicate whether this level of security was provided in their pipeline. Industry analysts say many critical infrastructure operators say that installing such one-way gateways along a 5,500-mile pipeline can be complicated or prohibitively expensive. Others say the cost of providing these protections is still cheaper than the losses from potential downtime.

Detering ransomware criminals, whose number and audacity has increased in recent years, will certainly be more difficult than deterring nations. But this week made the urgency clear.

“It’s all fun and games when we steal each other’s money,” said Sue Gordon, former deputy chief director for national intelligence and longtime CIA analyst specializing in cyber issues, at a conference hosted by The Cipher Brief, an online intelligence agency Newsletter. “If we play around with the functioning of a society, we cannot tolerate it.”

Tags Colonial, Cybersecurity, hack, pipeline, Reveals, Weaknesses

Business

DarkSide, Blamed for Colonial Pipeline Assault, Says It Is Shutting Down

Post author By
Post date May 14, 2021

DarkSide, Blamed for Colonial Pipeline Attack, Says It Is Shutting Down

The intensive examination after the attack on the Colonial Pipeline clearly unsettled ransomware groups. This week, the operators of REvil and Avaddon, two major Russian-language ransomware platforms, announced tough new rules for the use of their products, including bans on targeting government-affiliated companies, hospitals or educational institutions.

The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted on the forum, the administrator drew attention to a “critical mass of damage, nonsense, hype and noise” and said even the spokesman for President Vladimir V. Putin of Russia weighed the colonial whistle attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin was involved in the attack on the pipeline.)

“The word ransom is linked to a whole range of nasty things – geopolitics, extortion, government cyberattacks,” the XSS administrator wrote. “That word has become dangerous and poisonous.”

Even if DarkSide has shut down, the ransomware threat isn’t over. Cybercriminal networks are often disintegrating, regrouping, and renaming themselves to end law enforcement, cybersecurity experts say.

“It is likely that these ransomware operators are trying to get out of the spotlight more than suddenly discovering the flaw in their path,” said Mark Arena, CEO of Intel 471. “A number of operators will most likely continue to be tight on their own affiliated groups operate and reappear under various aliases and ransomware names. “

In fact, DarkSide made no indication that its members are getting out of the ransomware business or even unchecking victims currently infected with the group’s malware. In its statement, DarkSide said it would hand over its decryption tools to affiliates to enable those intermediaries responsible for infecting computer systems with the group’s malicious software to negotiate ransom directly with victims.

“You get decryption tools for any company that hasn’t paid,” the statement said. “After that, you can communicate with them wherever you want, however you want.”

Julian Barnes contributed to the coverage.

Tags Attack, blamed, Colonial, DarkSide, pipeline, shutting

Business

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

Post author By
Post date May 14, 2021

In a separate ransomware attack on the Metropolitan Police Department in Washington, DC, hackers said the price offered by the police was “too low” and this week posted 250 gigabytes of the department’s data online, including databases of gang members become.

In his remarks on Thursday, Mr Biden used the Colonial Pipeline hack as further evidence that the United States needs to improve its critical infrastructure and urged lawmakers to end its $ 2.3 trillion proposal for road rebuilding, Support bridges, pipelines and other projects.

Republicans have defied the size of Mr Biden’s proposals, accusing the president of wanting to levy taxes to pay for things they don’t see as infrastructure, like housekeeping programs. Mr Biden has suggested raising taxes for wealthy people and businesses to pay for his expenses, but has said he is open to other ideas.

“I am ready to negotiate, as I indicated to members of the House and the leadership yesterday,” said Biden. “But it is clearer than ever that doing nothing is not an option.”

Gasoline prices in South Carolina and Georgia rose around 3 cents Wednesday through Thursday, about half what it had in the past few days. But prices in Tennessee, which depend on an offshoot of the pipeline, rose 6 cents to $ 2.87 for a gallon of regulars. Nationwide, the average price for a gallon of regular guests rose by 2 cents to $ 3.03, according to the AAA car club.

Gasoline supplies vary from state to state along the pipeline, partly because some locations have more storage than others. New Jersey was only 1 percent missing from gas stations early Thursday morning, while more than half of gas stations in Virginia, North Carolina and South Carolina ran out of fuel, according to GasBuddy, a fuel monitoring app. Friday is traditionally the biggest day for gasoline sales.

It will likely take at least a whole weekend for supplies to return to normal at all gas stations as it will take some time for fuel to flow through the pipeline.

Tags Colonial, Hackers, million, Paid, pipeline, Ransom, Roughly

Read more about clean energy from CNBC Pro

CNBC Politics

Practical guide