Hacking group behind the cyberattack on a key US fuel pipeline is said to be disbanding


Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack
Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack

DarkSide, the ransomware group that attacked Colonial Pipeline last week, sending gasoline prices soaring, is reportedly shutting down, per a new report by the Wall Street Journal.

Citing sources who work in security, the Journal says DarkSide told associates it no longer has access to its servers and pointed to disruptions caused by a law-enforcement agency and pressure from the United States. The website associated with DarkSide was no longer active as of Thursday.

The group said it lost access shortly after President Joe Biden said: “We have been in direct communications with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks. We’re also going to pursue a measure to disrupt their ability to operate.”

Biden said there wasn’t any evidence the Russian government was behind the attack, but those involved “are living in Russia.” The Journal, alongside the website Oil Price says it’s possible the US successfully disrupted the hackers.

The announcement of its shutdown could also be a cover, however, in which the hackers shut themselves down and take all the money. In fact, the Journal reports, it’s not uncommon for ransomware groups to disband only to reappear later under different names.

DarkSide made headlines this week for attacking Colonial Pipeline, which operates the country’s largest refined products pipeline and supplies 45% of all fuel consumed on the East Coast. After news of the attack spread, people began panic-buying gasoline, which sent gas prices soaring to over $3 for the first time since 2014.

Per those familiar with the matter, Colonial Pipeline is said to have paid nearly $5 million to the hackers in order to free the pipeline. The pipeline shut down on May 7 and was restarted on Wednesday. As of Saturday morning, operations have returned to normal, the company announced via Twitter.

Ransomware made over $400 million last year and has been emerging as a profitable criminal business, according to blockchain research firm Chainalysis Inc. Security researchers told the Journal Darkside had become prominent within the world of ransomware. Within its first seven months of operation, the firm made at least $60 million – $46 million of which came in the first quarter of this year, Chainalysis Inc. found.

Read the original article on Business Insider

I’m a former hacker and I believe the current round of digital vaccine passports pose real security risks. But a safe, effective vaccine passport is possible.

international travel guide
Vaccine passports

  • Vaccine passports are not yet safe and secure enough to be widely distributed.
  • Many of the options available today present security risks for sensitive personal information.
  • To successfully implement vaccine passports, data-tracking guidelines, government policies, and online behavior must change.
  • Mary Writz has 19 years’ experience in the field of cyber security and is the vice president of product at ForgeRock.
  • This is an opinion column. The thoughts expressed are those of the author.
  • See more stories on Insider’s business page.

I am a former ethical hacker, and because of my more than 20 years of experience in security, my friends and family often come to me with cyber security questions. On their minds lately is the question of whether digital COVID vaccine passports are safe.

The short answer is not yet. While I believe it is possible to build a safe and secure digital vaccine passport, there are serious hurdles that make it difficult to deliver an app that can stand up to the security and privacy rigors that would meet my, or my peers’, standards.

Anyone considering downloading one of the existing applications should proceed with caution – some of the options today present too great a risk to people’s identity. Many of these hastily-created applications can expose sensitive personal and health information, which can be sold and used in malicious ways. Tech companies need to keep working to create a safe digital vaccine passport.

A digital passport even a hacker could trust

Before we can debate the possibilities a vaccine passport can unlock, we need to address safety and it’s clear a new approach to vaccine verification is needed. Currently, the technology community does not have the right solution in front of them – it is more of a buffet of options, some riskier than others.

Ideally, companies should aim to create a single, universally-accepted physical or digital passport recognized by all governments and businesses while preserving our privacy and securing our health information. Think of it as the ultimate passport to life that speeds our return to normal when the next global health crisis emerges.

A universal passport could also include verification data for other documents we carry separately today, like driver’s licenses, passports, social security cards, membership cards, and credit card information. But we cannot place big bets on improving access to the digitally-connected world without also investing in security solutions first.

Technical challenges and public buy-in

Technically speaking, the challenge will be to get a bunch of technologists to agree on a standard approach to vaccine tracking. A universal standard will require alignment on what constitutes evidence of vaccination or how data should be collected and stored from the start – without leaking users’ personal information.

Without a widely-adopted set of standards, people will be downloading myriad, potentially dangerous mobile apps to do things we all desperately miss doing now like going to a movie or a concert.

The problem with a fragmented approach is most people do not know how to spot a good app from a less trustworthy option. We can count on Google and Apple to filter out a lot of the garbage for us, but without checks and balances, it’s virtually impossible to ensure the digital safety of these apps. As non-technical consumers, it would be even harder to avoid being tricked into downloading a copycat version or an app that was not developed securely.

Additionally, even if the technology is sound and secure, some folks may not feel comfortable with vaccine verification apps initially. The reason my friends and family come to me for my opinion on the security of technologies is because they feel unqualified to ascertain if these applications are safe. For widespread adoption to take hold, we need time to educate citizens and get their buy-in.

In the meantime, if someone needs to use a vaccine passport now, they should only use a link from an actual source like a government agency, employer, or mobile carrier. Scanning a random QR code or clicking a link from an unknown source can be dangerous.

Government policy around vaccine passports can help

A potential solution for the cultural friction that could surface would be to enforce a government policy around vaccine passports, but there are challenges here too. Governments across the world differ in their ability to enforce such policies, and currently the US government indicates a preference to leave it to the private sector. Even if that position changes – or a public-private partnership forms in our country, like European EID schemes – it would take time to determine specifics surrounding vaccine passport enforcement and the infrastructure needed to stand it up.

Historically, legislation has not kept up with the rapidly-shifting technology landscape. In the case of approving COVID-19 vaccines, we have seen the government move quickly and partner with the private sector to help bring a life-saving solution to market fast. That same rule-breaking approach in developing new protocols that sidesteps traditional processes could go a long way in helping to deliver a universal vaccination passport. For example, the US could fund and steer a task force aimed at delivering a solution that encompasses thinking across policy, security, and user experience.

And it can be done. The tech community has solved hard problems before, like securing the internet with SSL, and they can do it again. But it does not happen overnight – it takes time, resources, and a mindset shift to find the right solution. If tech and government agencies work together, we can be ready to help society get back to the things we love faster, with more confidence in its safety and security.

Mary Writz is the Vice President of Product at ForgeRock. Mary has 19 years’ experience in the field of cyber security. Prior to ForgeRock, Mary held product and leadership positions at Hewlett Packard and IBM in domains such as threat detection, machine learning, penetration testing, security intelligence, distributed denial of service, and targeted attack protection. Mary holds two patents and a Master of Engineering degree in telecommunications.

Read the original article on Business Insider

A hacker tried to poison the water supply in a Florida community that serves 15,000 people, officials said

water treatment plant facility
The water treatment plant pictured here is not the location of the facility mentioned in this story.

  • A Florida town of 15,000 people was the target of a cyberattack at the local water treatment plant.
  • The hacker tried to raise the amount of sodium hydroxide, also known as lye, in the water by 11,000%.
  • A plant operator noticed the breach and quickly reversed it; now an investigation is underway.
  • Visit the Business section of Insider for more stories.

The FBI, US Secret Service, and local authorities are investigating the source of a cyberattack that targeted the water supply in a Florida town about 17 miles northwest of Tampa, the Pinellas County Sheriff Bob Gualtieri said.

The water treatment system in Oldsmar, a town of just 15,000, was remotely accessed by an unknown individual on February 5. According to Gualtieri, the hacker attempted to change the sodium hydroxide content in the system from 100 to 11,100 parts per million – a 11,000% increase.

“This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners,” Gualtieri said.

Water treatment facilities use sodium hydroxide to counteract highly-acidic water levels that usually come from regions with high amounts of limestone. The chemical is safe in small, controlled amounts but can result in rashes and burns if highly concentrated amounts make contact with the skin.

Gualtieri said an operator at the Oldsmar facility recognized the security breach early in the morning when they noticed a remote user was accessing a part of the water treatment system. This was not entirely surprising as supervisors are known to troubleshoot problems from remote locations, authorities said.

But around 1:30 p.m., the operator noticed that the system was once again being accessed remotely – this time, the employee said they watched the unknown remote user open the water treatment software and increase the sodium hydroxide levels in the system.

The employee who witnessed the change immediately reverted the levels back to normal before any damage could be done.

“At no time was there a significant adverse effect on the water being treated,” Gualtieri said. “Importantly, the public was never in danger.”

Gualtieri said that if the attack had not been noticed, it would have taken 24 to 36 hours for the hacker’s changes to fully take effect, but the sheriff, mayor, and city manager each made a point to say there are protocols in place that would have prevented a catastrophe.

“Even had they not caught them, those redundancies have alarms in the systems that would have caught the change in the pH level anyway,” said Oldsmar Mayor Eric Seidel.

As of Monday, investigators were not yet able to identify the hacker and do not know if the attack originated in the US.

Read the original article on Business Insider