F.B.I. Identifies Group Behind Pipeline Hack

Right now, there is not a supply shortage, she said. We are preparing for multiple possible contingencies. But she said the job of getting the pipeline back online belonged to Colonial.

To many officials who have struggled for years to protect the United States critical infrastructure from cyberattacks, the only surprise about the events of the past few days is that they took so long to happen. When Leon E. Panetta was defense secretary under President Barack Obama, Mr. Panetta warned of a cyber Pearl Harbor that could shut off power and fuel, a phrase often used in an effort to get Congress or corporations to spend more on cyberdefense.

During the Trump administration, the Department of Homeland Security issued warnings about Russian malware in the American power grid, and the United States mounted a not-so-secret effort to put malware in the Russian grid as a warning.

But in the many simulations run by government agencies and electric utilities of what a strike against the American energy sector would look like, the effort was usually envisioned as some kind of terrorist strike a mix of cyber and physical attacks or a blitz by Iran, China or Russia in the opening moments of a larger military conflict.

But this case was different: a criminal actor who, in trying to extort money from a company, ended up bringing down the system. One senior Biden administration official called it the ultimate blended threat because it was a criminal act, the kind the United States would normally respond to with arrests or indictments, that resulted in a major threat to the nations energy supply chain.

By threatening to disrupt the ransomware group, Mr. Biden may have been signaling that the administration was moving to take action against these groups beyond merely indicting them. That is what United States Cyber Command did last year, ahead of the presidential election in November, when its military hackers broke into the systems of another ransomware group, called Trickbot, and manipulated its command-and-control computer servers so that it could not lock up new victims with ransomware. The fear at that time was that the ransomware group might sell its skills to governments, including Russia, that sought to freeze up election tabulations.

On Monday, DarkSide argued it was not operating on behalf of a nation-state, perhaps in an effort to distance itself from Russia.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *