So How Exactly Did a Bunch of Hackers End Up Bringing Back Gas Lines and Fuel Shortages?
Francois Picard/AFP, Getty Images
The news that a cyber attack on a fuel pipeline in the United States resulting in a shutdown of the supply of fuel to multiple states didn’t initially make as big a media splash as one might expect, as the story developed over the weekend. But over the course of Monday and Tuesday, it has become a huge, front and center story.
The shutdown of the Colonial pipeline has resulted in multiple states declaring emergencies. Photos and videos of gas station lines are pouring across social media. The hashtag #gasshortage began trending on Tuesday. In short, the cyberattack story has become a major national moment. And people want to know if it will affect their local gas stations … and their wallets.
So what is the reason for all of this? How did hackers manage to affect the lives of tens of millions of Americans, and potentially even more than that? And what is going to happen now? Who will be affected?
Those are good questions. Let’s take a look.
Nicolas Asfouri/AFP, Getty Images
What Happened
Short answer: cybercriminal hackers shut down a critical piece of infrastructure, a pipeline that carries about half the fuel consumed on the east coast of the United States.
Longer answer: A 5,500 mile Colonial Pipeline company gasoline, diesel, and natural gas pipeline was shut down in a cyberattack. The attack was perpetrated by ransomware hackers, the company confirmed over the weekend. A ransomware attack is what it sounds like: hackers hold data or systems “hostage” until they are paid a ransom.
This particular ransomware attack is the work of Russian criminal gang DarkSide, which claimed the attack and was confirmed as the perpetrators by the FBI. Although the gang has been tied to past Kremlin work, it is believed this was strictly a criminal scheme for the cash.
In an absurd moment, the gang issued a statement on Monday that tried somehow to absolve itself of the ramifications of its actions and vow to do more socially conscious crime in the future:
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,” they wrote. “Our goal is to make money, and not creating problems for society. We [will] introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
Leaving the criminal enterprise’s protestations aside, and looking past any technical explanations that are to be had (though so far there aren’t many), the answer to the question of how ransomware can create a fuel supply problem is fairly straightforward to understand on a macro level. Everything is computers, and that’s especially true on a hugely complex business such as supplying millions of gallons of fuel across thousands of miles every day. To put it in very basic terms, when hackers infected Colonial’s network, the company had to shut down the pipeline to protect it.
Logan Cyrus/AFP, Getty Images
How Does it Affect Fuel Prices and Supply?
Short answer: When fuel is harder to get into the state, it becomes harder and more expensive to get at the pump.
Longer answer: The disruption limits the availability of fuel, not the supply per se. That is, in places highly dependent on this pipeline like Georgia or Florida for example, there aren’t as many alternate sources for getting fuel from where the supply is to where individual retail and commercial establishments are located that depend on fuel.
In other words, it’s harder to get more fuel to stations running low or running out, or to places with large commercial fleets or government fleets of vehicles, etc.
There are also the actions of the customers. With the prospect of shortages and worries about whether the neighbors will run the state out of fuel, stations across the southeast have experienced huge demand and an increase in volume of sales as a result of the pipeline interruption. It’s easy to say the panic about a shortage causes a shortage, but it is also a chicken and egg scenario. The fact that there is a shortage can also explain the rush to be ahead of it.
A limited supply, even if that limit is logistical rather than a lack of supply at the source, will certainly drive up prices, and has across much of the southeast already. It could climb higher. And prices were already on the rise heading into summer, so yes, gas prices will go up in the wake of this incident.
Logan Cyrus/AFP, Getty Images
Are There Going to Be Shortages and Gas Lines?
Short answer: It depends on where you live.
Longer answer: It really does depend on where you live. In some east coast states, it has already created either shortages or perceptions of shortages in cities and towns that are now facing closed pumps, closed stations, and lines. If you’re in California, right now you probably don’t see any difference.
In North Carolina, for example, Gov. Roy Cooper has declared a state of emergency, which puts the price-gouging laws into effect. Residents of the state, including this author, hear a lot about this law every hurricane season.
“Today’s emergency declaration will help North Carolina prepare for any potential motor vehicle fuel supply interruptions across the state and ensure motorists are able to have access to fuel,” said Cooper in issuing the emergency declaration.
North Carolina Attorney General Josh Stein, speaking to reporters, said that “the hackers who breached Colonial Pipeline’s systems have made it harder for hardworking North Carolinians to go about their lives, but I will not allow businesses to take advantage of this incident to charge excessive prices.”
Both Virginia and Georgia also declared a state of emergency as of Tuesday afternoon, and Florida’s Ron DeSantis issued a state of emergency on Tuesday evening.
Megan Varner, Getty Images
Will it Affect ME?
Short answer: Yes.
Longer answer: Everyone is affected to some degree by the disruption in the market and supply. And the perception of gas shortages will spread across the country regardless of the location of the pipeline.
While states in the southeast face the greatest threat of disruption, being more dependent on the pipeline than the Gulf states or the larger metropolitan areas on the northern end of the pipeline, such a significant disruption can have reaching effects. It could have been even worse, though…
What Else Should We Know?
Short answer: There is still a lot left to understand, but a lot of it hasn’t quite been sorted through and we may have to wait for after-action reports to really know how bad this was.
Longer answer: There are broad implications of what can only accurately be described as an in-progress disaster.
We noted above it could have been worse. That’s a troubling thought but it’s an apparent one if you think about the situation that was already in place before the attack.
The Washington Post interviewed a driver who traveled from Myrtle Beach, South Carolina to Wilmington, North Carolina. Having seen long lines and stations out of gas all along the trip, he expressed a thought that has occurred to a lot of people, which is to wonder how bad it would be were we not in the end stage of pandemic restrictions and in the middle of an unemployment crisis.
“The only reason this shortage isn’t worse is that a lot of people aren’t working right now,” he said. “Today it’s our oil pipeline, but what will it be tomorrow? If this kind of thing comes at another time, you just can’t gauge how bad it might get.”
Without the intent to contribute to any sense of unease, it’s important to recognize realities. And one of those realities is that this kind of major shutdown that affects millions of people is something that the cybersecurity industry – not to mention Hollywood – has warned and speculated about for years. Homeland Security Secretary Alejandro Mayorkas said this week that organizations in the United States have lost over $350 million just this year as a result of ransomware attacks.
“The threat is not imminent,” Mayorkas said somewhat chillingly. “It is upon us.”
Wired magazine’s report on the attack and ongoing threat has some sobering facts.
The Colonial Pipeline shutdown comes in the midst of an escalating ransomware epidemic: Hackers have digitally crippled and extorted hospitals, hacked law enforcement databases and threatened to publicly out police informants, and paralyzed municipal systems in Baltimore and Atlanta.
The majority of ransomware victims never publicize their attacks. But Lee says his firm has seen a significant uptick in ransomware operations targeting industrial control systems and critical infrastructure, as profit-focused hackers seek the most sensitive and high-value targets to hold at risk.
“The criminals are starting to think about targeting industrial, and in the last seven or eight months we’ve been seeing a spike in cases,” says Lee. “I think we will see a lot more.”
The operation DarkSide runs includes distributing essentially ransomware-for-hire. Meaning they rent it out. Think about that.
“It was realistically only a matter of time before there was a major critical infrastructure ransomware incident,” an industry expert explained in a comment to Wired.
And the information on DarkSide in particular is equally disturbing. ZDNet has a terrific summary of the group’s activities. Here are some highlights:
DarkSide’s malware is offered under a Ransomware-as-a-Service (RaaS) model, and once a system has been breached, ransomware payment demands can range from $200,000 to $2,000,000.
The group has previously been connected to “big game” hunting methods, in which large organizations are targeted — which would fit with the Colonial Pipeline incident.
…
Other cybercriminal organizations follow the same path, including Hades ransomware operators, which appear to specifically target companies with annual revenue of at least $1 billion.
DarkSide 2.0, the latest version of the ransomware, was recently released under an affiliates program.
DarkSide also employs double-extortion tactics — joining the likes of Maze, Babuk, and Clop, among others — to pressure victims into paying up. At the time of a cyberattack, confidential information may be stolen and threats made to publish this data on a leak site if the victim refuses to give in to blackmail.
…
It should also be noted that when victim companies refuse to pay, DarkSide is willing to share insider information ahead of the publication of stolen data.
“If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares,” the group says. “Write to us in “Contact Us” and we will provide you with detailed information.”
On that public site, there are countdown timers on other companies that DarkSide is currently extorting. No attack of conscience over the emergency has slowed down the criminal activity, ZDNet reports. It’s a must-read.
Now What?
Short answer: ¯\_(ツ)_/¯
Longer answer: The bottom line is that until Colonial gives the all-clear, and the pipeline is back up in working order, there are going to be disruptions in a lot of places, with some more disrupted than others.
On that note, here’s a statement issued by Colonial this afternoon on the status of their restoration effort.
Colonial Pipeline continues to make forward progress in our around-the-clock efforts to return our system to service, with additional laterals operating manually to deliver existing inventories to markets along the pipeline. Markets experiencing supply constraints and/or not serviced by other fuel delivery systems are being prioritized. We are collaborating with the Department of Energy (DOE) to evaluate market conditions to support this prioritization.
Since our pipeline system was taken offline, working with our shippers, Colonial has delivered approximately 967,000 barrels (~41 million gallons) to various delivery points along our system. This includes delivery into the following markets: Atlanta, Ga., Belton and Spartanburg, S.C., Charlotte and Greensboro, N.C., Baltimore, Md., and Woodbury and Linden N.J.
Additionally, in preparation for our system restart, we have taken delivery of an additional 2 million barrels (~84 million gallons) from refineries for deployment upon restart.
Consistent with our safety policies and regulatory requirements, Colonial has increased aerial patrols of our pipeline right of way and deployed more than 50 personnel to walk and drive ~ 5,000 miles of pipeline each day.
Actions taken by the Federal Government to issue a temporary hours of service exemption for motor carriers and drivers transporting refined products across Colonial’s footprint and actions taken by several Governors to lift weight restrictions on tanker trucks should help alleviate local supply disruptions. This is in addition to the Reid Vapor Pressure wavier issued today by the U.S. EPA that will also help alleviate supply constraints in several states serviced by our system. We would like to thank the White House for their leadership and collaboration in resolving this matter as well as the DOE, PHMSA, FERC and other federal agencies for their ongoing support.
Our primary focus remains the safe and efficient restoration of service to our pipeline system, while minimizing disruption to our customers and all those who rely on Colonial Pipeline. We will continue to provide updates as restoration efforts progress.
The Colonial Pipeline company website was also down on Tuesday. In a tweet, the company said that the site problem was not a result of the hack that shut down their pipeline.
Small comfort in that statement. What it looks like is that a critical piece of infrastructure upon which tens of millions of Americans rely every day is in a sorry state and being handled by a company that isn’t even keeping its website online.
It’s not a time to panic. Gasoline will get to your car. You’ll be able to go to work. But citizen confidence is definitely going to take a big short-term hit and probably take a long time to bounce back.
To answer the question asked in our headline, the short answer is that pretty much everything in the modern world can be affected by cybercrime or cyberterrorism. The longer answer? Well that’s really about the long term, isn’t it? The downsides of our brave new technological world are as numerous as the benefits. And most of us don’t even realize the true size and scope of the landscape on which modern cyberwarfare takes place.
But one thing is certain, those virtual actions have real-world implications. We’re seeing a major one now. It’s important to understand we could see more in the future. It’s essential that the U.S. be more prepared. It’s troubling the many ways in which we are not. It’s not time to panic though.
Not yet, anyway.
