Pipeline cyber attack

The friendliest place on the web for anyone with an RV or an interest in RVing!
If you have answers, please help by responding to the unanswered posts.
Status
Not open for further replies.

ziplock

Well-known member
Joined
Dec 3, 2017
Posts
2,443

Associated Press

After pipeline cyberextortion attempt, gasoline ticks higher​

1 hr ago

NEW YORK (AP) — Gasoline futures are ticking higher Monday following a cyberextortion attempt on a vital U.S. pipeline that carries fuel from the Gulf Coast to the Northeast.
FILE - In this Sept. 8, 2008 file photo traffic on I-95 passes oil storage tanks owned by the Colonial Pipeline Company in Linden, N.J. A major pipeline that transports fuels along the East Coast says it had to stop operations because it was the victim of a cyberattack. Colonial Pipeline said in a statement late Friday that it “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” (AP Photo/Mark Lennihan, File)
© Provided by Associated Press FILE - In this Sept. 8, 2008 file photo traffic on I-95 passes oil storage tanks owned by the Colonial Pipeline Company in Linden, N.J. A major pipeline that transports fuels along the East Coast says it had to stop operations because it was the victim of a cyberattack. Colonial Pipeline said in a statement late Friday that it “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” (AP Photo/Mark Lennihan, File)
The Colonial Pipeline transports gasoline and other fuel through 10 states between Texas and New Jersey. It delivers roughly 45% of fuel consumed on the East Coast, according to the company.
Colonial Pipeline said Saturday that it had been hit by a ransomware attack and had halted all pipeline operations to deal with the threat. Two people close to the investigation said that the shutdown had been carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity.
FILE - In this Sept. 20, 2016 file photo vehicles are seen near Colonial Pipeline in Helena, Ala.  A major pipeline that transports fuels along the East Coast says it had to stop operations because it was the victim of a cyberattack. Colonial Pipeline said in a statement late Friday that it “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” (AP Photo/Brynn Anderson, File)
© Provided by Associated Press FILE - In this Sept. 20, 2016 file photo vehicles are seen near Colonial Pipeline in Helena, Ala. A major pipeline that transports fuels along the East Coast says it had to stop operations because it was the victim of a cyberattack. Colonial Pipeline said in a statement late Friday that it “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” (AP Photo/Brynn Anderson, File)
Futures for crude and fuel, prices that traders pay for contracts for delivery at some point in the future, typically begin to rise each year as the driving season approaches. The price you pay at the gas pump tends to follow.
The average U.S. price of regular-grade gasoline has jumped 6 cents over the past two weeks, to $3.02 per gallon, which is $1.05 higher than it was a year ago. Those year ago numbers are skewed somewhat because the nation was going into lockdown due to the pandemic.
A company that operates a major U.S. energy pipeline says it was forced to temporarily halt all pipeline operations following a cybersecurity attack.
© Provided by Associated Press A company that operates a major U.S. energy pipeline says it was forced to temporarily halt all pipeline operations following a cybersecurity attack.
The attack on the Colonial Pipeline could exacerbate that upward pressure on prices if it is unresolved for a period of time.

Futures jumped 1.5% Monday, the largest movement in about a week, with the potential for disruptions in fuel delivery still unknown.
Colonial is in the process of restarting portions of its network. It said Sunday that its main pipeline remained offline, but that some smaller lines were operational.
For the moment, seesawing prices may be felt mostly within the energy industry as suppliers adjust to potential shifts in the flow of gasoline.
More fuel may be sourced from East Cost refiners, J.P. Morgan said Monday, and an extended outage along the Colonial Pipeline would force suppliers to seek fuel from the Midwest, rather than the Gulf.
In response to the attack, the Biden administration loosened regulations for the transport of petroleum products on highways as part of an “all-hands-on-deck” effort to avoid disruptions in the fuel supply.
 

Attachments

  • 1620657113526.png
    1620657113526.png
    68 bytes · Views: 1
I'm a 1000 miles from home. Probably cost me a fortune to get back home.
 
I worked in computer security for quite a while, mostly DoD. People aren’t willing to pay for security or modify their procedures for security until something bad happens, and this is bad. They then expect the problem to magically go away and never come back. Remember the adage “Real stupidity is doing the same thing in the same way and expecting a different result.”? This can happen so easily by someone putting a contaminated USB stick into a networked computer to see pictures of their kids. Even in DoD facilities, people would throw holy hell at not being able to use USB sticks wherever and whenever they wanted. We had to go into the BIOS and remove access to USBs because people refused to follow rules. Sigh.
 
The usual targets are "soft" like forgotten file servers in a closet and dedicated machines running old/insecure OS's. My current office has a mix of pre-windoze 10 machines dating back to windoze NT not because we aren't aware, but because the equipment they're embedded in would literally cost millions to replace. I'm guessing that matches the profile of a gas pipleline pretty well, with the myriad of pumps, valves and instruments to be controlled locally and remotely. Doesn't take a serious hack to bring a node or network down and cause mayhem. And this is replicated across industry including power and water supplies. It's not so much about the security vulnerabilities you do know, it's the chinks in the armor you don't know about that are scary. Just another reason to keep the RV on standby with full tanks...

Mark B.
Albuquerque, NM
 
And curiously, there's no need (other than cost) to tie all these things to the internet, or at least not most of it -- other forms of connection and access (and/or on-site control) can eliminate most external threats. ALL (sorry Gary, this is a rare ALL :p ) software has vulnerabilities of some sort, and people with a certain mental capability (far beyond me) can so often find a way around nearly any threat-stopper other than limiting access to physical only. I once watched (actually over a period of years) some Bell Labs gurus find ways into software that seemed locked up tight (white hat "hacking" before hacking became a bad word) -- amazing minds indeed.
 
Interesting thread... brings back memories of the big power outage in San Diego a few years ago. I don't think hacking was involved, I think some utility worker made an error, and it may not have been directly related to computers, but that entire grid went down for HOURS on end, it was crazy. I think it lasted 8 or 10 hours, but I had a bunch of camp gear right there in our Coronado home, so I simply broke out that gear and made the most of the situation. But afterward, many folks asked about the security of the system... if a worker could shut it down for so long by making a simple error, what could dedicated hackers or terrorists do? I'm sure the utility company (SDG&E) modified some of their processes & procedures after the blackout, lol.

Funny thing about that blackout: a large group of citizens actually ENJOYED the time away from the net, devices, etc., and congregated in groups with friends & neighbors to socialize the old-fashioned way. I recall at least one letter to the local rag afterward which suggested shutting down the grid more often, like on a regular basis, so that folks could socialize in the old way, lol. Not likely to happen, of course, but the fact that some people actually ENJOYED the blackout was rather funny. WTF, I was one of 'em... got to sit out under the stars and talk to me elderly mum, who was still alive when this happened. Anyway, this pipeline problem is a bit different, it just reminded me of that blackout when the entire grid for a major city was shut down for hours on end, lol.

I'm aware of the inconvenience for many folks during such a blackout, particularly those on medical machinery or devices, but thankfully, most (if not all) of the hospitals had emergency generators and whatnot to deal with the problem. Those in private homes were most at risk, I guess, but any well-prepared & stocked household should be able to ride out such an emergency. Early on, I took ice from the freezer and threw the most perishable food into my large camping coolers, then left the fridge door shut for the duration. Cooked on my trusty old Coleman 2-burner propane camp stove, oldest piece of field gear in my possession. Wore a headlamp while cruising around the house & yard, no big deal... as a climber, I'm used to wearing a headlamp. The whole experience was actually pretty fun, lol.
 
And curiously, there's no need (other than cost) to tie all these things to the internet, or at least not most of it -- other forms of connection and access (and/or on-site control) can eliminate most external threats.
The best security against exterior threats is the basic air gap. Multiple systems can still be connected together, but there isn’t always much of a reason to connect them to the outside world. It might mean more wires or people physically walking to a different location, but standard physical separation is a lovely thing.
 
The best security against exterior threats is the basic air gap. Multiple systems can still be connected together, but there isn’t always much of a reason to connect them to the outside world. It might mean more wires or people physically walking to a different location, but standard physical separation is a lovely thing.
I've always thought along those lines as well-- a redundant, walled off system of some kind. It's just unfortunate that the media hyping this story is so blatantly ignorant of the tech considerations. They just show their map with the squiggly line representing the pipeline and mainly just talk about how gas prices might go up.

I don't expect them to have in-depth knowledge but reporters should be able to consult with or interview an expert to give viewers at least a high level overview of just what has actually happened. How computers control everything, why it's so difficult to break free from the intrusion, why there were not better protections in place, etc. etc.

Boil it down to the nuts & bolts so even I could understand it!
 
Y'all are WAY more tech-savvy than I am---I'm still communicating via smoke signals---but I'm enjoying these replies, and who knows? I might even learn something, lol. ;)
Are cannabis smoke rings rounder and will they go higher than hand rolled loose tobacco?:p:)
 
Sounds like a question for 'Gandalf the Grey'---I haven't smoked tobacco in decades, and I can't remember the last time I burned some chronic. Never really picked up the tobacco habit, but my friends & I would smoke Marlboro Reds while getting drunk. Finally gave it up... it's a filthy habit and it kills you, lol. Not to mention the fact that those 'grits' (as we called 'em) are heller expensive now---I can remember when cartons of Marlboros sold for $5 (dating myself here), now some cartons go for over $100!!!

Meh, once I get this train wreck of a life sorted out with a new job, maybe I'll go buy a small sack o' chronic from the nearest dispensary, just for old times' sake. Probably take one bong hit to get wasted, lol... and I'll be sure to sit on my view deck on a Friday night when I burn that cr@p. Arizona voters legalized recreational marijuana in the last election, guess the fraud didn't extend to dope, lol. But thanks for bringing up the subject, lol... now I'll go back quiet for a bit. Cheers!!! ;)
 
I remember when a carton of smokes untaxed was around 2.25. Fortunately I never took it up. And yep, a pack now costs the amount of what it used to cost to fill up the old 57 chev. four in the floor too. Now that was a good high on sat nights too at the drag races,,
 
Oh, hell, Jayflight, now you've gone and extended the thread-jacking, lol... but I copy those natural highs, including rat racing and dirt biking. Funny how speed (velocity, NOT the drug) makes things more interesting... as youths, we raced down new stretches of road or highway where development hadn't begun yet, and we were in souped-up or tricked-out rides too. High-compression motors, heaps of aftermarket parts or mods, we were BIG on performance when it came to our rides, lol.

Other natural highs included extreme small craft sailing, technical rock climbing, vertical skateboarding back in the day, etc. Some climbers liked to smoke dope before making ascents, but I preferred to remain sober even when roped up, ya know? I'd party like a MFer afterward, when I was down on the ground and gravity was no longer a serious factor, but not until then, aye? Of course, some of those potheads were better climbers than I was, though I could outsail any of 'em, lol. Meh, this variety is the spice of life, yeah?

P.S. I always wanted a '57 Chevy Nomad wagon, those things were the BOMB!!! Classic American styling, ya know... (y)
 
Last edited:
Another method of not so much security as repair is the basic back up.
My Mother used to do a 3 level back up of her computer as head of accounting.
Daily - Desk drawer
Weekly - Company fire safe
Monthly - Remote vault like 30 miles away
No matter how bad the disaster. they could restore in a very short time.
Since the backups were all "offline" they were not hackable.
 
S. I always wanted a '57 Chevy Nomad wagon, those things were the BOMB!!! Classic American styling, ya know... (y)
my brother had two 57 Chevy’s. A Yellow 2dr hardtop with Factory 283 and a black 2dr sedan with a straight 6. In the same condition today, all original as they were back then (mid 60’s) they would be worth hundreds of thousands of dollars. He also had a 41 Ford coupe with a flathead V8 and 4 on the floor. In those days you could order anything you wanted from the factory.
 
The problem in this instance isn't some much that the controls (valves) on the pipelines are controlled by computer (some are). But it's the administration that has ground to a halt. No shipping papers are being printed. No orders are being taken and recorded. No inventory is being kept. That's what has caused the halt. Information. Not necessarily the flow of gas or diesel, but the flow of information. What gas is in what storage tank, how much is in there, and who has an order for it. That's what is causing the delays. It's logistics. It's knowledge.

The computers are locked up tight, and so is all the paperwork that makes things move.
Valves not working is an annoyance. Not having the proper paperwork is a disaster.


Kevin
 
Last edited:
I received this from PFJ today, quote:
"
To our Valued Guests:

We are closely monitoring the rapidly changing Colonial Pipeline situation and are seeing increased demand for gasoline across various markets in the Southeast region. Diesel is still holding steady in most areas.

The increased strain on the supply chain is causing supplies to get tighter. Currently, diesel is available at most of our locations with select stores experiencing outages as we work to bring in more supply.

We will continue to do everything we can, including bringing in resources and extra drivers from unaffected areas, to meet demand and restore supply where needed at our travel centers.

Additionally, please be aware of the recent Georgia Governor’s Executive Order dated May 10, 2021, which suspended the collection of motor fuel and diesel fuel taxes required by Code Section 48-9-3. More details on this are below.

We greatly appreciate your patience as we work to keep up with the quickly evolving market and will inform you of any changes to diesel supply availability.

Store Operations & Supply Conditions:

  • All locations are open.
  • No Gas, Diesel Only:
    • Pilot #425, Midway, FL
    • Pilot #6996, Warsaw, NC
    • Pilot #6990, Kenly, NC
    • Pilot #256, Danville, VA
    • Pilot #500, Jasper, FL
    • Flying J #712, Columbia, SC
  • No Gas or Diesel:
    • Pilot #7971, Conover, NC (Diesel delivery tonight)
    • Pilot #7996, Monroe, NC (Diesel delivery tonight)
  • No Diesel:
    • Pilot #56, Kannapolis, NC (Diesel delivery tonight)
    • Flying J #713, Latta, SC
    • Pilot #4584, Latta, SC (Diesel delivery tonight)
    • Flying J #623, Quincy/Midway, FL (Diesel delivery tonight)
    • Pilot #4557, Carnesville, GA
Georgia Excise Tax Executive Order:

We are aware of the recent Georgia Governor’s Executive Order dated May 10, 2021 which suspended the collection of motor fuel and diesel fuel taxes required by Code Section 48-9-3. With the Colonial Pipeline down, we are required to transport fuel from out of state to our Georgia travel centers, which is creating additional issues as several states will require state excise states to be charged if Georgia taxes are not charged. We are attempting to get more information on the proper handling of this order.

In the meantime, we request that you maintain your receipts for any cash or credit card purchases made on May 11, 2021 through 11:59pm on May 15, 2021, or until further guidance from the State of Georgia on the best way to handle this situation dictates otherwise. Based on guidance received, we will review all direct bill and billing card invoices and make adjustments or corrections as needed.

We appreciate the opportunity to serve you and thank you for your patience during this time."
 
I got that too.
As important as the Computers are to the operation it would make sense to have a full backup computer and a log tape like we had at work (digi-log) that way when stuff like this happens
Ok everyone turnoff the primary comptuer
now fire up the back up
and then restore the last 24 horus MANUALLY from the recording (on a 3rd different OS computer)
Then the old primary is wiped. restored and brought up to date the hack is recorded on the Log including the source and a bill sent to the hackers for about $1,000,000,000,000 dollars.
 
Status
Not open for further replies.

Latest posts

Forum statistics

Threads
131,670
Posts
1,382,730
Members
137,455
Latest member
MtnRV
Back
Top Bottom