On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline.[4][5][6] The Colonial Pipeline Company halted all pipeline operations to contain the attack.[7][8][9][10] Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million) within several hours;[11][12] upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool had a very long processing time to help get the system back up in time.[12]

Assault On America Hack

The Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., to keep fuel supply lines open on May 9.[13] It was the largest cyberattack on an oil infrastructure target in the history of the United States.[2] The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party.[14] The same group is believed to have stolen 100 gigabytes of data from company servers the day before the malware attack.[1]

The Colonial Pipeline carries gasoline, diesel and jet fuel from Texas to as far away as New York. About 45% of all fuel consumed on the East Coast arrives via the pipeline system.[17] The attack came amid growing concerns over the vulnerability of infrastructure (including critical infrastructure) to cyberattacks after several high-profile attacks, including the 2020 SolarWinds hack that hit multiple federal government agencies, including the Defense, Treasury, State, and Homeland Security departments.[6][18]

The primary target of the attack was the billing infrastructure of the company. The actual oil pumping systems were still able to work. According to CNN sources in the company, the inability to bill the customers was the reason for halting the pipeline operation.[19] Colonial Pipeline reported that it shut down the pipeline as a precaution due to a concern that the hackers might have obtained information allowing them to carry out further attacks on vulnerable parts of the pipeline. The day after the attack, Colonial could not confirm at that time when the pipeline would resume normal functions.[7] The attackers also stole nearly 100 gigabytes of data and threatened to release it on the internet if the ransom was not paid.[1] It was reported that within hours after the attack the company paid a ransom of nearly 75 Bitcoins ($5 million) to the hackers in exchange for a decryption tool, which proved so slow that the company's business continuity planning tools were more effective in bringing back operational capacity.[20][21]

In a May 19, 2021, interview with The Wall Street Journal, Joseph Blount said why he ultimately decided to pay a $4.4 million ransom to hackers who breached the company's systems; "It was the right thing to do for the country." He also said, "I know that's a highly controversial decision".[45]

Biden said on May 10 that though there was no evidence that the Russian government was responsible for the attack, there was evidence that the DarkSide group is in Russia, and that thus, Russian authorities "have some responsibility to deal with this".[46][47] Independent cybersecurity researchers have also stated the hacking group is Russian as their malware avoids encrypting files in a system where the language is set to Russian.[47][48]

A group of computer hackers hijacked websites run by the Voice of America this week, sending its online traffic to an Internet website claimed to be run by the Iranian Cyber Army. The attack comes as the U.S. government is renewing its push to promote freedom in cyber space and as protests spread across the Middle East - some with the help of the Internet.In a statement Tuesday, the Voice of America says the attack redirected traffic from numerous websites - including the international broadcaster's main site: voanews.com. Instead of seeing VOA's website, visitors saw a page with an anti-U.S. message addressing Secretary of State Hillary Clinton, and an Iranian flag along with an AK-47 assault weapon. Large bolder letters read: "We have proven that we can."The group claiming responsibility for the attack - the Iranian Cyber Army - is said to have ties to the Iranian government. Cyber security expert Jeffrey Carr says the Iranian Cyber Army should be taken seriously. "There are a few hacker crews operating out of Iran that do have allegiances or ties with the Iranian government. The Iranian Cyber Army is one of them. They have a good skills set. These are not script kiddies [inexperienced hackers]," he said. The Fars News Agency, which is closely affiliated with the Iranian government, praised the attack and said it was made in retaliation for what it called "false reports" about Iran.The State Department recently launched a Twitter feed in the Farsi language. Iran has criticized the initiative and accused the United States of using the Internet to organize opposition forces. In a speech on Internet freedom last week, Secretary of State Clinton made specific reference to Iran. "In Iran, the authorities block opposition and media websites, target social media and steal identifying information about their own people in order to hunt them down," she said.It is unclear how the attack against the Voice of America was carried out. Industry experts note that the hackers who are behind the disruption most likely chose Monday to launch the attack because it was a U.S. holiday and most federal employees were not at work.In late 2009, the Iranian Cyber Army claimed responsibility for an attack on Twitter, which was used widely by Iranian government opponents in post-election protests that year. Last year, the Iranian Cyber Army launched an attack on the Chinese search engine Baidu. Both attacks were domain name system, or DNS attacks, like the one on VOA. Cyber security expert Jeffrey Carr says attacks such as these should not to be taken lightly. "This type of an attack actually can be quite serious because if [hackers] have DNS access, they can collect your mail. They essentially can own your entire online presence," he said.The Voice of America says no data have been lost or compromised and that most of the sites affected are returning to normal.

The biggest indirect hacking examples in the past have targeted key infrastructure points such as the Colonial Pipeline ransomware attack in May 2021, which affected everything from gas prices to flights.

\"In the last two years, we've been seeing more of these attacks around the world,\" Madnick said. \"You need to realize how many of our systems are connected to computers and just one hack can have bigger effects.\"

SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months, Reuters first reported in December. Foreign hackers, who some top US officials believe are from Russia, were able to use the hack to spy on private companies like the elite cybersecurity firm FireEye and the upper echelons of the US Government, including the Department of Homeland Security and Treasury Department.

In early 2020, hackers secretly broke into Texas-based SolarWind's systems and added malicious code into the company's software system. The system, called "Orion," is widely used by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion, according to SEC documents.

Most software providers regularly send out updates to their systems, whether it's fixing a bug or adding new features. SolarWinds is no exception. Beginning as early as March of 2020, SolarWinds unwittingly sent out software updates to its customers that included the hacked code.

SolarWinds told the SEC that up to 18,000 of its customers installed updates that left them vulnerable to hackers. Since SolarWinds has many high-profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive. Microsoft president Brad Smith said in a February congressional hearing that more than 80% of the victims targeted were nongovernment organizations.

At the Treasury Department, hackers broke into dozens of email accounts and networks in the Departmental Offices of the Treasury, "home to the department's highest-ranking officials," Sen. Ron Wyden said. The IRS hasn't found any evidence of being compromised, he added. Treasury Secretary Steven Mnuchin said on CNBC that the hackers have only accessed unclassified information, but the department is still investigating the extent of the breach.

Russia has denied any involvement with the breach and former President Donald Trump had suggested, without evidence, that Chinese hackers may be the culprits. But the Biden White House has said it may respond to the cyberattack in the coming weeks, which could include actions against the Russian government. 2ff7e9595c