The robbery that brought down the largest oil pipeline in the US and brought down the East Coast was due to a single password, according to a security adviser who responded to the protest.
The hackers began connecting with Colonial Pipeline Co on April 29 through an independent business account, which allows employees to access the company’s computer, said Charles Carmakal, vice president of Mandiant, part of FireEye Inc. ., in conversation. The account was no longer used during the genocide but could still be used to connect to colonial networks, he said.
This account’s password has already been found within the Black Password group. This means that a colonial worker can use a password on another account that has already been stolen, he said. However, Carmakal said he did not believe that was how the robbers received the secret, and said investigators would not know how they received it.
The VPN account, which was previously closed, did not use multifactor authentication, an essential cyber security tool, to allow hackers to hack a colonial network using a username and password. It is unknown at this time what he will do after leaving the post.
“We did a thorough environmental study to determine the nature of the symptoms,” said Carmakal. “We do not find any evidence that the employee has used his or her license. We have not seen any evidence of terrorism before April 29. ”
Ransom Information
One week later, on May 7, a Colonial administration officer saw a redemption document requiring the cryptocurrency to be displayed on the computer within 5 p.m. The employee informed the superintendent who immediately started the pipeline closure, the Chief Executive Officer of Colonial Joseph Blount said in an interview. By 6:10 a.m., all pipelines were closed, Blount said.
It was the first time that colonists had shut down all their gas pipelines in its 57-year history, Blount said. “We had nothing to do at the time,” he said. “It was absolutely the right thing to do. At the time, we didn’t know who was harassing us or their motives.”
Colonel Colonel arranged for Carmakal and Blount to be questioned in advance by Blount’s evidence next week before the DRM committees, in which he is expected to explain more of the scandal and address the company’s idea of paying compensation to his opponents.
It did not take long for the news of the colonial closure to spread. The companies carry about 2.5 million barrels of oil daily from the Gulf Coast to the Eastern Seaboard. The shutdown led to long queues at oil wells, many of which were depleted, as well as rising oil prices. The colonialists resumed work on May 12.
Shortly after the bombing, the colonists inspected the pipelines, followed 29,000 miles on the ground and passed through the air to see the visible damage. The company eventually realized that the pipes were not damaged.
Wipe Network
Meanwhile, Mandiant was scanning the networks to understand the length of the robbery by setting up new weapons to inform the colonists of what to do – which is not uncommon after a major crackdown, Carmakal said. Investigators found no evidence that the same gang of robbers had attempted to retaliate.
“The last thing we wanted was for the threat player to be able to use the network where the danger is in the pipeline. That was a big goal until he started it again,” said Carmakal.
Mandiant also tracked down cybercriminals to find out how close they were to disrupting the system around Colonial’s technology – a computer system that monitors oil traffic. As the hackers move within the company’s technical expertise, there is no indication that they can break the most complex operating systems, he said.
It was only when Mandiant and Colonial realized that the attack was there when they decided to reopen their pipeline, Blount said.
The colonists paid for the vandals, who were affiliated with a Russian-based group known as DarkSide, a $ 4.4 million ransom soon. The robbers also stole about 100 gigabytes from the Colonial Pipeline and threatened to release them if the ransom was not paid, Bloomberg News reported last month.
Colonial has hired Rob Lee, founder and CEO of Dragos Inc., a cyber security company that specializes in industrial management, and John Strand, an owner and security analyst at Black Hills Information Security, to interview self-defense and Think about self-defense in the future.
Following the attack on his company, Blount said he wants the US government to track down thieves who have found a safe haven in Russia. “Ultimately, the government needs to look after its own actors. As a business company, we do not have a policy of closing down host countries with these offenders. ”
