Darknet hackers have become the culprit behind a high-profile cyber scandal, shutting down the largest US pipeline with ransomware. A couple of days later, the authorities commented that the criminals could conduct their activities from Russia.
True, the accusations have not yet been official, and US President Joe Biden announced a neutral position, unobtrusively hinting at an upcoming meeting with Vladimir Putin soon. How did cybercriminals manage to inflict such a powerful blow on the fuel security of the United States, and whether it is worth blaming the Kremlin for supporting, the Strana.ua edition figured out.
It all started on May 6, when hackers attacked the Colonial Pipeline operator. The length of one of the largest pipelines in the United States is 9,000 kilometers, and 45% of all fuel, including gas and aviation, for the east of the country passes through it. Operators encountered a hacker attack the next day, May 7 – the ransomware insistently demanded that a certain amount of banknotes be deposited in order to resume the operation of the devices. The required amount did not become public, but it is known that the data array ended up in the hands of criminals and, in case of non-payment, the information was threatened to be leaked into the network.
In this situation, the functioning of the fuel pipeline was stopped, and the authorities instructed a newly created group of specialists to develop scenarios for actions in the event of such an emergency. In this case, an emergency situation was introduced in 19 states, oil products and fuel were delivered by tank trucks, and their drivers worked beyond the time allowed by law.
As of May 9, the main line was still not operational, and pumping is expected to resume in full by around May 16. Small pipes are already in use. Oil prices, as usual, reacted to the intervention of hackers with an increase – yesterday the cost of Brent and WTI increased by 1.3% in the morning, but safely returned to the usual level by the evening.
DarkSide is one of the most influential hacker groups, which the American media is benevolently dubbed “Robin Hoods”. Its representatives do not touch socially significant objects – schools or hospitals, preferring large corporations. Their names are unknown, although DarkSide has its own website with details of debtors – companies that refused to pay them. Among them are the largest European and American companies, whose data for this reason became available to everyone (but not in the public domain, but for a certain amount).
On their website, DarkSide hackers proudly present a list of those who are helped financially, as part of charity. However, experts call their actions PR – DarkSide acts as a too dubious source for such acts, which cannot but arouse the close attention of special services in terms of money laundering.
In August last year, Forbes revealed that DarkSide is using innovative ransomware, demanding $ 200,000 to $ 2 million in ransoms. At the same time, they are doubled in case of non-payment and are payable in cryptocurrency. The magazine noted that the tactics of the hacker group are akin to those of other cybercriminals in the REvil community, also known as Sodinokibi.
Both groups, for example, have a similar scheme for decrypting locked data. Often it does not happen directly, but with the help of third companies that are legal and provide unblocking services. It is likely, experts say, that they work closely with hackers.
So what about Russia, is it involved in the actions of this group? When DarkSide first appeared last summer, no one associated the group with the Russian Federation. After the latest hacker attack on the pipeline, the media intensified their search for a Russian trace. In many ways, this activity was facilitated by accusations against Moscow about the attack on SolarWinds and the imposition of sanctions. In addition, in some publications it is noted that DarkSide has never chosen Syrian and Russian targets as its targets, which, allegedly, testifies to the management of its actions from Russia.
However, it is more logical to assume that it is in the West that there is a wide selection of companies with billions of dollars in turnover, which is much more attractive than what is available in the post-Soviet countries. In the White House, they said that theoretically hackers can be located in Russia (and there seems to be evidence of this fact), but their connection with the authorities has not yet been discovered. That is, at the moment there is a neutral position and a call to Moscow to actively investigate this issue.
Russia categorically rejects any involvement of the Kremlin in what happened and reminds of the sabotage by the American side of the signing of an agreement on cooperation against cyber threats, proposed by Putin to President Trump.
In response to the debate, representatives of DarkSide stated that they are apolitical, and that all they care about is money. They even considered it necessary to apologize and assure that they would certainly think about how to “introduce moderation of their goals in order to avoid negative consequences for the public in the future.”