FBI Confirms DarkSide Behind Colonial Pipeline Hack
Shape_Grifter
Published
05/11/2021
in
ouch
The FBI formally declared the DarkSide hacking collective is responsible for the ransomware attack that shut down the massive Colonial Pipeline last Friday.
- List View
- Player View
- Grid View
Advertisement
-
1.
The massive Colonial Pipeline was shut down Friday in the wake of a debilitating ransomware attack. With the pipeline still inactive and surplus gasoline reserves nearing exhaustion, fears of escalating gas prices are spreading. -
2.
The Colonial Pipeline stretches all the way from Maine to Texas, providing 45% of all the gasoline supplied in the eastern United States. -
3.
-
4.
After the ransomware attack was detected, the entire pipeline was taken offline Friday and has remained so since, with engineers and cybersecurity experts scrambling to find a way to prevent the ransomware from infecting other systems. -
5.
At a press briefing, Biden announced that the FBI had formally declared the DarkSide hacking collective as responsible for the attack on the Pipeline. -
6.
DarkSide is a group of hackers, believed to be an offshoot of REvil, another larger, more prolific hacking collective that experts say is likely based in Russia. REvil has successfully penetrated numerous organizations and entities, including Apple. -
7.
DarkSide is notable for their desire to be seen as something of a Robin Hood among the BlackHat hacking collectives, going so far as to maintain a customer's Code of Conduct on their dark web site and offering to donate stolen funds to charities. These offers are typically refused. -
8.
Experts believe that DarkSide, like REvil, are based in Russia or a former Soviet-bloc nation. Code found in their ransomware first checks the target computer's language; if the ransomware detects it is Russian, it ceases its attack and moves on. Thus far, only English-speaking for-profit businesses have been targeted by DarkSide. -
9.
In an announcement on their dark web site, DarkSide seemed to claim that the widespread disruption and potential cost to the consumer caused by their hack were unintended, stating "From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future." This is likely part of their self-professed code of ethics that prohibits them from targeting certain entities, namely hospitals, funeral homes and non-profit organizations. -
10.
In his press briefing, President Biden stated that while there is no evidence of direct involvement by the Russian government in the attack, that "they have some responsibility to deal with this" due to the strong likelihood DarkSide is based in Russia or its sphere of influence. -
11.
Perhaps in response to Biden's statement, DarkSide denied any affiliation with the Russian government, stating “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives" and that their singular goal was to "make money, and not to create "problems for society." -
12.
The Colonial Pipeline hack comes while the United States is still reeling from last year's revelation of the stunning Solar Winds hack in which key parts of the US Federal Government were penetrated by Russian malware piggybacking off the very cybersecurity systems designed to protect them. -
13.
President Biden stated that the US response would be to "disrupt" and "prosecute" the DarkSide hacking collective, suggesting non-legal retaliatory measures may be carried out against the group. -
14.
14 Comments