Nearly 100GB of data was stolen from Colonial Pipeline’s network over two hours on Thursday – part of a “double-extortion” scheme that is reportedly the group’s “hallmark,” sources involved in the company’s investigation told Bloomberg on condition of anonymity since the matter “is not public.”
The Georgia-based company was then apparently “threatened” that the information – which was also encrypted and held hostage in locked computers inside its network – would be leaked on the internet unless an undisclosed amount was paid as ransom, the sources said.
According to an unnamed “former senior cyber official” who spoke to CNN, the group “originated from Russia” and “typically targets non-Russian-speaking countries.”
A London-based cybersecurity firm told the BBC that the gang is “likely to be based in a Russian-speaking country” since it “avoids” companies based in the Commonwealth of Independent States, comprised of some post-USSR countries.
Meanwhile, NBC News reported that the hack was a “criminal scheme” and not an attack by “national adversaries,” but qualified the remark by saying that Russian hackers “often freelance for the Kremlin.” A Washington Post report stated much the same thing, despite there being “no known foreign government nexus.”
"If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free rein to criminal hackers who target the West,” Dmitri Alperovitch, co-founder of the cybersecurity firm CrowdStrike, told NBC. CrowdStrike, which counts House Speaker Nancy Pelosi among its investors, was the first to sound off on unfounded “Russian hacking” claims in 2016.
“Whether they work for the state or not is increasingly irrelevant, given Russia’s obvious policy of harboring and tolerating cybercrime,” Alperovitch said, according to the news report, which quotes another cybersecurity expert claiming that this was a “cyber disaster turning into a real-world catastrophe.”
According to White House officials, the Biden administration created an “interagency working group” over the weekend to “prepare for various scenarios.” The federal government response is reportedly being led by the Department of Energy while Colonial is also said to have engaged with the FBI and Department of Homeland Security.
Noting that such attacks were “here to stay” and becoming “more frequent,” Commerce Secretary Gina Raimondo told CBS News on Sunday that there was an “all-hands-on-deck” effort to restart the 5,500-mile network that runs from Texas to New Jersey.
The Transportation Department also declared the situation a federal emergency and issued a waiver exemption relaxing rules on fuel transport by road and allowing tanker truckers in 18 US states to work longer hours when ferrying gasoline, diesel, jet fuel and other refined petroleum products.
Colonial Pipeline, which reportedly accounts for 45% of the East Coast’s supply of gasoline and other fuel, is still developing a restart plan for its operations system. A number of main lines remain offline after being taken down to “contain the threat”, which affected the company’s IT systems.
Some media reports have downplayed the company’s chequered track record on pipeline safety. Last August, it emerged that a rupture in one of its pipelines in North Carolina caused more than one million gallons of gasoline to be spilled – the worst in the state’s history. That figure, arrived at by Colonial, has since come under official scrutiny.
In March, the Transportation Department’s Pipeline and Hazardous Materials Safety Administration (PHMSA) deemed the continued operation of the pipeline system as-is to “pose a pipeline integrity risk to public safety, property, or the environment.”
The PHMSA also noted Colonial’s history of spills – standing at 272 incidents nationwide since 2000 – and “inability to effectively detect and respond” to them. According to reportage from the social media-based news outlet MCSC network, the company checked only 649 miles for cracks in 2019 -- up from just 150 miles the previous year.
In 2016, a Colonial pipeline explosion killed one worker and spilled 4,400 barrels of gasoline into a pond in Alabama. Later that year, an underground leak of over 7,000 barrels was discovered in the state. The company had to pay $3.3 million in damages and penalties for both incidents.