Tuesday, May 11, 2021

The DarkSide hack on US infrastructure

A soft, cozy place to nap


Last week, Colonial Pipelines was hacked by an organized crime group called DarkSide. The group installed ransomware in CP's computers and the company had to shut down it's entire transmission pipelines from Texas to the East Coast. CP transports 45% of East Coast the oil, diesel and gasoline used in that region of the country, e.g., this hack has a huge impact. The pipelines remain shut down today. The company refuses to say if it paid the ransom or not.

DarkSide is a Russian government-sanctioned criminal organization that can hack and disrupt operations outside of Russia and inside countries Russia deems to be enemies. Quartz writes about the DarkSide crime gang in an article entitled, Hacking collective DarkSide are state-sanctioned pirates:
DarkSide is not a unit of Russia’s intelligence services, and there’s no evidence that it is funded or directed by the Kremlin. Instead, DarkSide is a private, for-profit criminal organization that operates under the benign neglect of Russian authorities. DarkSide reserves its mischief for Russia’s geopolitical rivals—companies based in the US and western Europe—and Russian authorities don’t interfere with its work.

In many ways, DarkSide resembles the privateers that terrorized the seas during the golden age of piracy in the 17th and 18th centuries. In that era, a captain could obtain a letter of marque from a colonial government officially authorizing him to pillage and plunder merchant ships belonging to rival nations—so long as he left his own country’s ships alone. Unlike pirates, who were “enemies of all mankind” and liable to be captured and killed wherever they went, privateers could safely use one of the major powers’ ports as their base of operations.

Hackers get a similar deal. DarkSide is one of the many for-profit ransomware groups that have proliferated and thrived in Russia. These cyber-gangs steal companies’ data and hold it hostage in exchange for ransoms ranging from $200,000 to $20 million. Many of these groups, including DarkSide, slip lines of code into their hacking software that check to see if a victim’s computer uses Russian as its default language; if so, the software automatically stops the attack. Features like this help hackers avoid the ire of their host governments, and ensure that they don’t wear out their welcome in their safe harbor.

“Russian actors tend not to target their own country, mainly because they don’t want law enforcement coming after them,” said Jon Clay, vice president of threat intelligence at cybersecurity firm Trend Micro. “We see that around the world: Depending on which country an actor group is coming from, they tend to stay away from targeting their own.” 
The attack seems to be a serious miscalculation on the part of the cyber criminals. One explanation for the ill-advised attack is that hacking syndicates—much like the privateers of yore—are loose cannons. DarkSide is particularly hard to control because, in addition to carrying out its own attacks, it sells its hacking software as a service to other criminal groups who want to extort companies.

In a May 10 statement, DarkSide seemed to indicate that the Colonial Pipeline attack was the result of an affiliate gone rogue. “Our goal is to make money, and not creating problems for society,” the group wrote. “From today we intoduce [sic] moderation and check each company that our partners want to [attack] to avoid social consequences in the future.”

A few points merit mention. First, Russia remains a deadly enemy that is now engaged in a permanent full-blow war against the US. Russian cyberattacks will not stop. Based on the scope of the Solar Winds hack, Russian cyberattacks can cost the US economy trillions. 

Second, it is not close to credible for any Russian-sanctioned cyberwarfare group to claim their goal is merely to make money, not to cause problems for society. The Russian government will not hesitate to order its criminal minions to launch attacks that could cause trillions in damage and millions of American deaths if it believed that the time and circumstances were right. Knocking out power grids in and infrastructure the US for weeks could cause mass deaths, e.g., by crippling water and sewage treatment plants, food transportation, etc.

Third, US companies continue to be sloppy about computer security. Computer security costs money and that cuts into profits. Due to Republican hate of government as tyranny, companies are not forced to take security seriously. They aren't even required to repost hacks to anyone.[1] Due to mostly Republican-broken American government, the US economy and government is a big, fat juicy target just sitting there for criminals and hostile nations to attack and feed on at their convenience. 

Average Americans pay the price for both the mostly Republican-broken government and unregulated markets with their immoral profit above all mentality. As usual, money talks and everything else walks. No one is looking out for taxpayers or the public interest. In its capitalist greed, America is defenseless and there is no place to look for help. 


Questions: Is it unfair or inaccurate to blame Russia for the CP hack? Solar Winds? Is the seriousness of the threat discussed here as serious as described, or is it at least hyperbole or worse, e.g., flat out lies? Is it fair to mostly blame Republicans for an ineffective government presence in this? Is corporate greed part of the problem, or is that assertion too tenuous to be credible or a major factor?


Footnote: 
1. One source commented in 2018:
Just a friendly reminder that the United States does not, at the time of this writing, have any kind of federal data breach notification laws on the books.

Such a law that would provide specific rules about what a company — let’s say, Equifax, Intel, Uber or Yahoo, just as a couple high-profile examples — has to do after a major hack, like how soon it needs to tell customers the hack occurred and how executives should behave when they find out there’s been a breach.

No comments:

Post a Comment