The head of the colonial pipeline told U.S. senators on Tuesday that hackers who launched a cyber attack on the company last month and disrupted the fuel supply in the southeastern United States were able to gain access to the system by stealing a password.
Colonial Pipeline CEO Joseph Blount told the U.S. Senate committee that the attack occurred using a traditional virtual private network (VPN) system without multi-factor authentication. This means that it can be accessed with a password without the need for a second step, such as SMS, which is a common security protection measure in recent software.
“In the case of this particular traditional VPN, it only has single-factor authentication,” Blunt said. “This is a complicated password. I want to clarify. It is not a Colonial123 type password.”
The purpose of convening the team was to review threats to critical U.S. infrastructure and colonial attacks that shut down critical pipelines that transport fuel from refineries along the Gulf of Mexico to major markets on the east coast. Cyber attacks also hit US meat processing plants owned by JBS, demonstrating the breadth of cyber threats to infrastructure.
The senator said at the hearing that the Colonial Pipeline hacking incident showed that most of the company’s infrastructure is still very fragile, and the government and the company must work harder to prevent future hacker attacks.
Security experts say that the use of single-factor login systems is a sign of “bad sanitation” in network security. They recommend two-factor authentication, which requires auxiliary measures such as mobile text or hardware tokens, and most major companies require this method to be used in all internal applications.
The senator asked Blunt about the company’s preparations and the timetable for responding to the ransomware attack, which led to the shutdown of the production line for several days, leading to soaring gasoline prices, panic purchases and local fuel shortages.
Committee chairman, Senator Gary Peters (Gary Peters) said: “I was shocked that this violation happened in the first place.” “There is no doubt: if we do not strengthen cyber security preparations, the consequences will be serious. “
The FBI attributed the hacking to a group called DarkSide. Some senators stated that Colonial did not fully negotiate with the US government before paying the ransom in violation of federal guidelines.
Blunt said that for security reasons, he decided to pay the ransom and keep it as confidential as possible.
“Our understanding is that the decision to pay the ransom is entirely up to us,” he said.
Blount said that Colonial did not have a plan to prevent ransomware attacks, but it did have a contingency plan. The company notified the FBI within a few hours.
Blount stated that Colonial has invested more than US$200 million (approximately Rs 1,460 crore) in its IT systems in the past five years. When asked how much Colonial spent to secure its pipeline network, Blount repeated this number. A company spokesperson later clarified that the US$200 million (approximately Rs14.6 billion) was used for the entire IT, including cybersecurity.
On Friday, U.S. Deputy Attorney General Lisa Monaco urged companies to tell federal authorities whether they paid a ransom to a cyber attacker. This information can help investigators.
Blount said that even after obtaining the key from the hacker, the company is still recovering from the attack and is restoring seven financial systems that have been offline since May 7.
On Monday, the Ministry of Justice stated that it had recovered a cryptocurrency ransom of approximately US$2.3 million (approximately Rs 160 million) paid by Colonial Pipeline.
Colonial Pipeline previously stated that it paid hackers nearly $5 million to regain access. After reaching a high of US$63,000 (approximately 4.6 million rupees) in April, the value of cryptocurrency Bitcoin has fallen below US$35,000 (approximately 400 million rupees) in recent weeks.
As a result, the government recovered approximately 60 of the 75 bitcoins paid, but the value has fallen below the total dollar amount paid by Colonial.
The seized bitcoins were priced in Indian rupees at 12:30 PM IST on June 9th. US$2.45 million is rare, but as ransomware has become an increasingly serious national security threat and has put further pressure on the relationship between the United States and Russia, the authorities have strengthened their expertise in tracking the flow of digital currencies.
© Thomson Reuters 2021