Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security United States

Pipeline Hackers Say They're 'Apolitical,' Will Choose Targets More Carefully Next Time (vice.com) 134

The criminal hacking group suspected of being behind the ransomware attack on the Colonial Pipeline, which was shut down as a precaution in response, has published a new statement on its dark web site saying it is "apolitical." From a report: "We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives," the statement from the DarkSide ransomware group reads. The statement did not explicitly point to the Colonial Pipeline incident, but it was titled "About the latest news." Various outlets have reported that U.S. officials and private industry say DarkSide is behind the ransomware event. Dmitry Smilyanets, a cyber threat intelligence expert from cybersecurity firm Recorded Future, tweeted a screenshot of the statement on Monday. Motherboard verified the statement is available on DarkSide's dark web site. "Our goal is to make money, and not creating problems for society," the statement continues. The statement also indicated that the group may be making changes to how it operates and chooses targets. "From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future," it read.
This discussion has been archived. No new comments can be posted.

Pipeline Hackers Say They're 'Apolitical,' Will Choose Targets More Carefully Next Time

Comments Filter:
  • Oops (Score:5, Insightful)

    by Registered Coward v2 ( 447531 ) on Monday May 10, 2021 @11:09AM (#61369244)
    We painted too big of a target on our back; please forget about us, OK?
    • Re:Oops (Score:5, Interesting)

      by JaredOfEuropa ( 526365 ) on Monday May 10, 2021 @11:15AM (#61369284) Journal
      More like "please don't accuse our masters of any wrongdoing"
    • Re:Oops (Score:5, Interesting)

      by timholman ( 71886 ) on Monday May 10, 2021 @11:18AM (#61369312)

      We painted too big of a target on our back; please forget about us, OK?

      These slimeballs have attacked plenty of critical infrastructure in the past, including hospitals. They aren't just apolitical; they are absolutely immoral.

      I have to wonder what has happened behind the scenes to cause them to publish this message. Maybe they have received some anonymous emails along the lines of "We know who you are"? Maybe one or two of their members have suddenly vanished and can no longer be contacted?

      The U.S. does not lack the resources or capability to retaliate. All it takes is sufficient motivation to strike back, and these guys may have finally crossed that line.

      • by Anonymous Coward

        Don't forget that if they are Russian backed or Chinese backed, their government may not be happy with additional focused attention and then disappear anyone in group who was compromised.

      • I would guess the Little Spymaster has told them to knock it off - taking out a major pipeline could cause problems for *him*.

        • Yeah, they didn't waste any time trying to distance themselves from their government: "Hey guys: just to make it clear, we definitely aren't working for the Kremlin".
      • by invid ( 163714 )
        I'm sure someone from the US State Department talked to someone at the Russian State Department and was like, "Hey, um, you know Biden is really pushing infrastructure and, uh, there was already all this election interference and, we're already worried about inflation and...eh, this is just too much. I mean, like, we're going to have to raise gas prices and it's a Russian hacking groups fault and of course everyone's going to blame Putin. Now, Ukraine would really like to be a part of NATO and we haven't be
      • Re:Oops (Score:5, Funny)

        by Anubis IV ( 1279820 ) on Monday May 10, 2021 @02:24PM (#61370068)

        I have to wonder what has happened behind the scenes to cause them to publish this message.

        I imagine there was a conversation like this.

        [Scene: A dark room in an unknown location. Laughter and voices speaking Russian can be heard. Vodka is flowing freely as everyone is cheering something.]

        Leader [in Russian]: Congrats, team! This is our biggest haul yet. We'll be raking in...

        [The Leader's phone rings. The screen indicates it's his wife. He answers it.]

        Unknown Male Voice on the Phone [in Russian]: Stop it.

        Leader: Who is...

        Unknown Voice: We know you, Andrei Ivanov, age 46, born August 24, 1972, to Ivan and Tatiana Ivanov. You reside at 505 Gargarin Avenue with your wife, Ilya, and 10 year-old daughter...

        Leader/Andrei [angrily]: If I...

        Voice [not pausing in the slightest]: ...Natasha. It's Monday. Your daughter is usually home with your wife after school at this time, but for the last four months she's been spending the second Monday of each month with her friend, Katerina, so that your wife can have some alone time with your neighbor [sound of rustling papers in the background] Yuri. Your mother is not well. She has undiagnosed pancreatic cancer and won't live through the week.

        Andrei [eyes going wide]: Wait, I...

        Voice: We've tolerated you and your DarkSide, Andrei, but the US is calling this an act of war. They demand concessions. Heads will roll. When I next speak with our leader, do you know whose name I will give when he asks who did this?

        Andrei [gulping]: Mine?

        Voice [cutting off the response before Andrei can complete the word]: Yours. Unless...

        Andrei: Yes?

        Voice: ...you target who we tell you, when we tell you. You belong to us. DarkSide belongs to us. You are ours.

        Andrei: But I...

        Voice: Of course, we have some vacancies at our finest Siberian establishment for you and your family, if you have any objections?

        Andrei: No, I just...

        *click*

        [the rest of the group looks on for a second, before finally breaking the silence]

        Onlooker: Andrei, what was that?

        [Andrei stares at the phone for a moment, then looks up and answers]

        Andrei: My whore of a wife is sleeping with my neighbor!

      • It's obvious what happened; it's no mystery. This disrupted energy across the entire US Eastern seaboard. The FBI got involved. Darkside looks like a group that is technically run-of-the-mill, but seems to have extreme operational efficiency in their attacks (evident in how much pre-op it's clear that they do; their attacks have a rather large amount of personal information regarding the companies they target). That means one thing: they're out to make financial gain just as they said. There's no polit
      • What happened behind the scenes? Its simple. Really, really, REALLY simple. In the US, most people give exactly zero f&*&s about critical infrastructure until it hits them directly in the pocketbook. Hospitals? Pffff those are for dumb sick liberals. I'll just huff some lysol and I'll will be fine. Roads? As long as its not in MY state, I couldn't care less. Government secrets? Pfff all fake news anyway.

        But if you mess with my gasoline price, buddy you better be ready for nuclear war. You do NO
    • More like, oops, we accidentally your country.

      That's a power play. "Nope, not even deliberately, just kind of as an afterthought."

    • by Jodka ( 520060 )

      We painted too big of a target on our back; please forget about us, OK?

      Security by threat of retaliation should be discredited for the same reason as security-by-obscurity; Neither is a calculably certain guarantee of information security.

      Law enforcement should focus less on retaliation and institutions more on prevention.

    • by gweihir ( 88907 )

      Pretty much what I thought. If these people ever get caught, they probably will die in prison and they seem to realize that.

    • They are merely making money the old fashioned way. They take it. So very patriotic.

  • by Anonymous Coward on Monday May 10, 2021 @11:09AM (#61369246)

    The Underpants Poisoner calls the shots for the Russian mafia. You can't even open a bar in Russia without the Russian government onboard.

    You think the Russian mafia figures who orchestrated this attack on critical American infrastructure fear the Russian police? Hell no. They are the Russian security service.

    Russia is a mafia state, and the mob helps Putin and his allies suck up Russia's wealth.

    Lock Him Up.

  • Nice to know they don't mean to "cause any problems for society". Last time I checked, preventing transport of essential goods and services doesn't fall into that category...
    • Well you know global thermonuclear war might interrupt their revenue stream.
    • by DarkOx ( 621550 )

      So the question is who do they think they can attack that wont 'cause any problems for society' granted not attacking critical infrastructure might have less immediate and less acute consequences for 'society' its not like other crime is inconsequential.

      Do they think the cost of things like umbrella insurance don't go up for everyone else when the knock over a business?

      • I think the third time anyone attacks national/regional infrastructure with obvious visibility and real effects, everyone from the government, to the insurers, to C-levels at companies will start taking cybersecurity regulatory considerations/actuarial calculations/enterprise security and backups *much* more seriously.

        This is like having someone asking for directions come onto your porch, put their foot through a rotten plank, and then pointing the finger at them for causing the broken board. The single

        • by Cederic ( 9623 )

          Third? This is what, the 800th? Or the 8000th?

          Taking this stuff seriously is expensive and difficult. Companies that have multi-layered defences covering multiple attack vectors with up to date software, monitoring and detection, teams doing nothing more than testing, validating, verifying and looking out for this stuff and a vast profit munching budget behind all of that _still_ get compromised.

          Organisations run by people that can't even switch on a fucking iPad? Not a fucking chance.

  • Privatize it (Score:5, Interesting)

    by Lab Rat Jason ( 2495638 ) on Monday May 10, 2021 @11:20AM (#61369322)

    It seems to me, that these ransoms are big enough now that someone could turn the tables by simply publishing a bounty... 50% of the ransom will be paid to the person who rats out his comrades. First one to squeal wins, and if that person cannot be brought to justice via international treaties, then perhaps we let the rules of war apply.

    I'm sure there are lots of security researchers in the US who have the skills to identify these guys, but just lack the proper motivation. And for any of you who think "the government can't do this, why do you think anyone else could" I preempt your statement with "our government was unable to secure the OPM, as well as FermiLab... they are absolutely incompetent."

    I say the government should hand this off to the private sector just like the government has basically ceded space launches to the private sector. As Dan Aykroid said in the original Ghost Busters "I've worked in the private sector... they expect results!"

    • Ransomware was never fun, and TOR exit nodes are now well-understood and each ring of the onion becomes revealed.

      Slowly, the circle gets smaller, and crypto account movements become known, and the trails get more hounds, and then something happens. It is, as it always has been.

    • by DarkOx ( 621550 )

      What happens when someone says - oh sure it was me and Biff, Raj, and Sam over here were my conspiritors give me the $100k and shoot them!

      Or if some security researcher who is on the up and up just gets it wrong?

      • In Mother Russia, we shoot them. In the good 'ol U S of A we try them first, then shoot them. Hopefully the trial will weed out the liars. I admit it's a messy business.

      • I bet the Russians have figured out multiple ways around this already. Many of them are very smart, and have had decades more experience in working the angles in a system that doesn't always work according to its stated rules.
    • I'm sure there are lots of security researchers in the US who have the skills to identify these guys, but just lack the proper motivation.

      Being a hacker bounty hunter sounds pretty cool at first glance. Then I realized that some of these hackers are funded by nation states and cartels.

    • It seems to me, that these ransoms are big enough now that someone could turn the tables by simply publishing a bounty... 50% of the ransom will be paid to the person who rats out his comrades.

      Wasn't that the plot of a Mel Gibson movie [imdb.com]?

    • Often with state backing. If you rat out your fellows the leadership kills you.

      Near term the only solution to ransomware is better security. Long term it's better foreign policy.
      • Those were two separate operative statements. One: Rat out your team for some $$$. Two: First one to squeal wins (anybody who can unmask them gets paid.

        I apologize for being unclear. I'm just thinking that the humble honey pot is still a nascent art with many decades of life ahead of it. Stow a custom URL, fake credentials, etc. on every device you need to defend, and instantly, the criminal can't know what info leads to a payday, and which info leads to prison. The uncertainty is what makes it fun! ;)

  • by cascadingstylesheet ( 140919 ) on Monday May 10, 2021 @11:21AM (#61369326) Journal
    If you can't trust pipeline hackers, who can you trust?
  • That justifies killing the perps without warning. Humans only respect what they fear.

    The pipeline attack was an act of war.

    • by Cederic ( 9623 )

      While I'm confident Biden is stupid enough to drone strike someone in Russia, I'm fairly sure his handlers want a more subtle escalation of hostilities.

  • by mr.dreadful ( 758768 ) on Monday May 10, 2021 @11:28AM (#61369366)
    When a hacking group has to release a public statement, you know the shit hit the fan. I do not envy these dumbasses, someones getting burned for this.
    • by Baron_Yam ( 643147 ) on Monday May 10, 2021 @11:38AM (#61369436)

      This is bad enough that you'd expect three-letter agencies to be aggressively hunting the people involved, not just updating a case file, and having access to the kind of resources you need to actually find them.

      They should very much be scared, no matter what country they're in. Hell, their own country might just want to make them disappear.

      • by sdinfoserv ( 1793266 ) on Monday May 10, 2021 @12:20PM (#61369582)
        And our 3 letter agencies can do exactly what? Assonate on Russian soil? hardly. Remember our own NSA got owned, as well as OPM, which combined are some the worst hacks in US history. If the US actually went to war against a technology superpower like China or Russia, it would be over in about 3 minutes and the US hegemony would come to a instant end. As the US squandered trillions in the middle east over the past 20 years, the Chinese spent similar amounts on infrastructure, technology and treaty building (the direct opposite of "America First").. All US military is dependent on 50 year old, vulnerable GPS, while the Chinese have built a secure alternative. I suggest you read or watch historian Alfred McCoy
        He describes a probable outcome of the next world war: @ 35.30 https://www.youtube.com/watch?... [youtube.com]
        • Identify them (which is bad enough if they're state operatives), and personally sanction them anywhere that uses a US bank or US dollars. Request their extradition to the US to face charges and make sure their government understands the sanctions that will come down if the request is refused. There are other nations where they could be from that are simply either friendly or rely on American support one way or another.

          They don't have to do anything that would make a good spy/action movie to be a scary th

          • nice try, but Russia refuses to extradite it's citizens. : https://apnews.com/article/c51... [apnews.com] , If the US flexes too much financial might resulting in potential financial insecurity of another superpower, we risk the world leaving the dollar as it's reserve currency. That would result in an immediate GDP contraction and multi-decade depression.
            • we risk the world leaving the dollar as it's reserve currency.

              Not really. That would be a massive infrastructure change which would be even more disruptive than sanctions on Russia.

            • That's why the US shouldn't take direct action, the pipeline company should. If the US government abducted Russian citizens, that would get messy. If a private company hired a foreign "security" company to reclaim their property and a ransomware gang happened to end up dead or in custody, well, that's just too bad.
        • Assonate on Russian soil?

          Yes. They can do exactly that and make it look like an accident or a hit by the Russian mob, or just pay the Russian mob to do their dirty work for them. . And, the Russians know they can't scream too loudly about it because they have done assassinated people on foreign soil including in the U.S.

        • The US has made abundantly clear that they can and will kill targets that pose an active threat to the US regardless of where they are located. Just ask Bin Laden and Soleimani. If some Russian hackers were to mysteriously turn up dead there is little Russia could officially do or complain about, as they claim to have no knowledge of these people in the first place.

        • " All US military is dependent on 50 year old, vulnerable GPS,"

          Except it isn't and INS among other options is retained as backup. Small IMUs are big business (too bad they've not made it to phones...yet).

        • All US military is dependent on 50 year old, vulnerable GPS, while the Chinese have built a secure alternative.

          Do you know what you're talking about? Military GPS is not vulnerable in the way that you think it is.

          Then, from the video:

          Beijing's quantum satellite system, equipped with super-secure photon transmission, proves impervious to hacking.

          So, using laser communications instead of microwave makes things impervious to hacking?

          An armada of bigger, faster supercomputers ... blasts back with impenetrable logarithms of unprecedented sophistication.

          How does he figure that China is so far advanced in cyber-warfare compared to the US? Evidence? None given.
          China knocks out US missiles mid-flight somehow with computer code?
          Heads-up-displays in F-35s are taken out by China with a virus?

          This guy should stick to history. He clearly has no idea how tech

          • Beijing's quantum satellite system, equipped with super-secure photon transmission, proves impervious to hacking.

            So, using laser communications instead of microwave makes things impervious to hacking?

            Microwaves are photons too. Maybe Quantum Entanglement WooWoo Magic?

            That dude used an awful lot of techno babble to say, "China gonna kick yo ass! Using computers!" Because, you know, Asians are good at math, or something.

            • "China gonna kick yo ass! Using computers!" Because, you know, Asians are good at math, or something.

              Ahhh, so that's why they're attacking with logarithms.

        • I think US agencies have been caught assonating plenty. They aren't even picky about whose soil it is.

        • As the US squandered trillions in the middle east over the past 20 years

          that's not how the US economy works.

      • by boskone ( 234014 )

        I expect the three letter agency bringing them the most fear is the FSB

      • by Lyance ( 7545382 )
        Well they would, if they weren't too busy hunting for grandmas who walked around in the capitol on the 6th.
        • >if they weren't too busy hunting for thankfully incompetent morons who illegally entered the capitol on the 6th in a failed coup attempt including planned executions, that resulted in deaths.

          FTFY.

          • by Cederic ( 9623 )

            You changed a factual statement into an unhinged conspiracy theory lie.

            Seek medical help. It's not too late for you.

    • When a hacking group has to release a public statement, you know the shit hit the fan. I do not envy these dumbasses, someones getting burned for this.

      Yup, and we may never hear of it, or them, again. These things can get 'fixed' quietly..

  • Cute (Score:5, Insightful)

    by Sebby ( 238625 ) on Monday May 10, 2021 @11:32AM (#61369402)

    "Our goal is to make money, and not creating problems for society"

    Tell that to the hospitals that got attacked with ransomware.

  • Geez, even hackers are afraid of cancel culture! First political correctness takes over our media and college campuses, now it takes over our criminal organizations. Is there no place safe for freedom loving patriots any more! :)
  • "We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,"

    "No, it's alright, sir. We don't morally censor you; we just want the money."
    https://youtu.be/hdtWEVevHak [youtu.be]

  • by istartedi ( 132515 ) on Monday May 10, 2021 @11:44AM (#61369460) Journal

    Thank-you for using Danegeld Services. Your call is important to us. Please hold for the next available operator.

  • and??? (Score:5, Insightful)

    by xanthos ( 73578 ) <[xanthos] [at] [toke.com]> on Monday May 10, 2021 @11:45AM (#61369464)
    as a sign of how sincere they were the ransomers published the crypto keys used in the attack. No? Well that settles that then.
    • They might not have the keys. I suspect someone with enough knowledge to be dangerous got lucky or unlucky depending on the situation. If you do pay the ransom there is no guarantee you get your data back.

  • Destroy a hospital's records and patients die? No problem.

    Mess up a police department or a city? Sucks to be them.

    Mess with US oil supply? Your family is checking the value of your insurance policy. Past measures range up to and including invading a country on the other side of the world, and bringing in a bunch of allies for good measure.

    These guys are done.

    • by v1 ( 525388 )

      The USA has a well-established track record of mobilizing to secure their supply of cheap Oil, I don't see this as changing any time soon.

      check each company that our partners want to encrypt

      "oops, we attracted more attention than we intended to!"

      I still find it a bit surreal though that they refer to their "partners", reminds me that this is how Organized Crime works - it's not run like a chaotic group of thieves, or even like a business. It's more on the level of a Corporation. And I don't see how someth

  • I wonder if these guys also have a bargain price on the Brooklyn Bridge?

  • ATTENTION DUMBASSES IN CONTROL OF THE GOVERNMENT RIGHT NOW: Make it against the law to pay ransoms. The end. That's it for ransomware attacks in the US. They're done. Nobody in their right mind would attack us because there's a 99% chance they're not getting paid.

    And while you're at it, companies, stop hiring dumb boomers who don't know how to user a computer who open fake PDF attachments or at least give them some training and if they refuse to learn new things involving computers, fire them.
    • You're making the assumption that these groups who are perpetrating these attacks are just garden-variety criminal organizations looking for a payday and not state-sponsored cyberwarfare units testing out their capabilities, or perhaps would-be cyberwarfare units showcasing their abilities in order to become state-sponsored. I'm not convinced.
    • by Thaelon ( 250687 )

      Because once drugs were illegal everyone stopped buying them.

  • One way to look at the ethics of this is that "criminal hacking groups" are security consultants who name their own price for penetration testing.

    Just as with penetration testing by legit consultants, the benefits will be that policies and practices will be reformed and improved, systems will be hardened.

    An argument could be made to decriminalize intrusion whenever the loses are only financial. That hackers, when identified, should be subject to only civil fines equal to the amount they stole or ransomed.

  • When all these ransomware attacks were just this-or-that company and just wanting a pouchfull of bitcoins, everyone just shrugged it off as random crime, nothing to worry about, what could POSSIBLY go seriously wrong, meanwhile I'd been thinking that these were just proof-of-concept attacks showcasing their ability to successfully attack large important targets, and that whenever they felt like it, they could do the same to critical infrastructure and wreck the entire country. This oil pipeline company is j
  • As a matter of interest, how did they hack in?
  • "Our goal is to make money, and not creating problems for society," the statement continues.

    Then get a job and do legitimate work that doesn't create problems for society -- opposed to what you're doing now literally does.

    • I assume you would say the same to the pipeline company and it's workers too, right? Unless you think that the pipeline and it's workers don't cause problems for society? ...

          *450ppm Co2* *shovels coal into ovens* *burns fossil fuels* *claims just following orders* *waits for whataboutism response*

  • If you want a shortest-path to finding yourself in extradition treaties, attacking a first-world country's energy supply is a pretty quick way to get there.

    I would imagine even Russia would be happy to give these guys up, just to show they didn't have anything to do with it - they really want to continue exporting energy to Europe, and don't need counterattacks on their own pipeline infrastructure, or increased sanctions and headwinds.

  • by Koreantoast ( 527520 ) on Monday May 10, 2021 @02:22PM (#61370062)
    The moment you realize you accidentally crossed the line from a criminal nuisance to a terrorist threat that threatens to bring the weight of the US government down upon you. Organizations like this are probably okay when they are simply deal with local law enforcement and some Federal support for "mere" criminal activity. When you become a terrorist however, you start getting the direct attention from the intelligence services, Federal law enforcement, Treasury, and the military which can make your life much more difficult. Essentially, organizations that have the resources to identify you, track you down, freeze your assets, cut you off from the financial sector, scoop you up with collaboration from your local enforcement, or, if you're in the wrong country, put you on the receiving end of drone launched Hellfire missile. Unless you have the protection of organized crime syndicates with the resources to directly challenge states (think drug cartels), probably not a good place to be.
  • Yeah, we're criminals, but we think we just bit off more than we could chew and now the big dogs are after us.
  • Maybe they were also able to place a "bet" on a spike in prices on the futures market? No idea if they could move such hypothetical profit around untraceably afterwards.
  • All they have to do to make nice is to post the password to the ransomware.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...