The DarkSide hack was just the beginning. Hopefully the FBI realizes that

The hacker group responsible for the Colonial Pipeline ransomware attack this week is sophisticated, and even puts out marketing material that reads like copy from an edgy Bay Area startup

Luke Winkie
New York
Tuesday 11 May 2021 10:49 EDT
Comments
(AP)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

On Monday, the FBI admitted a temporary defeat. DarkSide, a corporatized hacking collective believed to be based in Eastern Europe, had been identified as the culprit behind a massive ransomware attack on Colonial Pipelines. The oil and gas company is the largest pipeline grid in the United States, and by the start of this week, they’d already been knocked offline for four days. 

The White House held emergency meetings and the FBI sent out emergency pings to other energy suppliers in case the hack metastasized across other computer systems. They know, presumably, that many cybercriminals have grown bored and unsatisfied with small victories like password troves and credit card scams. Instead, they’ve moved on to much bigger bounties, including crucial pieces of our national infrastructure.

Think of DarkSide as a malware middleman. They specialize in off-the-shelf malevolent scripts, which can be purchased for a high price by any enterprising criminal. Deploy those scripts through the right keyhole — in this case, getting them under the skin of a company that services the entire Eastern Seaboard with one errant click — and the rest of the work becomes elementary. “Ransomware” is exactly what it sounds like. Hackers hold whatever leverage they’ve dredged up in the security breach — sensitive documents, personal information, or in this case, the threat of a national gas shortage — and dangle it out to the proprietorship for a payload of cash. It’s an extortion strategy that dates back to the dawn of the internet. The only difference is how DarkSide has optimized the loose ends.

Last year, WIRED’s Brian Barrett wrote about how much of DarkSide’s marketing apparatus read like pristine ad copy from a VC-backed startup. The “company,” as much as you can call it one, offers guaranteed delivery times, and direct, one-to-one customer support, so you can troubleshoot your malicious code while slipping it into your next Fortune 500 target. DarkSide claims to have some third-rails and moral grounding; they say they will never facilitate an attack on “hospitals, schools, nonprofits, or government targets” — which is clearly a way to equip their subterfuge with a facile, populist creed. (And frankly, it is difficult to feel much sympathy for the fossil fuel cartels. They certainly know how to choose their victims.) “Before any attack, we carefully analyze your accountancy and determine how much you can pay based on your net income,” wrote DarkSide in a surprisingly brazen press release, as quoted by Barrett in that WIRED article. The hacking group has correctly estimated that the US has no methodology to prosecute a group of talented hackers well outside its borders. As DarkSide’s operations get more sophisticated, offices all across the States will grow more exposed.

“We created DarkSide because we didn’t find the perfect product for us,” continues that press release. “Now we have it.”

For now, Americans will simply need to become accustomed to the idea that loopholes and vulnerabilities are pocketed throughout all of our digital superstructures, and even a vital piece of baseline framework — like a pipeline so entangled with our industrial network it might as well be a public enterprise — can be brought to its knees with a few lines of code. Colonial Pipeline claims that the service should be back up and running by the end of the week. But what’s next? Thecity governments of Atlanta and New Orleans have been hit by similar hacks in the past, as has the Washington DC police department. The fiction we’ve been sold about the robustness of whoever we trust our information with — from the banks, to our doctors, to the government itself — appears to be more tenuous than ever. If Colonial Pipeline can fall, then clearly, everything is on the table.

2021 is a time to reexamine all of the failsafes and contingency plans; to check for the issues simmering underneath the hood. In those halcyon pre-crisis days, January and February of last year, public health officials assured the population that Covid-19 could never worm its way through the ironclad American medical complex. There would be no emergency, no overcrowding, no boats on the shores of Manhattan and no shortage of tests or PPE, they said. We in America would be inoculated from the failures of others.

Frankly, the DarkSide hack gives me the same ominous tidings. “The Garmin hack was the warning,”reads a WIRED headline from last August after the technology company was brutalized by a similar ransomware hack. That article detailed how these interlopers continue to ratchet up the scope of their enterprise; just because single hacks are “over”, in other words, doesn’t mean that the people behind them aren’t growing in knowledge and stature continually. We likely won’t know how vulnerable we are until it’s far too late.

Luke Winkie is a freelance technology writer

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in