On May 7th a Russian hacking consortium known as DarkSide managed to hack into the systems of Colonial Pipeline — the company whose oil and gas infrastructure supplies 45% of oil used on the east coast USA.
On May 14th it was announced that having given in to the demands of the hackers — paying a ransom of 75 Bitcoin (equivalent to around $5 million) — the pipeline is once again open. The hackers had seized 100 Gigabytes of sensitive data and had installed rogue software in the company’s network, taking control of back office and reporting systems. Given the potential for dangerous and environmentally catastrophic effects if hackers had taken control of the pipeline itself prompted Colonial to shut that down too as a preventative measure.
With such a hold over Colonial, and powerless to restore systems it would appear they felt powerless but to pay up. DarkSide had publicly stated that their intention wasn’t to cause such severe disruption and that they were motivated by financial gain alone. In the event they seem to have got what they wanted.
Service has been restored for now and the fuel shortages and increases in price that were being witnessed across the country will hopefully now cease. During the pipeline shutdown the price of gasoline had pushed to a six and a half year high, above $3 per gallon.
The episode raises questions about the risk posed to the cybersecurity for corporations and government departments alike. It’s troubling that such disruption can be caused so quickly and easily by a criminal gang, not even a state-sponsored group with greater resources at its disposal, but a group of private hackers.
The Colonial hack was ultimately resolved by paying off the criminals which also sends a message that could encourage other hackers that it’s worth them trying similar tactics — the payday could be significant if they’re successful.
A further issue that’s brought up is in the role that Bitcoin has played in DarkSide receiving the ransom payment.
One of the most often-cited objections to digital cryptocurrencies like Bitcoin is that they enable criminality and are predominantly used by criminals. It’s a view that’s often expressed by those in senior government roles — most recently by the treasury secretary Janet Yellen, who said:
“I think we really need to examine ways in which we can curtail their use, and make sure that… money laundering doesn’t occur through those channels.”
It’s a stance that demonstrates once again the degree to which senior government officials seem poorly informed and willfully ignorant about Bitcoin, how it works and what it represents. In real terms, the volume of transactions associated with criminality year-on-year has been declining in recent years. Nonetheless, it will have been widely reported in the media that Bitcoin was used to facilitate payment of a ransom to criminals that had bought parts of America to a temporary standstill. Such messages tend to stick in the public consciousness.
Certainly, there were reasons why the DarkSide hackers opted to have their ransom paid in Bitcoin. They’ve preserved a degree of anonymity in receiving their ransom payment in Bitcoin, which can be sent and received anonymously, within a few minutes and in a way that prevents the funds from being recalled once the transaction is initiated.
But this same anonymity has been enabled by cash for as long as it has existed. It may be easier to trace the transmission of US dollars electronically but unless the recipient is captured quickly, the money could quickly and easily be sent onwards and subsequently laundered. After that, it’s lost for good.
One advantage enabled by Bitcoin is that blockchain technology enables a certain amount of traceability for the funds that are sent. Holders of Bitcoin are able to remain anonymous since it’s transmitted from one secure, encrypted wallet to the next and wallets aren’t registered to owners. However, the transactions themselves are clearly and permanently recorded in the blockchain such that these can be scrutinized and traced as volumes of Bitcoin are transmitted to and from different wallets. Indeed, crypto-compliance consultancy, Elliptic have already identified the DarkSide wallet that received the ransom payment:
If and when DarkSide send their Bitcoin onwards, disbursing funds amongst the group, using it in transactions or loading it onto an exchange to sell and convert to, say, US dollars, law enforcement agencies would be able to monitor and keep track of it. This could ultimately help them to capture the criminals.
It was this traceability that allowed the US Government to eventually apprehend corrupt agents who had stolen Bitcoin from the Silk Road — an illicit online marketplace that was used to sell drugs and weapons and which was closed down by the FBI in 2013. The authorities ultimately seized their Bitcoin and thanks to the data in the blockchain were able to prove where the agents had originally stolen it from in the first place.
Law enforcement agencies are understandably uneasy about the possibility of future copy-cat hacks by other individuals and criminal gangs who may be emboldened by Colonial having paid the ransom. The BBC reported that on the same day that Colonial paid up, Japanese electronics firm Toshiba was being targeted by the same hacking group although in Toshiba’s case, the data loss had been less-severe.
There’s a feeling amongst governments and private sector cyber consultancies alike that the only way that ransomware attacks will be discouraged is if those who are targeted prove unwilling to pay. And yet when corporations are threatened with a long-term loss of business and money, or the wider public impacts are significant if they remain shut down for long (as was the case with Colonial Pipeline) then victims may feel they have little option but to pay up. This was also demonstrated in 2020 when the electronics firm Garmin was targeted by hacking group Evil Corp — Garmin too paid the ransom.
Until governments and businesses are better protected against hackers, and better equipped to weather attacks when they happen, we may see more cases where paying the ransom is the only option to restore systems and for business to resume.
Note: This article is for informational purposes only. It should not be considered Financial or Legal Advice. Consult a financial professional before making any major financial decisions.
- 100
- 2020
- 7
- ADvantage
- advice
- agents
- america
- announced
- Anonymity
- around
- article
- bbc
- Bitcoin
- blockchain
- blockchain technology
- business
- businesses
- cases
- Cash
- Cause
- caused
- channels
- closed
- company
- Consciousness
- Corporations
- Criminal
- Criminals
- cryptocurrencies
- cyber
- Cybersecurity
- CZ
- data
- day
- digital
- Disruption
- dollars
- Drugs
- Electronics
- Elliptic
- EV
- Event
- exchange
- fbi
- financial
- Firm
- First
- Forbes
- Fuel
- funds
- future
- Gang
- Garmin
- GAS
- good
- Government
- Governments
- Group
- hack
- hackers
- hacking
- hacks
- High
- hold
- How
- HTTPS
- ia
- Infrastructure
- IP
- IT
- Law
- law enforcement
- Legal
- Long
- major
- Making
- marketplace
- measure
- Media
- medium
- million
- money
- Money Laundering
- network
- Oil
- online
- online marketplace
- open
- Option
- Other
- owners
- Pay
- payment
- price
- private
- public
- raises
- Ransom
- ransomware
- Ransomware Attacks
- reasons
- Resources
- Risk
- seized
- sell
- shortages
- shutdown
- Silk Road
- SIX
- So
- Software
- stolen
- successful
- Systems
- tactics
- Technology
- temporary
- Traceability
- track
- transaction
- Transactions
- us
- us government
- USA
- View
- volume
- Wallet
- Wallets
- WHO
- within
- works
- worth
- year
