arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.

Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.

“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

E.U. and Britain Move to Impede Belarus’s Access to Air Travel

Airlines are often forced to adjust operations in response to major disruptions, geopolitical and otherwise. This month, for example, several U.S. airlines canceled flights to and from Israel as a conflict there escalated. Some carriers also adjusted procedures, including adding fueling stops, after the hacking of a fuel pipeline company that serves airports on the East Coast of the United States.

In 2014, nearly 300 people were killed when Malaysia Airlines Flight 17 was shot down over Ukraine, where hostilities were raging, on its way to Kuala Lumpur from Amsterdam. Western governments blamed the Russian government and Russian-backed rebels fighting the Ukrainian government, while Moscow denied involvement. The Netherlands sued Russia in the European Court of Human Rights last year in an effort to secure evidence that would be useful to families of the victims.

From 2017 until this year, Qatar Airways was forced to avoid airspace over Saudi Arabia and several neighboring countries after they imposed an air, land and sea embargo against Qatar. In some cases, that meant flying longer routes around the Arabian Peninsula. The neighbors accused Qatar of supporting terrorism. Qatar has denied those accusations.

The movement to isolate Belarus will have little effect on U.S. passenger airlines, which rarely fly over the country, according to Flightradar24. Secretary of State Antony J. Blinken condemned the forced landing of the Ryanair flight, calling it a “shocking act” that “endangered the lives of more than 120 passengers, including U.S. citizens.” Transportation Secretary Pete Buttigieg said the safety of U.S. flights over Belarus should be assessed.

But cargo carriers could be affected. On Sunday, for example, more than a dozen flights operated by U.S. airlines flew over Belarus, according to Flightradar24, including five by FedEx, four by UPS and two by Atlas Air.

In a statement, UPS said that its network remained unaffected, but that it was “evaluating other flight route options that will provide for the safety of our crews and aircraft, as well as maintain service for our customers” in case it had to make changes. FedEx said it was “closely monitoring the issue.”

The International Federation of Air Line Pilots’ Associations and the European Cockpit Association said in a statement that aviation authorities should investigate what had happened and “take swift measures” to prevent similar disruptions. They described Sunday’s episode as a “hazard to the safety of passengers and crew.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Colonial Pipeline Now Delivering ‘Millions of Gallons’ an Hour, Owner Says

HOUSTON — The Colonial Pipeline, which delivers nearly half the transportation fuel to the Southeast and New York area, resumed full operations on Saturday, eight days after it was shut down by a ransomware attack.

It will still take days before gasoline stations around Washington, D.C., and the Southeast return to normal service, since nearly 2,000 outlets ran out of fuel and it takes time to restock.

Prices at the pump have stabilized, though. Average prices of regular gasoline in Tennessee and South Carolina, two of the hardest hit states, rose by only a penny on Saturday, according to the AAA motor club. Nationwide, gasoline prices remained stable at $3.04, eight cents higher than a week ago. Prices in the states most affected by the shutdown rose by as much as 20 cents a gallon in the last week.

“We have returned the system to normal operations, delivering millions of gallons per hour to the markets we serve,” the operator of the pipeline said on Twitter.

nearly $5 million in Bitcoin to recover its stolen data.

On Friday, DarkSide said it was shutting down because of unspecified “pressure” from the United States.

View Source

DarkSide, Blamed for Colonial Pipeline Attack, Says It Is Shutting Down

Since the DarkSide account was opened in March, Elliptic said, it had received $17.5 million from 21 Bitcoin wallets, indicating the number of ransoms it had collected just this spring. Cybersecurity analysts assess that the group has been active since at least August, and has most likely used a number of different Bitcoin wallets to receive ransoms.

The intense scrutiny that followed the Colonial Pipeline attack has clearly unsettled ransomware groups. This week, the operators behind two major Russian-language ransomware platforms, REvil and Avaddon, announced strict new rules governing the use of their products, including bans on targeting government-affiliated entities, hospitals or educational institutions.

The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted in the forum, the administrator called the attention a “critical mass of harm, nonsense, hype and noise,” saying even the spokesman for President Vladimir V. Putin of Russia had weighed in on the Colonial Pipe attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin had been involved in the attack on the pipeline.)

“The word ransom has become associated with a whole series of unpleasant things — geopolitics, blackmail, government cyberattacks,” the XSS administrator wrote. “This word has become dangerous and toxic.”

Even if DarkSide has shut down, the threat from ransomware has not passed. Cybercriminal networks often disband, regroup and rebrand themselves in an effort to throw off law enforcement, cybersecurity experts say.

“It’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” said Mark Arena, Intel 471’s chief executive. “A number of the operators will most likely continue to operate in their own close-knit groups, resurfacing under different aliases and ransomware names.”

Indeed, DarkSide gave no indication that its members were getting out of the ransomware business or even letting victims currently infected with the group’s malware off the hook. In its statement, DarkSide said it would hand over its decryption tools to affiliates, giving these intermediaries, who were responsible for infecting computer systems with the group’s malicious software, the ability to negotiate ransoms with victims directly.

“You will be given decryption tools for all the companies that haven’t paid yet,” the statement read. “After that, you will be free to communicate with them wherever you want in any way you want.”

Julian Barnes contributed reporting.

View Source

Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity

WASHINGTON — As the East Coast suffered from the effects of a ransomware attack on a major petroleum pipeline, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.

The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade.

The order comes amid a wave of new cyberattacks, more sophisticated and far-reaching than ever before. Over the past year, roughly 2,400 ransomware attacks have hit corporate, local and federal offices in extortion plots that lock up victims’ data — or publish it — unless they pay a ransom.

The most urgent fear is an attack on critical infrastructure, a point made clear this week to Americans, who were panic-buying gasoline. A ransomware attack on Colonial Pipeline’s information systems forced the company to shut down a critical pipeline that supplies 45 percent of the East Coast’s gasoline, diesel and jet fuel for several days.

SolarWinds hack, in which Russia’s premier intelligence agency altered the computer code of an American company’s network management software. It gave Russia broad access to 18,000 agencies, organizations and companies, mostly in the United States.

The new order also requires all federal agencies to encrypt data, whether it is in storage or while it is being transmitted — two very different challenges. When China stole 21.5 million files about federal employees and contractors holding security clearances, none of the files were encrypted, meaning they could be easily read. (Chinese hackers, investigators later concluded, encrypted the files themselves — to avoid being detected as they sent the sensitive records back to Beijing.)

Previous efforts to mandate minimum standards on software have failed to get through Congress, notably in a major showdown nine years ago. Small businesses have said the changes are not affordable, and larger ones have opposed an intrusive role of the federal government inside their systems.

But Mr. Biden decided it was more important to move quickly than to try to fight for broader mandates on Capitol Hill. His aides said it was a first step, and industry officials said it was bolder than they expected.

Amit Yoran, the chief executive of Tenable and a former cybersecurity official in the Department of Homeland Security, said the question on everyone’s mind was whether Mr. Biden’s order would stop the next Colonial or SolarWinds attacks.

“No one policy, government initiative or technology can do that,” Mr. Yoran said. “But this is a great start.”

Government officials have complained that Colonial had poor defenses, and while it established a hard shell around its computer networks, it had no way of monitoring an adversary who got inside. The Biden administration hopes the standards set out in the executive order, requiring multifactor authentication and other safeguards, will become widespread and improve security globally.

Senator Mark Warner, Democrat of Virginia and the chairman of the Senate Intelligence Committee, praised the order but said it would need to be followed by congressional action.

Mr. Warner said recent attacks “have highlighted what has become increasingly obvious in recent years: that the United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage.”

The new order is the first major public part of a multilayered review of defensive, offensive and legal strategies to take on adversaries around the world. This executive order, however, focuses entirely on deepening defenses, in hopes of deterring attackers because they fear they would fail — or run a higher risk of being detected.

The Justice Department is ramping up a new task force to take on ransomware, after the discovery in recent months that such attacks are more than just extortion, they can bring down sectors of the economy.

Mr. Biden announced sanctions against Russia for the SolarWinds hack, and his national security adviser, Jake Sullivan, has said there will also be “unseen” consequences. So far, the United States has not taken similar action against China’s government for its presumed involvement in another attack, exploiting holes in a Microsoft system used by large companies around the world.

The executive order was first drafted in February in response to the SolarWinds intrusion. That attack was especially sophisticated because hackers working for the Russian government managed to change code under development by the company, which unsuspectingly distributed the malware in an update to its software packages. It was discovered during Mr. Biden’s transition and led him to declare he could not trust the integrity of federal computer systems.

The review board created under the executive order will be co-led by the secretary of homeland security and a private-sector official, based on the specific episode it is investigating at the time, in an effort to win over industry executives who fear the investigations could be fodder for lawsuits.

Because it was created by an executive order, not an act of Congress, the new board will not have the same broad powers as a safety board. But officials are still hopeful it will be valuable in learning of vulnerabilities, improving security practices and urging companies to invest more in improving their networks.

Much of the executive order is focused on information sharing and transparency. It aims to speed the time companies that have been victimized by a hack or discover vulnerabilities share that information with the Cybersecurity and Infrastructure Security Agency.

View Source

The Latest News on the Colonial Pipeline Shutdown

HOUSTON — Panicked drivers scrambled to fuel their vehicles across the Southeast on Tuesday, leaving thousands of stations without gasoline as a vital fuel pipeline remained largely shut down after a ransomware attack.

The disruption to the Colonial Pipeline, which stretches 5,500 miles from Texas to New Jersey, also left airlines vulnerable, with several saying they would send jet fuel to the region by air to ensure that service would not be disrupted.

Gasoline in Georgia and a few other states rose 3 to 10 cents a gallon on Tuesday, a jump typically seen only when hurricanes interrupt refinery and pipeline operations along the Gulf Coast.

The national average for a gallon of regular gasoline rose 2 cents on Tuesday, with higher prices reported in the Southeast, according to the AAA motor club. The average increase was nearly 7 cents in South Carolina, 6 cents in North Carolina and 3 cents in Virginia.

Gas Buddy, a service that tracks gas prices, reported.

“There’s no gas, and people are getting frustrated,” said Ariyana Ward, a 19-year-old college student in Virginia Beach who waited 45 minutes to fill up. With some motorists taking time to fill cans as well as cars, she said, “people are getting into shouting matches.”

State leaders responded with measures intended to keep the flow of fuel steady and stabilize prices.

suspend some fuel transport rules. Governor DeSantis also activated the National Guard to cope with the emergency.

South Carolina’s attorney general, Alan Wilson, announced that he was ready to invoke the state’s price-gouging law, making excessive overcharging a criminal offense. “I’m urging everyone to be careful and be patient,” Mr. Wilson said.

At the White House, Energy Secretary Jennifer M. Granholm told reporters, “We know we have gasoline; we just need to get it to the right places.” But she made no promises about when the pipeline, which was shut down to prevent the cyberattack from spreading, would resume operations, saying the company will decide on Wednesday whether it is ready to do so.

She said she expected gas station operators to act “responsibly,” adding, “We have no tolerance for price gouging.”

The administration considered other steps that might alleviate shortages, including moving gasoline, diesel and jet fuel by train, or issuing a waiver for a 1920 law known as the Jones Act, which requires that maritime shipments be on vessels owned and staffed by Americans. But it was unclear if the right kind of either rail cars or foreign-registered ships were available.

“There are no easy solutions,’’ Ms. Granholm said.

The Environmental Protection Agency administrator, Michael Regan, issued an emergency waiver for fuel air emissions on Tuesday to help alleviate fuel shortages in places affected by the pipeline shutdown, including the District of Columbia, Maryland, Pennsylvania and Virginia. The waiver will continue through next Tuesday.

Colonial Pipeline, the company that operates the pipeline, has said it hopes to restore most operations by the end of the week. The attack, which the Federal Bureau of Investigation said had been carried out by an organized-crime group called DarkSide, has highlighted the vulnerability of the American energy system. The pipeline provides the Eastern United States with nearly half its transportation fuel.

Colonial has remained largely silent, answering no questions about the kind of protections it had in place on both its computer networks and the industrial controls that run the pipeline.

In a statement late in the day on Tuesday, Colonial said it had manually started one part of the pipeline and delivered about 41 million gallons of fuel to various locations on its system, from Atlanta, through the Carolinas and to Linden, N.J.

But the company said nothing about what factors will play into its decision on when to restart the pipeline. And it has not explained whether it found any evidence that the malware placed in its data systems could migrate to the operations of the pipeline.

Several experts noted that while the two networks are described as separate entities, they have considerable crossover. For example, one of the systems the ransomware group tied up tracks how much fuel each customer uses. Without that running, Colonial would not know how much fuel any of its customers were receiving — or how to get paid for it.

Industry analysts said the impact of the hacking would remain relatively minor as long as the artery was fully restored soon. “With a resolution to the shutdown in sight, the cyberattack is now treated as a small disturbance by the market, and prices are trimming Monday’s panic-gains,” said Louise Dickson, an oil markets analyst for Rystad Energy.

a 2018 report, the group argued that the interstate pipeline system used to supply jet fuel to airports had grown increasingly vulnerable to costly disruptions. And when disruptions occur, airlines have few good options beyond flying in extra fuel, adding stops to flights, or canceling and rerouting flights.

After the disruption last weekend, American Airlines said it had added stops to two daily flights out of Charlotte, N.C. One, to Honolulu, will stop in Dallas, where customers will change planes. The other, to London, will stop in Boston to refuel. The flights are expected to return to their original schedules on Saturday.

Southwest Airlines said it was flying in supplemental fuel to Nashville, and United Airlines said it was flying extra fuel to Baltimore; Nashville; Savannah, Ga.; and Greenville-Spartanburg International Airport in South Carolina. United, Southwest and Delta Air Lines said they had not experienced any disruptions to their operations so far.

Gillian Friedman contributed reporting.

View Source

FBI Confirms DarkSide as Colonial Pipeline Hacker

President Biden said on Monday that the United States would “disrupt and prosecute” a criminal gang of hackers called DarkSide, which the F.B.I. formally blamed for a huge ransomware attack that has disrupted the flow of nearly half of the gasoline and jet fuel supplies to the East Coast.

The F.B.I., clearly concerned that the ransomware effort could spread, issued an emergency alert to electric utilities, gas suppliers and other pipeline operators to be on the lookout for code like the kind that locked up Colonial Pipelines, a private firm that controls the major pipeline carrying gasoline, diesel and jet fuel from the Texas Gulf Coast to New York Harbor.

The pipeline remained offline for a fourth day on Monday as a pre-emptive measure to keep the malware that infected the company’s computer networks from spreading to the control systems that run the pipeline. So far, the effects on gasoline and other energy supplies seem minimal, and Colonial said it hoped to have the pipeline running again by the end of this week.

The attack prompted emergency meetings at the White House all through the weekend, as officials tried to understand whether the episode was purely a criminal act — intended to lock up Colonial’s computer networks unless it paid a large ransom — or was the work of Russia or another state that was using the criminal group covertly.

the Washington, D.C., Police Department, have also been hit.

The explosion of ransomware cases has been fueled by the rise of cyberinsurance — which has made many companies and governments ripe targets for criminal gangs that believe their targets will pay — and of cryptocurrencies, which make extortion payments harder to trace.

In this case, the ransomware was not directed at the control systems of the pipeline, federal officials and private investigators said, but rather the back-office operations of Colonial Pipeline. Nonetheless, the fear of greater damage forced the company to shut down the system, a move that drove home the huge vulnerabilities in the patched-together network that keeps gas stations, truck stops and airports running.

A preliminary investigation showed poor security practices at Colonial Pipeline, according to federal and private officials familiar with the inquiry. The lapses, they said, most likely made the act of breaking into and locking up the company’s systems fairly easy.

executive order in the coming days to strengthen America’s cyberdefenses, said there was no evidence that the Russian government was behind the attack. But he said he planned to meet with President Vladimir V. Putin of Russia soon — the two men are expected to hold their first summit next month — and he suggested Moscow bore some responsibility because DarkSide is believed to have roots in Russia and the country provides a haven for cybercriminals.

“There are governments that turn a blind eye or affirmatively encourage these groups, and Russia is one of those countries,” said Christopher Painter, the United States’ former top cyberdiplomat. “Putting pressure on safe havens for these criminals has to be a part of any solution.”

Colonial’s pipelines feed large storage tanks up and down the East Coast, and supplies seem plentiful, in part because of reduced traffic during the pandemic. Colonial issued a statement on Monday saying its goal was to “substantially” resume service by the end of the week, but the company cautioned that the process would take time.

mounted a not-so-secret effort to put malware in the Russian grid as a warning.

But in the many simulations run by government agencies and electric utilities of what a strike against the American energy sector would look like, the effort was usually envisioned as some kind of terrorist strike — a mix of cyber and physical attacks — or a blitz by Iran, China or Russia in the opening moments of a larger military conflict.

But this case was different: a criminal actor who, in trying to extort money from a company, ended up bringing down the system. One senior Biden administration official called it “the ultimate blended threat” because it was a criminal act, the kind the United States would normally respond to with arrests or indictments, that resulted in a major threat to the nation’s energy supply chain.

By threatening to “disrupt” the ransomware group, Mr. Biden may have been signaling that the administration was moving to take action against these groups beyond merely indicting them. That is what United States Cyber Command did last year, ahead of the presidential election in November, when its military hackers broke into the systems of another ransomware group, called Trickbot, and manipulated its command-and-control computer servers so that it could not lock up new victims with ransomware. The fear at that time was that the ransomware group might sell its skills to governments, including Russia, that sought to freeze up election tabulations.

On Monday, DarkSide argued it was not operating on behalf of a nation-state, perhaps in an effort to distance itself from Russia.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” it said in a statement posted on its website. “Our goal is to make money and not creating problems for society.”

The group seemed somewhat surprised that its actions resulted in closing a major pipeline and suggested that perhaps it would avoid such targets in the future.

“From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future,” the group said, though it was unclear how it defined “moderation.”

DarkSide is a relative newcomer to the ransomware scene, what Ms. Neuberger called “a criminal actor” that hires out its services to the highest bidder, then shares “the proceeds with ransomware developers.” It is essentially a business model in which some of the ill-gotten gains are poured into research and development on more effective forms of ransomware.

The group often portrays itself as a sort of digital Robin Hood, stealing from companies and giving to others. DarkSide says it avoids hacking hospitals, funeral homes and nonprofits, but it takes aim at large corporations, at times donating its proceeds to charities. Most charities have turned down its offers of gifts.

One clue to DarkSide’s origins lies in its code. Private researchers note DarkSide’s ransomware asks victims’ computers for their default language setting, and if it is Russian, the group moves along to other victims. It also seems to avoid victims that speak Ukrainian, Georgian and Belarusian.

Its code bears striking similarities to that used by REvil, a ransomware group that was among the first to offer “ransomware as a service” — essentially hackers for hire — to hold systems hostage with ransomware.

“It appears this was an offshoot that wanted to go into business for themselves,” said Jon DiMaggio, a former intelligence community analyst who is now the chief security strategist of Analyst1. “To get access to REvil’s code, you’d have to have it or steal it because it’s not publicly available.”

DarkSide makes smaller ransom demands than the eight-figure sums that REvil is known for — somewhere from $200,000 to $2 million. It puts a unique key in each ransom note, Mr. DiMaggio said, which suggests that DarkSide tailors attacks to each victim.

“They’re very selective compared to most ransomware groups,” he said.

View Source

Colonial Pipeline: A Vital Artery for Fuel

HOUSTON — The operator of a vital fuel pipeline stretching from Texas to New Jersey, shut down for days after a ransomware attack, said Monday that it hoped to restore most operations by the end of the week.

Federal investigators said the attackers aimed at poorly protected corporate data rather than directly taking control of the pipeline, which carries nearly one-half of the motor and aviation fuels consumed in the Northeast and much of the South.

The operator, Colonial Pipeline, stopped shipments apparently as a precaution to prevent the hackers from doing anything further, like turning off or damaging the system itself in the event they had stolen highly sensitive information from corporate computers.

Colonial said it was reviving service of segments of the pipeline “in a stepwise fashion” in consultation with the Energy Department. It said the goal of its plan was “substantially restoring operational service by the end of the week.” The company cautioned, however, that “this situation remains fluid and continues to evolve.”

Federal Bureau of Investigation said was carried out by an organized crime group called DarkSide, has highlighted the vulnerability of the American energy system.

Part of that vulnerability reflects Texas’ increased role in meeting domestic demand for oil and gas over the last decade and a half, leading the Northeast to rely on an aging pipeline system to bring in fuel rather than refining imported fuel locally.

Since the pipeline shutdown, there have been no long lines at gasoline stations, and because many traders expected the interruption to be brief, the market reaction was muted. Nationwide, the price of regular gasoline climbed by only half a cent to $2.97 on Monday from Sunday, even though the company could not set a timetable for restarting the pipeline. New York State prices remained stable at $3 a gallon, according to the AAA motor club.

“Potentially it will be inconvenient,” said Ed Hirs, an energy economist at the University of Houston. “But it’s not a big deal because there is storage in the Northeast and all the big oil and gas companies can redirect seaborne cargoes of refined product when it is required.”

The Colonial Pipeline is based in Alpharetta, Ga., and is one of the largest in the United States. It can carry roughly three million gallons of fuel a day over 5,500 miles from Houston to New York. It serves most of the Southern states, and branches from the Atlantic Coast to Tennessee.

Some of the biggest oil companies, including Phillips Petroleum, Sinclair Pipeline and Continental Oil, joined to begin construction of the pipeline in 1961. It was a time of rapid growth in highway driving and long-distance air travel. Today Colonial Pipeline, which is private, is owned by Royal Dutch Shell, Koch Industries and several foreign and domestic investment firms.

It is particularly vital to the functioning of many Eastern U.S. airports, which typically hold inventories sufficient for only three to five days of operations.

There are many reasons, including regulatory restrictions on pipeline construction that go back nearly a century. There are also restrictions on the use of foreign vessels to move products between American ports, as well as on road transport of fuels.

But the main reason comes closer to home. Over the last two decades, at least six refineries have gone out of business in New Jersey, Pennsylvania and Virginia, reducing the amount of the crude oil processed into fuels in the region by more than half, from 1,549,000 to 715,000 barrels weekly.

“Those refineries just couldn’t make money,” said Tom Kloza, global head of energy analysis at Oil Price Information Service.

The reason for their decline is the “energy independence” that has been a White House goal since the Nixon administration. As shale exploration and production boomed beginning around 2005, refineries on the Gulf Coast had easy access to natural gas and oil produced in Texas.

That gave them an enormous competitive advantage over the East Coast refineries that imported oil from the Northeast or by rail from North Dakota once the shale boom there took off. As the local refineries shut their doors, the Colonial Pipeline became increasingly important as a conduit from Texas and Louisiana refineries.

The Midwest has its own pipelines from the Gulf Coast, but while the East Coast closed refineries, the Midwest has opened a few new plants and expanded others to process Canadian oil, much from the Alberta oil sands, over the last 20 years. California and the Pacific Northwest have sufficient refineries to process crude produced in California and Alaska, as well as South America.

Not very. The Northeast supply system is flexible and resilient.

Many hurricanes have damaged pipelines and refineries on the Gulf Coast in the past, and the East Coast was able to manage. The federal government stores millions of gallons of crude oil and refined products for emergencies. Refineries can import oil from Europe, Canada and South America, although trans-Atlantic cargo can take as much as two weeks to arrive.

When Hurricane Harvey hit Texas in 2017, damaging refineries, Colonial Pipeline shipments to the Northeast were suspended for nearly two weeks. Gasoline prices at New York Harbor quickly climbed more than 25 percent, and the added costs were passed on to motorists. Prices took over a month to return to previous levels.

The hacking of a major pipeline, while not a major problem for motorists, is a sign of the times. Criminal groups and even nations can threaten power lines, personal information and even banks.

The group responsible for the pipeline attack, DarkSide, typically locks up its victims’ data using encryption, and threatens to release the data unless a ransom is paid. Colonial Pipeline has not said whether it has paid or intends to pay a ransom.

“The unfortunate truth is that infrastructure today is so vulnerable that just about anyone who wants to get in can get in,” said Dan Schiappa, chief product officer of Sophos, a British security software and hardware company. “Infrastructure is an easy — and lucrative — target for attackers.”

View Source

Cyberattack Forces a Shutdown of a Top U.S. Pipeline

A cyberattack forced the shutdown of one of the largest pipelines in the United States, in what appeared to be a significant attempt to disrupt vulnerable energy infrastructure. The pipeline carries refined gasoline and jet fuel up the East Coast from Texas to New York.

The operator of the system, Colonial Pipeline, said in a statement late Friday that it had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach on its computer networks. Earlier Friday, there were disruptions along the pipeline, but it was unclear whether that was a direct result of the attack, or the company’s moves to proactively halt it.

Colonial Pipeline has not indicated whether its systems were hit by ransomware, in which hackers hold a victim’s data hostage until it pays a ransom, or whether it was another form of cyberattack. But the shutdown of such a vital pipeline, one that has been serving the East Coast since the early 1960s, highlights the huge vulnerability of aging infrastructure that has been connected, directly or indirectly, to the internet.

In coming weeks the administration is expected to issue a broad-ranging executive order to bolster security of federal and private systems, after two major attacks from Russia and China in recent months caught American intelligence agencies and companies by surprise.

the SolarWinds intrusion by Russia’s main intelligence service, and another against some types of Microsoft-designed systems that has been attributed to Chinese hackers — underscored the vulnerability of the networks on which the government and corporations rely.

announced sanctions against Russia last month for SolarWinds, and is expected to issue an executive order in the coming days that would take steps to secure critical infrastructure, including requiring enhanced security for vendors providing services to the federal government.

The United States has long warned that Russia has implanted malicious code in the electric utility networks, and the United States responded several years ago by putting similar code into the Russian grid.

But actual attacks on energy systems are rare. About a decade ago, Iran was blamed for an attack on the computer systems of Saudi Aramco, one of the world’s largest oil producers, which destroyed 30,000 computers. That attack, which appeared to be in response to the American-Israeli attack on Iran’s nuclear centrifuges, did not affect operations.

Another attack on a Saudi petrochemical plant in 2017 nearly set off a major industrial disaster. But it was shut down quickly, and investigators later attributed it to Russian hackers. This year, someone briefly took control of a water treatment plant in a small Florida city, in what appeared to be an effort to poison the supply, but the attempt was quickly halted.

Clifford Krauss and Nicole Perlroth contributed reporting.

View Source