Pipeline Hackers Say They're 'Apolitical,' Will Choose Targets More Carefully Next Time

The criminal hacking group suspected of being behind the ransomware attack on the Colonial Pipeline, which was shut down as a precaution in response, has published a new statement on its dark web site saying it is "apolitical." From a report: "We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives," the statement from the DarkSide ransomware group reads. The statement did not explicitly point to the Colonial Pipeline incident, but it was titled "About the latest news." Various outlets have reported that U.S. officials and private industry say DarkSide is behind the ransomware event. Dmitry Smilyanets, a cyber threat intelligence expert from cybersecurity firm Recorded Future, tweeted a screenshot of the statement on Monday. Motherboard verified the statement is available on DarkSide's dark web site. "Our goal is to make money, and not creating problems for society," the statement continues. The statement also indicated that the group may be making changes to how it operates and chooses targets. "From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future," it read.

Oops

[Registered Coward v2]

We painted too big of a target on our back; please forget about us, OK?

Re:Oops

[JaredOfEuropa]

More like "please don't accuse our masters of any wrongdoing"

Re:

[sound+vision]

There's no defense spending that would take care of this. The solution is not opening your industrial systems up for Remote Desktop connections.

I guess they could throw out a 2 million dollar contract for someone to install McAfee. But they do that kind of thing regularly anyway, without needing to engineer a complex false-flag operation. All they need is a Powerpoint that says "cyber" a lot.

Re:

[gweihir]

Remote desktop is not the problem. Crappy insecure Microsoft remote desktop is.

Re:

[hawguy]

Remote desktop is not the problem. Crappy insecure Microsoft remote desktop is.

Do you think they'd be better off with a VNC server?

The better solution would be a SCADA system that's built to allow limited (and audited) remote control instead of taking a system that's meant only for on-site engineers for use in a secured control room and putting it on the internet with nothing but a simple remote desktop password to protect it, since once they through that password, they have full control do do anything someone sitting on-site can do. Even a firewall that requires a 2FA protected VPN

Re: Oops

[Darinbob]

It's not clear that SCADA systems were involved. There are hints that the pipeline was ok, but that they were shut down anyway as a precaution.

Also it's not a typical ransomware that threatens to wipe your hard disk unless you pay; the threat here is that they want to expose all the records, a threat that exists even if there are proper backups and files are restored. Ransomware isn't even a good word anymore, it's just plain extortion.

Passwords are old school, need something better, and 2FA isn't really it. Instead a some industrial networks or infrastructre rely on certficates. The certificate might only begood for one day of 10 transactions, thus preventing a single disgruntled employee from screwing up the entire system, or shutting off service to the ex. But trying to explain such a system is complex when even the average IT guy thinks that merely using longer passwords will solve the problems.

Re:

[gweihir]

Sorry, but 2FA definitely is it. Yes, it is expensive, and yes, you need to carry a token. But that is the only thing that works.

Re:

[Darinbob]

Well, in the scenario I had, you carry a "token" but it's not a phone or dongle, instead it's your laptop or handheld that has a limited time cert that expires at the end of the day automatically. That's *better* than 2FA. 2FA is an IT thing, good for protecting your account login access but clumsy or insecure in other ways. Ie, do you use your personal phone, or the company supplied phone for network router #1, or the company supplied phone for for pipeline shutdown valve #2, or... The laptop is in a se

Re:

[gweihir]

Actually, what you describe is far worse than 2FA. If anybody attacks that device successfully, then they gets free reign for the validity period of that cert. Extremely bad. 2FA never gives anybody that. All they can do is take over an existing connection and that is really hard to do or impossible without getting noticed.

But I do now know you are not a security expert. Sales?

Re:

[Darinbob]

I'm not an in-depth expert but I have developed for security and managed a security team involved in industrial uses. Irrelevant though, more important is that I know how state of the art security is done in practice with industrial IoT and standalone devices. Yes, there are a lot of insecure industrial devices but the trend is changing and the customers are demanding security. They use PKI, the cornerstone behind DTLS, TLS, SSL or other protocols in common use on secure industrial devices that don't have

Re:

[gweihir]

Remote desktop is not the problem. Crappy insecure Microsoft remote desktop is.

Do you think they'd be better off with a VNC server?

Not really. But look at X forwarding over SSH and you get an idea what is actually possible and should be state-of-the-art.

Re:

[AmiMoJo]

Remote Desktop is fine. The problem is the way people configure it. Open to the internet and just a password to connect. No enforcement of certificate checks.

Re:

[gweihir]

And then you look at thinks like X forwarding over SSH and realize "open to the Internet" is not a problem and neither is "just a password to connect". Of course, this assumes the default certificate checks in SSH have not been disabled, because software in the UNIX space tends to give you that option as it assumes you know what you are doing.

Face it, security-wise, the whole MS world is 20 years behind.

Re:

[AmiMoJo]

You could be crazy to have SSH open to the internet with just a password and no additional protection.

Some kind of rate limiting as a minimum, ditch passwords and use public key crypto. Make sure the certificate of the machine you are connecting to matches the ones you expect.

Re:

[gweihir]

Nope. Have been doing it for 20 years. It is not a security concern if you either have good passwords or use certificate authentication, which is really easy with SSH. The server certificate gets checked automatically after first login and you get warned if it changes. When you have high security needs you may want to check the server cert fingerprint on first login or get it via some side-channel. Also note that sftp is ftp over ssh and it is the usual solution in security-conscious industries to send file

Re:

[AmiMoJo]

So how mad was the scramble to patch 10,000 machines when CVEs were found in the SSH servers?

Re:

[invid]

Russian Troll sounds like Russian Troll.

Re:Oops

[timholman]

We painted too big of a target on our back; please forget about us, OK?

These slimeballs have attacked plenty of critical infrastructure in the past, including hospitals. They aren't just apolitical; they are absolutely immoral.

I have to wonder what has happened behind the scenes to cause them to publish this message. Maybe they have received some anonymous emails along the lines of "We know who you are"? Maybe one or two of their members have suddenly vanished and can no longer be contacted?

The U.S. does not lack the resources or capability to retaliate. All it takes is sufficient motivation to strike back, and these guys may have finally crossed that line.

Re:

[Anonymous Coward]

Don't forget that if they are Russian backed or Chinese backed, their government may not be happy with additional focused attention and then disappear anyone in group who was compromised.

Re:

[93 Escort Wagon]

I would guess the Little Spymaster has told them to knock it off - taking out a major pipeline could cause problems for *him*.

Re:

[Salton Pepper]

Yeah, they didn't waste any time trying to distance themselves from their government: "Hey guys: just to make it clear, we definitely aren't working for the Kremlin".

Re:

[invid]

I'm sure someone from the US State Department talked to someone at the Russian State Department and was like, "Hey, um, you know Biden is really pushing infrastructure and, uh, there was already all this election interference and, we're already worried about inflation and...eh, this is just too much. I mean, like, we're going to have to raise gas prices and it's a Russian hacking groups fault and of course everyone's going to blame Putin. Now, Ukraine would really like to be a part of NATO and we haven't be

Re:Oops

[Anubis IV]

I have to wonder what has happened behind the scenes to cause them to publish this message.

I imagine there was a conversation like this.

[Scene: A dark room in an unknown location. Laughter and voices speaking Russian can be heard. Vodka is flowing freely as everyone is cheering something.]

Leader [in Russian]: Congrats, team! This is our biggest haul yet. We'll be raking in...

[The Leader's phone rings. The screen indicates it's his wife. He answers it.]

Unknown Male Voice on the Phone [in Russian]: Stop it.

Leader: Who is...

Unknown Voice: We know you, Andrei Ivanov, age 46, born August 24, 1972, to Ivan and Tatiana Ivanov. You reside at 505 Gargarin Avenue with your wife, Ilya, and 10 year-old daughter...

Leader/Andrei [angrily]: If I...

Voice [not pausing in the slightest]: ...Natasha. It's Monday. Your daughter is usually home with your wife after school at this time, but for the last four months she's been spending the second Monday of each month with her friend, Katerina, so that your wife can have some alone time with your neighbor [sound of rustling papers in the background] Yuri. Your mother is not well. She has undiagnosed pancreatic cancer and won't live through the week.

Andrei [eyes going wide]: Wait, I...

Voice: We've tolerated you and your DarkSide, Andrei, but the US is calling this an act of war. They demand concessions. Heads will roll. When I next speak with our leader, do you know whose name I will give when he asks who did this?

Andrei [gulping]: Mine?

Voice [cutting off the response before Andrei can complete the word]: Yours. Unless...

Andrei: Yes?

Voice: ...you target who we tell you, when we tell you. You belong to us. DarkSide belongs to us. You are ours.

Andrei: But I...

Voice: Of course, we have some vacancies at our finest Siberian establishment for you and your family, if you have any objections?

Andrei: No, I just...

*click*

[the rest of the group looks on for a second, before finally breaking the silence]

Onlooker: Andrei, what was that?

[Andrei stares at the phone for a moment, then looks up and answers]

Andrei: My whore of a wife is sleeping with my neighbor!

Re:

[Anubis IV]

It’s the 21st century. No judgment here.

>_>

Definitely not a mistake. Nope.

Re:

[Whateverthisis]

It's obvious what happened; it's no mystery. This disrupted energy across the entire US Eastern seaboard. The FBI got involved. Darkside looks like a group that is technically run-of-the-mill, but seems to have extreme operational efficiency in their attacks (evident in how much pre-op it's clear that they do; their attacks have a rather large amount of personal information regarding the companies they target). That means one thing: they're out to make financial gain just as they said. There's no polit

Re:

[hdyoung]

What happened behind the scenes? Its simple. Really, really, REALLY simple. In the US, most people give exactly zero f&*&s about critical infrastructure until it hits them directly in the pocketbook. Hospitals? Pffff those are for dumb sick liberals. I'll just huff some lysol and I'll will be fine. Roads? As long as its not in MY state, I couldn't care less. Government secrets? Pfff all fake news anyway.

But if you mess with my gasoline price, buddy you better be ready for nuclear war. You do NO

Re:

[lessSockMorePuppet]

More like, oops, we accidentally your country.

That's a power play. "Nope, not even deliberately, just kind of as an afterthought."

Re:

[Jodka]

We painted too big of a target on our back; please forget about us, OK?

Security by threat of retaliation should be discredited for the same reason as security-by-obscurity; Neither is a calculably certain guarantee of information security.

Law enforcement should focus less on retaliation and institutions more on prevention.

Re:

[gweihir]

Pretty much what I thought. If these people ever get caught, they probably will die in prison and they seem to realize that.

Re:

[Darinbob]

They are merely making money the old fashioned way. They take it. So very patriotic.

Re:

[enigma32]

What are you even talking about?

No one was murdered here. Someone pointed out that the US might be hunting whoever did this attack ("I'd start checking the sky for drones"). I think it's unlikely that they'll be killed; we haven't really seen that with any hacking groups yet. It's more likely that there would just be further escalation in the US-Russia situation.

Furthermore, I don't know many (read: any) Americans that support murdering unconvicted people, especially if it's not clear that the facts are pro

Re:

[inode_buddha]

"Furthermore, I don't know many (read: any) Americans that support murdering unconvicted people, especially if it's not clear that the facts are properly understood."

And yet, both Obama and Clinton openly admitted to doing so, and people voted for them. I'm sure that many if not all other leaders have done likewise.

Re: Oops

[Linux Torvalds]

Cry some more, loser. Maybe that'll help.

Putin is the head of the Russian Mafia

[Anonymous Coward]

The Underpants Poisoner calls the shots for the Russian mafia. You can't even open a bar in Russia without the Russian government onboard.

You think the Russian mafia figures who orchestrated this attack on critical American infrastructure fear the Russian police? Hell no. They are the Russian security service.

Russia is a mafia state, and the mob helps Putin and his allies suck up Russia's wealth.

Lock Him Up.

Re:Putin is the head of the Russian Mafia

[sarren1901]

You can't open a bar in American without the government allowing it either.

Re:

[inode_buddha]

Fucking idiot, you can't open a bar in America without the government in on it either. It's call "liquor license" and "taxes" and "incorporation".

Thieves with a social conscience

[ITShaman]

Nice to know they don't mean to "cause any problems for society". Last time I checked, preventing transport of essential goods and services doesn't fall into that category...

Re:

[Ed Tice]

Well you know global thermonuclear war might interrupt their revenue stream.

Re:

[DarkOx]

So the question is who do they think they can attack that wont 'cause any problems for society' granted not attacking critical infrastructure might have less immediate and less acute consequences for 'society' its not like other crime is inconsequential.

Do they think the cost of things like umbrella insurance don't go up for everyone else when the knock over a business?

Re:

[Krishnoid]

I think the third time anyone attacks national/regional infrastructure with obvious visibility and real effects, everyone from the government, to the insurers, to C-levels at companies will start taking cybersecurity regulatory considerations/actuarial calculations/enterprise security and backups *much* more seriously.

This is like having someone asking for directions come onto your porch, put their foot through a rotten plank, and then pointing the finger at them for causing the broken board. The single

Re:

[Cederic]

Third? This is what, the 800th? Or the 8000th?

Taking this stuff seriously is expensive and difficult. Companies that have multi-layered defences covering multiple attack vectors with up to date software, monitoring and detection, teams doing nothing more than testing, validating, verifying and looking out for this stuff and a vast profit munching budget behind all of that _still_ get compromised.

Organisations run by people that can't even switch on a fucking iPad? Not a fucking chance.

Privatize it

[Lab Rat Jason]

It seems to me, that these ransoms are big enough now that someone could turn the tables by simply publishing a bounty... 50% of the ransom will be paid to the person who rats out his comrades. First one to squeal wins, and if that person cannot be brought to justice via international treaties, then perhaps we let the rules of war apply.

I'm sure there are lots of security researchers in the US who have the skills to identify these guys, but just lack the proper motivation. And for any of you who think "the government can't do this, why do you think anyone else could" I preempt your statement with "our government was unable to secure the OPM, as well as FermiLab... they are absolutely incompetent."

I say the government should hand this off to the private sector just like the government has basically ceded space launches to the private sector. As Dan Aykroid said in the original Ghost Busters "I've worked in the private sector... they expect results!"

Re:

[postbigbang]

Ransomware was never fun, and TOR exit nodes are now well-understood and each ring of the onion becomes revealed.

Slowly, the circle gets smaller, and crypto account movements become known, and the trails get more hounds, and then something happens. It is, as it always has been.

Re:

[DarkOx]

What happens when someone says - oh sure it was me and Biff, Raj, and Sam over here were my conspiritors give me the $100k and shoot them!

Or if some security researcher who is on the up and up just gets it wrong?

Re:

[Lab Rat Jason]

In Mother Russia, we shoot them. In the good 'ol U S of A we try them first, then shoot them. Hopefully the trial will weed out the liars. I admit it's a messy business.

Re:

[Krishnoid]

I bet the Russians have figured out multiple ways around this already. Many of them are very smart, and have had decades more experience in working the angles in a system that doesn't always work according to its stated rules.

Re:

[cordovaCon83]

I'm sure there are lots of security researchers in the US who have the skills to identify these guys, but just lack the proper motivation.

Being a hacker bounty hunter sounds pretty cool at first glance. Then I realized that some of these hackers are funded by nation states and cartels.

Re:

[93 Escort Wagon]

It seems to me, that these ransoms are big enough now that someone could turn the tables by simply publishing a bounty... 50% of the ransom will be paid to the person who rats out his comrades.

Wasn't that the plot of a Mel Gibson movie [imdb.com]?

Ransomware is organized crime

[rsilvergun]

Often with state backing. If you rat out your fellows the leadership kills you.

Near term the only solution to ransomware is better security. Long term it's better foreign policy.

Re:

[Lab Rat Jason]

Those were two separate operative statements. One: Rat out your team for some $$$. Two: First one to squeal wins (anybody who can unmask them gets paid.

I apologize for being unclear. I'm just thinking that the humble honey pot is still a nascent art with many decades of life ahead of it. Stow a custom URL, fake credentials, etc. on every device you need to defend, and instantly, the criminal can't know what info leads to a payday, and which info leads to prison. The uncertainty is what makes it fun! ;)

well, that's that then

[cascadingstylesheet]

If you can't trust pipeline hackers, who can you trust?

Re:

[sarren1901]

It was mostly peaceful. Probably about as peaceful as Portland I suppose. Glad I don't live in either of those areas.

Ransomware is terrorism

[couchslug]

That justifies killing the perps without warning. Humans only respect what they fear.

The pipeline attack was an act of war.

Re:

[Cederic]

While I'm confident Biden is stupid enough to drone strike someone in Russia, I'm fairly sure his handlers want a more subtle escalation of hostilities.

too little, too late

[mr.dreadful]

When a hacking group has to release a public statement, you know the shit hit the fan. I do not envy these dumbasses, someones getting burned for this.

Re:too little, too late

[Baron_Yam]

This is bad enough that you'd expect three-letter agencies to be aggressively hunting the people involved, not just updating a case file, and having access to the kind of resources you need to actually find them.

They should very much be scared, no matter what country they're in. Hell, their own country might just want to make them disappear.

Re:too little, too late

[sdinfoserv]

And our 3 letter agencies can do exactly what? Assonate on Russian soil? hardly. Remember our own NSA got owned, as well as OPM, which combined are some the worst hacks in US history. If the US actually went to war against a technology superpower like China or Russia, it would be over in about 3 minutes and the US hegemony would come to a instant end. As the US squandered trillions in the middle east over the past 20 years, the Chinese spent similar amounts on infrastructure, technology and treaty building (the direct opposite of "America First").. All US military is dependent on 50 year old, vulnerable GPS, while the Chinese have built a secure alternative. I suggest you read or watch historian Alfred McCoy
He describes a probable outcome of the next world war: @ 35.30 https://www.youtube.com/watch?... [youtube.com]

Re:

[Baron_Yam]

Identify them (which is bad enough if they're state operatives), and personally sanction them anywhere that uses a US bank or US dollars. Request their extradition to the US to face charges and make sure their government understands the sanctions that will come down if the request is refused. There are other nations where they could be from that are simply either friendly or rely on American support one way or another.

They don't have to do anything that would make a good spy/action movie to be a scary th

Re:

[sdinfoserv]

nice try, but Russia refuses to extradite it's citizens. : https://apnews.com/article/c51... [apnews.com] , If the US flexes too much financial might resulting in potential financial insecurity of another superpower, we risk the world leaving the dollar as it's reserve currency. That would result in an immediate GDP contraction and multi-decade depression.

Re:

[DaveV1.0]

we risk the world leaving the dollar as it's reserve currency.

Not really. That would be a massive infrastructure change which would be even more disruptive than sanctions on Russia.

Re:

[sabbede]

That's why the US shouldn't take direct action, the pipeline company should. If the US government abducted Russian citizens, that would get messy. If a private company hired a foreign "security" company to reclaim their property and a ransomware gang happened to end up dead or in custody, well, that's just too bad.

Re:

[DaveV1.0]

Assonate on Russian soil?

Yes. They can do exactly that and make it look like an accident or a hit by the Russian mob, or just pay the Russian mob to do their dirty work for them. . And, the Russians know they can't scream too loudly about it because they have done assassinated people on foreign soil including in the U.S.

Re:

[DrSpock11]

The US has made abundantly clear that they can and will kill targets that pose an active threat to the US regardless of where they are located. Just ask Bin Laden and Soleimani. If some Russian hackers were to mysteriously turn up dead there is little Russia could officially do or complain about, as they claim to have no knowledge of these people in the first place.

Re:

[couchslug]

" All US military is dependent on 50 year old, vulnerable GPS,"

Except it isn't and INS among other options is retained as backup. Small IMUs are big business (too bad they've not made it to phones...yet).

Re:

[enigma32]

All US military is dependent on 50 year old, vulnerable GPS, while the Chinese have built a secure alternative.

Do you know what you're talking about? Military GPS is not vulnerable in the way that you think it is.

Then, from the video:

Beijing's quantum satellite system, equipped with super-secure photon transmission, proves impervious to hacking.

So, using laser communications instead of microwave makes things impervious to hacking?

An armada of bigger, faster supercomputers ... blasts back with impenetrable logarithms of unprecedented sophistication.

How does he figure that China is so far advanced in cyber-warfare compared to the US? Evidence? None given.
China knocks out US missiles mid-flight somehow with computer code?
Heads-up-displays in F-35s are taken out by China with a virus?

This guy should stick to history. He clearly has no idea how tech

Re:

[Lost Race]

Beijing's quantum satellite system, equipped with super-secure photon transmission, proves impervious to hacking.

So, using laser communications instead of microwave makes things impervious to hacking?

Microwaves are photons too. Maybe Quantum Entanglement WooWoo Magic?

That dude used an awful lot of techno babble to say, "China gonna kick yo ass! Using computers!" Because, you know, Asians are good at math, or something.

Re:

[enigma32]

"China gonna kick yo ass! Using computers!" Because, you know, Asians are good at math, or something.

Ahhh, so that's why they're attacking with logarithms.

Assonate

[ahoffer0]

I think US agencies have been caught assonating plenty. They aren't even picky about whose soil it is.

Re:

[nagglerdamus]

As the US squandered trillions in the middle east over the past 20 years

that's not how the US economy works.

Re:

[boskone]

I expect the three letter agency bringing them the most fear is the FSB

Re:

[Lyance]

Well they would, if they weren't too busy hunting for grandmas who walked around in the capitol on the 6th.

Re:

[Baron_Yam]

>if they weren't too busy hunting for thankfully incompetent morons who illegally entered the capitol on the 6th in a failed coup attempt including planned executions, that resulted in deaths.

FTFY.

Re:

[Cederic]

You changed a factual statement into an unhinged conspiracy theory lie.

Seek medical help. It's not too late for you.

Re:

[HiloJoe]

When a hacking group has to release a public statement, you know the shit hit the fan. I do not envy these dumbasses, someones getting burned for this.

Yup, and we may never hear of it, or them, again. These things can get 'fixed' quietly..

Cute

[Sebby]

"Our goal is to make money, and not creating problems for society"

Tell that to the hospitals that got attacked with ransomware.

Re:

[Lost Race]

"Our goal is to make money, ..."

s/m/t/

They're not making anything but trouble.

Re:

[sabbede]

Their very existence is a problem for society!

Political Correctness Run Amok!

[Somervillain]

Geez, even hackers are afraid of cancel culture! First political correctness takes over our media and college campuses, now it takes over our criminal organizations. Is there no place safe for freedom loving patriots any more! :)

Re:

[93 Escort Wagon]

They're probably afraid of a significantly harsher version of "cancel culture".

Behind the hot water pipes, 3rd washroom along

[Impy the Impiuos Imp]

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,"

"No, it's alright, sir. We don't morally censor you; we just want the money."
https://youtu.be/hdtWEVevHak [youtu.be]

Thank-you for using Danegeld Services

[istartedi]

Thank-you for using Danegeld Services. Your call is important to us. Please hold for the next available operator.

and???

[xanthos]

as a sign of how sincere they were the ransomers published the crypto keys used in the attack. No? Well that settles that then.

Re:

[ArchieBunker]

They might not have the keys. I suspect someone with enough knowledge to be dangerous got lucky or unlucky depending on the situation. If you do pay the ransom there is no guarantee you get your data back.

Messing with US oil? That was stupid.

[Boring_IT_Guy]

Destroy a hospital's records and patients die? No problem.

Mess up a police department or a city? Sucks to be them.

Mess with US oil supply? Your family is checking the value of your insurance policy. Past measures range up to and including invading a country on the other side of the world, and bringing in a bunch of allies for good measure.

These guys are done.

Re:

[v1]

The USA has a well-established track record of mobilizing to secure their supply of cheap Oil, I don't see this as changing any time soon.

check each company that our partners want to encrypt

"oops, we attracted more attention than we intended to!"

I still find it a bit surreal though that they refer to their "partners", reminds me that this is how Organized Crime works - it's not run like a chaotic group of thieves, or even like a business. It's more on the level of a Corporation. And I don't see how someth

Bridges for sale?

[baomike]

I wonder if these guys also have a bargain price on the Brooklyn Bridge?

I can't make this more clear

[slashmydots]

ATTENTION DUMBASSES IN CONTROL OF THE GOVERNMENT RIGHT NOW: Make it against the law to pay ransoms. The end. That's it for ransomware attacks in the US. They're done. Nobody in their right mind would attack us because there's a 99% chance they're not getting paid.

And while you're at it, companies, stop hiring dumb boomers who don't know how to user a computer who open fake PDF attachments or at least give them some training and if they refuse to learn new things involving computers, fire them.

Re:

[Rick Schumann]

You're making the assumption that these groups who are perpetrating these attacks are just garden-variety criminal organizations looking for a payday and not state-sponsored cyberwarfare units testing out their capabilities, or perhaps would-be cyberwarfare units showcasing their abilities in order to become state-sponsored. I'm not convinced.

Re:

[Thaelon]

Because once drugs were illegal everyone stopped buying them.

Pragmatism

[Jodka]

One way to look at the ethics of this is that "criminal hacking groups" are security consultants who name their own price for penetration testing.

Just as with penetration testing by legit consultants, the benefits will be that policies and practices will be reformed and improved, systems will be hardened.

An argument could be made to decriminalize intrusion whenever the loses are only financial. That hackers, when identified, should be subject to only civil fines equal to the amount they stole or ransomed.

I've said before that shit like this would happen

[Rick Schumann]

When all these ransomware attacks were just this-or-that company and just wanting a pouchfull of bitcoins, everyone just shrugged it off as random crime, nothing to worry about, what could POSSIBLY go seriously wrong, meanwhile I'd been thinking that these were just proof-of-concept attacks showcasing their ability to successfully attack large important targets, and that whenever they felt like it, they could do the same to critical infrastructure and wreck the entire country. This oil pipeline company is j

How did the hack work?

[takionya]

As a matter of interest, how did they hack in?

Okay then...

[fahrbot-bot]

"Our goal is to make money, and not creating problems for society," the statement continues.

Then get a job and do legitimate work that doesn't create problems for society -- opposed to what you're doing now literally does.

Pipeline companies = no social problems, right?

[bd580slashdot]

I assume you would say the same to the pipeline company and it's workers too, right? Unless you think that the pipeline and it's workers don't cause problems for society? ...

    *450ppm Co2* *shovels coal into ovens* *burns fossil fuels* *claims just following orders* *waits for whataboutism response*

"We won't step on any more land mines. Promise."

[MachineShedFred]

If you want a shortest-path to finding yourself in extradition treaties, attacking a first-world country's energy supply is a pretty quick way to get there.

I would imagine even Russia would be happy to give these guys up, just to show they didn't have anything to do with it - they really want to continue exporting energy to Europe, and don't need counterattacks on their own pipeline infrastructure, or increased sanctions and headwinds.

From Criminal to Terrorist

[Koreantoast]

The moment you realize you accidentally crossed the line from a criminal nuisance to a terrorist threat that threatens to bring the weight of the US government down upon you. Organizations like this are probably okay when they are simply deal with local law enforcement and some Federal support for "mere" criminal activity. When you become a terrorist however, you start getting the direct attention from the intelligence services, Federal law enforcement, Treasury, and the military which can make your life much more difficult. Essentially, organizations that have the resources to identify you, track you down, freeze your assets, cut you off from the financial sector, scoop you up with collaboration from your local enforcement, or, if you're in the wrong country, put you on the receiving end of drone launched Hellfire missile. Unless you have the protection of organized crime syndicates with the resources to directly challenge states (think drug cartels), probably not a good place to be.

In other words...

[CRB9000]

Yeah, we're criminals, but we think we just bit off more than we could chew and now the big dogs are after us.

Could they also have played the stock market?

[Babel-17]

Maybe they were also able to place a "bet" on a spike in prices on the futures market? No idea if they could move such hypothetical profit around untraceably afterwards.

easy to fix

[mcswell]

All they have to do to make nice is to post the password to the ransomware.

Re:

[mcswell]

Major Strasser has been shot.
Round up the usual suspects.
--Captain Louis Renault