Major east coast pipeline shut down by hackers

Gradient

Kingfisher
Massive!!!!! inflation of...checks notes...1% to 2%. Give me a break. Please stop repeating what you hear on the news or at least think about what you're writing.



We have a couple of threads like the Covid shortage or Great Reset threads but none of them are shortages due to...the decline. Maybe mods can change the name of the Covid one or we should start a new one.
You seem to think that the ADDITIONAL 1%-2% is ALL the inflation that I'm taking about. That's some world class myopic situational awareness you've got going on there!


I know... It's just a wacky conspiracy theory!
 

budoslavic

Owl
Gold Member

Colonial Pipeline was hacked with single password to access its systems remotely, experts reveals​

  • Charles Carmakal, who consulted on the Colonial Pipeline's attack response, told Bloomberg on Friday that the password was later found on the dark web
  • The password, though still functioning, had not been used by employees to access the Virtual Private Network (VPN) for some time
  • It also appeared on the dark web, although its unclear where the hackers found it
  • The VPN account which was used to breach Colonial Pipeline has since been deactivated
  • Bloomberg also revealed that the account did not have multifactor authentication enabled, a common security feature
Hackers who attacked Colonial Pipeline breached the company's system using a single password to access its systems remotely.

Charles Carmakal, who consulted on the Colonial Pipeline's attack response, told Bloomberg News on Friday that the password was one used to access the company's virtual private network (VPN).

VPNs allow staff to access work systems from their home computers by using a password, and have become common for many working from home during the COVID pandemic.

Carmakal also told of how details of the same VPN password were later found leaked on the dark web.

The account breached was for a 'legacy' virtual private network not routinely used by employees to which only a handful of employees at the company had access, a spokesperson for Colonial Pipeline confirmed to DailyMail.com.

That password, though still functioning, had not been used to access the VPN for some time before it appeared on the dark web, Carmakal said. The account for the VPN which was used to breach Colonial Pipeline has since been deactivated.

Carmakal, a senior vice president at Mandiant - a product line of the cybersecurity firm FireEye Inc., said it remains unclear how the hackers obtained the password.

It was not immediately clear why the account for the legacy VPN was still functioning and the password was able to be used, and how long the account hadn't been used.

FireEye Inc. declined requests from DailyMail.com seeking clarification and additional details.

The Colonial Pipeline spokesperson declined to comment on whether the employee to whom the account belonged, or others, could face any discipline.

Bloomberg also revealed that the account did not have multifactor authentication enabled.

Multifactor authentication is a cybersecurity method in which an account holder presents at least two pieces of evidence the account belongs to them - such as a PIN number or fingerprint on top of the account's password.

It has become commonplace in recent years, with most Americans required to enter a code sent to them by text or email to access online accounts such as banking or social media even after entering their initial password.

FireEye Inc. declined requests to comment if the hackers would have still been able to breach Colonial Pipeline if the company had multifactor authentication enabled on the compromised VPN account.

'We did a pretty exhaustive search of the environment to try and determine how they actually got those credentials,' Carmakal told Bloomberg.

'We don't see any evidence of phishing for the employee whose credentials were used. We have not seen any other evidence of attacker activity before April 29.'

Colonial Chief Executive Officer Joseph Blount, who is set to provide testimony next week before Congressional committees with further details about the hack, told Bloomberg that the company 'had no choice' but to close the pipeline.

It was later determined that the hackers had not been able to access the pipeline's actual fuel supply, although bosses nonetheless decided to halt the network while finding out the scale of the breach.

Blount said the company first became aware of the attack when a control room employee saw a note demanding the ransom of cryptocurrency appear on a computer just before 5 a.m. on May 7.

The employee told a supervisor, who began to immediately shut down the pipeline - a process which ended by 6:10 a.m., Blount said.

'It was absolutely the right thing to do. At that time, we had no idea who was attacking us or what their motives were,' Blount said.
 

eradicator

Peacock
Gold Member
Top