Welcome home, fellow Gator.

The Gator Nation's oldest and most active insider community
Join today!
  1. Father's Day is coming.... Give your Dad a gift he’ll appreciate all year long and save up to $20!

    This year, for a limited time and in limited quantities, you can take advantage of our Father's Day Special package and get a discount on top of it. This special won't be around long, so here's how to jump on it now -- click here for details!

Major gasoline pipeline to east coast shut down

Discussion in 'Too Hot for Swamp Gas' started by OklahomaGator, May 8, 2021.

  1. ursidman

    ursidman VIP Member

    6,791
    2,487
    1,153
    Sep 27, 2007
    Bug Tussle NC
    I’ll have to circle back to you on that one :)
     
    • Funny Funny x 2
  2. archigator_96

    archigator_96 GC Legend

    985
    478
    198
    Apr 8, 2020
    Wonder if there are any efforts to do a privately funded SAS/seal type raid on groups like darkside? Have to find them first and sneak into russia or maybe hire russians to do it.

    Like someone else said, just going to keep happening with no repercussions.
     
    • Funny Funny x 1
  3. RIP

    RIP Election Prediction Savant Premium Member

    10,090
    3,427
    1,798
    Feb 2, 2015
    Darwinism at work.
     
    • Agree Agree x 2
  4. WC53

    WC53 GC Hall of Fame

    3,343
    778
    388
    Oct 17, 2015
    Old City
    • Informative Informative x 3
  5. g8rjd

    g8rjd GC Hall of Fame

    10,043
    1,211
    683
    Jan 20, 2008
    Tallahassee, FL
  6. G8trGr8t

    G8trGr8t Premium Member

    19,849
    3,359
    1,633
    Aug 26, 2008
    Maybe the digital special forces did just that. I have to wonder if some part of the EO authorized the use of something (AI??) to rain digital hellfire on Darkside

     
  7. metalcoater

    metalcoater GC Hall of Fame

    1,166
    80
    233
    May 30, 2007
    Maybe, Biden can have a meeting.
     
  8. sierragator

    sierragator GC Hall of Fame

    8,459
    436
    368
    Apr 8, 2007
    meeting or perhaps some rage tweets and insults would do the trick
     
    • Like Like x 2
  9. G8trGr8t

    G8trGr8t Premium Member

    19,849
    3,359
    1,633
    Aug 26, 2008
    a golf outing in Palm Beach would probably be better
     
    • Like Like x 1
  10. RIP

    RIP Election Prediction Savant Premium Member

    10,090
    3,427
    1,798
    Feb 2, 2015
    BDS
     
    • Funny Funny x 1
  11. BLING

    BLING GC Hall of Fame

    7,981
    956
    1,358
    Apr 16, 2007
    Biden’s North Korea plan is failure if there is no commemorative coin. There must be a coin. Preferably gold plated with replicas sold on his campaign website for $199.
     
    • Funny Funny x 2
    • Agree Agree x 1
  12. Bazza

    Bazza GC Hall of Fame

    27,126
    6,299
    2,013
    Jan 2, 2009
    New Smyrna Beach
    FB_IMG_16209466980181620946786.jpg
     
    • Funny Funny x 3
  13. oragator1

    oragator1 Premium Member

    18,652
    3,934
    1,753
    Apr 3, 2007
    Yeah if I had to bet, either we shut it down, but almost as likely, when you see their money was taken, the Russians might have done it. Putin is extremely strategic in how he plays the west and this was almost certainly messing with his plans.
     
  14. citygator

    citygator VIP Member

    5,920
    1,823
    1,568
    Apr 3, 2007
    Charlotte
    Sounds like DarkSide learned what line you have to cross to wake up the overlords.

    Want to shut down international logistics and shipping or risk lives by shutting down hospitals? FBI has a task force to look for you.

    Mess with America’s oil? Wake up the next day with no servers, no ransom, no advertisers, no company, no safety.
     
  15. VAg8r1

    VAg8r1 GC Hall of Fame

    10,971
    1,337
    1,713
    Apr 8, 2007
    You mean like this one?
    [​IMG]
     
    • Funny Funny x 1
  16. Bazza

    Bazza GC Hall of Fame

    27,126
    6,299
    2,013
    Jan 2, 2009
    New Smyrna Beach
    fuel1621174151.JPG
     
    • Funny Funny x 3
  17. VAg8r1

    VAg8r1 GC Hall of Fame

    10,971
    1,337
    1,713
    Apr 8, 2007
    Last edited: May 16, 2021
    • Winner Winner x 3
    • Funny Funny x 2
  18. ValdostaGatorFan

    ValdostaGatorFan GC Hall of Fame

    2,262
    344
    378
    Aug 21, 2007
    TitleTown, USA
    Hackers gained entry into the networks of Colonial Pipeline Co. on April 29 through a virtual private network account, which allowed employees to remotely access the company’s computer network, said Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc., in an interview. The account was no longer in use at the time of the attack but could still be used to access Colonial’s network, he said.

    The VPN account, which has since been deactivated, didn’t use multifactor authentication, a basic cybersecurity tool, allowing the hackers to breach Colonial’s network using just a compromised username and password. It’s not known how the hackers obtained the correct username or if they were able to determine it on their own.

    In the meantime, Mandiant was sweeping the network to understand how far hackers had probed while installing new detection tools that would alert Colonial of any follow-on attacks -- which aren’t uncommon after a substantial breach, Carmakal said. Investigators haven’t found any evidence the same group of hackers tried to regain access.

    Mandiant also traced the hackers’ movements in the network to determine how close they got to compromising systems adjacent to Colonial’s operational technology network -- the system of computers that control the actual flow of gasoline. While the hackers did move around within the company’s information technology network, there wasn’t any indication they were able to breach the more critical operational technology systems, he said.

    Hackers Breached Colonial Pipeline Using Compromised Password

    Admins didn't secure VPN account with MFA. Fail! Had a code had been sent to the phone number associated with the account and that code been required, along with username and password, to authenticate and this would have been exponentially harder to pull off.

    It looks like the process control networks were not breached. That is very, very good. Pipeline was shutdown as a precaution.
     
  19. ursidman

    ursidman VIP Member

    6,791
    2,487
    1,153
    Sep 27, 2007
    Bug Tussle NC
    The CEO of Colonial was on NPR yesterday. He said it would be many months before the damage could be repaired. They paid the ransom the same day but it took 6 more days to get the pipeline flowing.


    On whether operations are fully restored

    No, definitely not fully restored. And I think if you talk to anybody who suffered from one of these criminal cyberattacks, they would tell you that it takes months and months and months to restore all your IT infrastructure. In our case, our focus initially was to get the pipeline back up and running safely and as soon as we possibly could. So we got the critical IT structure put back together. But we have lots and months and months of work ahead of us.

    On why the company shut down the gas over a computer system attack

    Let me take you back to the early morning of May 7. We knew immediately that there was an issue, and we are programmed to only operate the pipeline if we feel that it's in safe operating condition: it won't cause any harm to employees, the communities we serve or to the environment. So we have what we call "stop work authority" at Colonial; any of our employees has the opportunity to use it. If they identify a risk, their job is to contain it immediately. In this case, a ransomware note came across the screen in our control room. It was immediately recognized, and the control room supervisor immediately decided to shut down the pipeline. It was the right decision to make because you don't know what you have [to deal with] at that point in time.
     
    • Fistbump/Thanks! Fistbump/Thanks! x 1
  20. vaxcardinal

    vaxcardinal GC Hall of Fame

    6,872
    612
    423
    Apr 8, 2007
    probably had password as their password
     
    • Funny Funny x 1