F.B.I. Identifies Group Behind U.S. Oil Pipeline Hack

The F.B.I. on Monday confirmed that DarkSide, a hacking group, was responsible for the ransomware attack that closed a U.S. pipeline that provides the East Coast with nearly half of its gasoline and jet fuel.

The confirmation of the hack, which prompted emergency White House meetings over the weekend, comes as the Biden administration in the coming days is expected to announce an executive order to strengthen America’s cyberdefense infrastructure.

President Biden said on Monday that the government has mitigated any impact the pipeline hack might have on the U.S. fuel supply. He added that his administration has efforts underway to “disrupt and prosecute ransomware criminals.”

Colonial Pipeline, the operator of the system, issued a statement on Monday saying that restoring service “takes time.” It added that while the situation “remains fluid and continues to evolve,” the company will restore service incrementally, with the goal of “substantially” restoring service by the end of the week.

Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said Monday afternoon that the government believes DarkSide is “a criminal actor” but is looking for any ties the group may have to nation-states.

She added that Colonial has not sought cyber support from the government, and could not confirm if the company, a private corporation, has paid any ransom.

Mr. Biden also said on Monday that, so far, there is no evidence from U.S. intelligence officials that indicates that “Russia is involved,” but he added that “there is evidence that the actors’ ransomware is in Russia. They have some responsibility to deal with this.”

Colonial’s pipeline transports 2.5 million barrels each day, taking refined gasoline, diesel fuel and jet fuel from the Gulf Coast up to New York Harbor and New York’s major airports. Most of that goes into large storage tanks, and with energy use depressed by the coronavirus pandemic, the attack was unlikely to cause any immediate disruptions.

Late Friday, Colonial said in a vaguely worded statement that it had shut down its 5,500 miles of pipeline, which it said carried 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach. Earlier in the day, there had been disruptions along the pipeline, but it was not clear at the time whether that was a direct result of the attack or of the company’s moves to proactively halt it.

Be the first to comment

Leave a Reply

Your email address will not be published.


*