Summary

The website content discusses the risks and consequences of inadequate cybersecurity measures, as evidenced by the Colonial Pipeline hack and the public's dangerous response to the resulting gas shortage.

Abstract

The article "How to Transport Gasoline for Dummies" on the undefined website highlights the critical need for improved cybersecurity measures following the Colonial Pipeline hack, which led to a gas shortage on the East Coast and risky behaviors by the public. It underscores the potential for widespread disruption by detailing how the DarkSide hacking group compromised the pipeline's computer systems, causing a multimillion-dollar ransom payment and an example of dangerous gas hoarding by citizens. The piece emphasizes the necessity for robust backup systems, the importance of securing critical infrastructure, and the need for individual vigilance against phishing attacks and other security threats, as well as the hazards of improper fuel storage and transportation. The author also criticizes the misconceptions about the ease of protecting critical infrastructure and the reality of constant threats from cybercriminals seeking financial gain.

Opinions

The author expresses dismay at the public's dangerous practice of hoarding gasoline in unsafe containers following the pipeline hack, highlighting the potential for lethal consequences.
The article suggests that people's overreactions to the gas shortage were due to a lack of awareness about the dangers of gas fumes and proper storage.
It is opined that despite the increased attention to cybersecurity in the wake of the hack, many individuals underestimate the complexity of protecting critical infrastructure from cyber threats.
The author points out that the motive behind such cyber-attacks is purely financial, with hackers like DarkSide specifically targeting entities that can afford hefty ransom payments.
The author seems to have a dim view of the effectiveness of current security measures, given the frequency and severity of cyber-attacks on critical infrastructure.
There is a clear call to action for companies and governments to invest more in advanced cybersecurity solutions, such as NDR and EDR systems, to combat sophisticated malware threats.
The piece implies that while executive orders like Biden's are a step in the right direction, a more comprehensive and global approach to cybersecurity is needed.
The author advises individuals to avoid complacency and contribute to cybersecurity by following best practices, such as not clicking on suspicious links and not circumventing security protocols.
The author emphasizes the importance of using proper fuel containers and not storing gasoline in vehicles, as this poses a significant safety risk.

How to Transport Gasoline for Dummies

Why the Colonial Pipeline hack is only a preview of what can happen if we don’t secure our critical infrastructure

Every time I feel people can’t surprise me anymore, I go on the internet, and I’m schooled. Last week it was videos and images of people storing large amounts of flammable liquids in leaky containers in the trunk of their cars.

The first time I saw a TikTok making fun of people putting gasoline in trash bags, I had no clue what was going on. Then more and more videos and images of people filling plastic bags, tubs, or plastic pails with gas popped up. I was baffled, were people planning to set themselves on fire in protest of some political agenda they deemed insupportable? Or was this a Tide Challenge for adults?

I did a quick research and realized this was not a protest. People were risking a fiery, painful death for no good reason. They were hoarding gas because of a cyber attack on a pipeline provider. Most of them probably weren’t even aware that they were endangering their life.

In my world, it is painfully obvious that this is a disaster waiting to happen, but not everyone lives here.

In case you were wondering, it's not the gas; it's the fumes. Gas fumes ignite easily when mixed with oxygen. That is why you are not supposed to smoke anywhere near a pumping station. When the fumes catch fire, they will light up the gas, and if that happens inside your car, neither you nor I want to be close.

People weren't all making funny videos; some tried to warn. I was deeply touched by lima_lee striving to stop others from suffering the same horrible outcome she had experienced:

Why Was There No Gas on the East Coast?

If you wonder what happened to make people feel hoarding gas was a necessity, here is the short version:

A hacker community called Darkside breached the computer security of the pipeline provider (Colonial) responsible for transporting gas to the East Coast. They shut down their system with encryption malware (aka ransomware) and asked for a multimillion-dollar ransom.

Ransomware will make all the data on your system illegible by encrypting it. There is little chance to decrypt without the key the hackers have. If you are lucky, you have a sound backup plan in place and can restore the data without paying the ransom. If not, you have little choice but to pay. If you noticed the breach too late, the hackers might have encrypted large parts of your backup as well, and again there is little choice but to pay up.

People huffing and puffing about how they would have a better backup system and how this would never have happened to them have no clue how these breaches occur. You can safely ignore them.

So back to the pipeline breach. There was a gas shortage for a couple of hours/days. People freaked out and did stupid things. Colonial paid 5 million USD to the hackers. Now everything is back up and running.

Wait, What?

You are wondering how hackers can shut down a pipeline?

When we think of pipelines, we typically only think of the pipe itself that transports the gas. So when we imagine an attack, we think of terrorists attacking the lines, blowing them up, spilling gas. But that is not the main threat.

In reality, like most utilities, pipelines are steered by a myriad of computer systems. There are pumps, valves, sensors, thermostats, etc., needed to control the flow of the gasoline through the pipes. All of them are steered by computers. And like all computers, these systems are susceptible to malware.

To prevent hackers from compromising critical infrastructure, there are numerous security systems in place. Best case, critical infrastructure isn’t connected to the internet to prevent this kind of shenanigans. It is “air-gapped,” meaning there is no direct connection between the internal private network and the external public internet.

It is assumed that two factors helped the hackers get into Colonial’s systems. Due to the pandemic and the need for remote working, the air gap was probably closed, and someone most likely clicked on a phishing mail and downloaded the malware. This happens frequently and is the reason for the security training you get every few months.

Who Are These People and Why Do They Do This?

The hackers responsible for the ransomware used in the attack are the Darkside Conglomerate. Their main target is critical infrastructure: Energy, Transportation, Healthcare, etc. — anything that makes our society stay afloat.

They are here to make money; there is no ulterior motive, forget, trying to push an agenda. This is neither politically motivated terrorism nor someone trying to settle a grudge. Just cold, hard cash — actually, it's bitcoins, but you get the drift.

DarkSide is ransomware-as-a-service (RaaS) — the developers of the ransomware receive a share of the proceeds from the cybercriminal actors who deploy it, known as “affiliates.” According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. The DarkSide group has publicly stated that they prefer to target organizations that can afford to pay large ransoms instead of hospitals, schools, non-profits, and government

Darkside has now announced they will shut down operations because of the heat they are getting from law enforcement and governments. This sounds like a victory, but it just means they will abandon the compromised name and infrastructure and show up under a different name shortly after.

How Dangerous is It?

Very. Due to the digitalization of every aspect of our lives, hackers can now wreak havoc on society's soft underbelly. Critical infrastructure is the prime cut. A compromise of these systems leaves little room for negotiation.

Imagine a shutdown of public transportation control in the middle of the day—no control over speed or location of subway systems or trains. Imagine someone turning of critical hospital systems while you are lying on the OP table for open-heart surgery. All monitors shut off, oxygen control shut off.

You pay, or people die — some by their own hand because they are transporting gasoline in open containers, but others because you lost control of systems meant to supervise infrastructure or protect the public.

This was not an isolated event. Breaches happen daily; some are more spectacular than others, some are scarier:

In February, a hacker tried to pump “dangerous chemical into the water system in Florida.
In April, The University of Portsmouth had to close its campus due to a ransomware attack.
Also in April, UK rail network, Merseyrail confirmed they were the victim of a ransomware cyberattack.

These are three random examples of 100s of attacks on our infrastructure happening every day.

This problem is not going away any time soon. This is a business model. There is a crazy amount of money involved. We know that Colonial paid 5 million USD, but that is only one company of many. A lot don’t even talk about it. Not every country has disclosure laws.

The Dark Web is full of businesses offering tools and services to breach security systems and extort money from companies.

Any company can be a victim. When the victim is a critical infrastructure provider, all of us are impacted.

What You Can Do to Protect Yourself

Companies and especially governments need to spend even more money on securing their systems. This is the unfortunate truth. Biden’s Executive Order to Improve Cybersecurity should be emulated in some shape or form by all governments.

Cybersecurity is a cat and mouse game between hackers and people protecting the systems. Critical infrastructure needs to be protected at all costs. Tackling this requires top-level involvement and focus. Organizations will have to upgrade to modern NDR and EDR systems capable of detecting modern evasive threats.

Modern malware can’t be stopped with your run-of-the-mill firewall or anti-virus. NDR and EDR systems monitor your system, use machine learning to learn what behavior to expect, and artificial intelligence on top of the classical methods of threat detection to catch malware outbreaks even for previously unknown (zero-day) threats.

As an individual, you can contribute as well. It has been said before, but please don’t click on links or attachments in emails from dubious sources. Security systems can be annoying and cause some friction in your daily work — for example, if you have to wait for an email attachment to be scanned, don’t try to circumvent them. Stay vigilant; it could save a lot of money and sometimes lives.

And please, don’t transport large amounts of gas anywhere in your car except your tank! If necessary, use an approved, tightly closed container like a jerry-can and only carry small amounts.