New Delhi: US President Joe Biden Tuesday said he will raise the issue of last week’s cyberattack on a major US pipeline with Russian President Vladimir Putin, given that the attackers were found to be based in Russia.
“I’m going to be meeting with President Putin,” Biden said. “So far there’s no evidence from our intelligence people that Russia is involved. Although, there is evidence the actor’s ransomware is in Russia.” He added that Moscow “has some responsibility” in the matter.
Last week, private fuel pipeline operator Colonial Pipeline, based in US state Georgia, suffered a ransomware attack. Ransomware is a form of malware that encrypts a victim’s files after which the attacker demands a ransom from the victim to restore them access to the data.
Here’s how the attack happened, and how it has paralysed the fuel pipeline to become a diplomatic issue.
Also read: Al-Aqsa violence: Why Palestinians & Jews have often clashed at this holy site in Jerusalem
The pipeline, stretching 8,850 km, is responsible for 45 per cent of fuel consumed on the US’ East Coast. The company took itself offline shortly after the attack and work is on to get its services restored.
DarkSide, a group of Russian-based hackers who develop and sell ransomware hacking tools for others, have been accused by the US Federal Bureau of Investigation (FBI) of launching the attack. On Tuesday, the group released a statement on its website that its goal is to “make money”, not create problems for society.
Colonial Pipeline reopened a section of its pipeline system Tuesday. However, fears loom that a prolonged shutdown could cause prices to spike at gas pumps. According to a Bloomberg report, gas stations in North Carolina, Florida and Alabama are already running dry.
The attack comes amid ongoing differences between Washington and Moscow over the latter’s troop build-up at the Ukraine border and imposition of sanctions last month.
Attack shows vulnerability of US infrastructure
A Reuters report dubbed the cyberattack on Colonial Pipeline the “most disruptive digital ransom operations ever reported”, especially because the company chose to shut down operations after the threat affected some of its information technology systems.
According to experts, the shutdown of the country’s largest gasoline pipeline underscores how vulnerable US cyber infrastructure is to criminals and national adversaries, such as Russia, China and Iran.
While Colonial Pipeline did not say what was demanded or who made the demand in the attack, the FBI confirmed Monday that DarkSide was behind it.
According to Boston-based cybersecurity firm Cybereason, DarkSide is a professional group with a help desk and call in phone number for victims. It is likely based in a Russian-speaking country as its software avoids encrypting any computer systems where the language is set as Russian and it also avoids targets in post-Soviet states. DarkSide’s ransomware was first noticed in August 2020.
According to Digital Shadows, a London-based cybersecurity firm, the Covid-19 pandemic could have given hackers an edge given that there were more company engineers remotely accessing control systems for the pipeline from home.
“If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free rein to criminal hackers who target the West,” said Dmitri Alperovitch, a co-founder of cyber security firm CrowdStrike.
Also read: Four issues that will dominate news for rest of 2021
Russia accused in past cyberattacks on US
While Biden has maintained that there is no evidence of the Russian state’s involvement in the Colonial Pipeline attack, Moscow has long been criticised for harbouring cyber criminals by security researchers and US law enforcement.
“…If a ransomware crew is operating successfully out of Russia, they at very least have the tacit approval of the intelligence apparatus within Russia for strategic benefit,” claimed Chris Krebs, the former director of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
Last month, the Biden administration expelled 10 Russian diplomats and sanctioned several individuals and companies in retaliation for hacking federal agencies and interfering in the 2020 US presidential election.
Moscow has also been accused of hacking networks of federal agencies in the cyber breach of SolarWinds, a major US information technology firm, in December 2020.
Last month, the Biden administration publicly identified the Russian Foreign Intelligence Service as the perpetrator of the SolarWinds attack, which allegedly gave Russia the ability to spy on 16,000 computer systems worldwide.
Iranian hackers have also tried to gain access to utilities, factories and oil and gas facilities, such as in 2013, when a group hacked the control system of a US dam.
Despite Russia’s alleged harbouring of cybercriminals, it has reportedly come at a cost to its own country. Last December, Russia’s largest bank Sberbank said cyber attacks cost Russian companies and citizens up to 3.6 trillion roubles ($49 billion) in 2020.
The lender said private business and ordinary Russians were the main targets and that Russian-speaking cyber criminals operate from Germany, Ukraine and Venezuela, as well as Russia.
Also read: With India & US stumbling, the world is turning to China for vaccines