The cyberattack that showed the fragility of the United States | International

This week the United States relived scenes it hadn’t seen since the oil turmoil of the 1970s: endless lines at gas stations and gas stations limiting purchases or announcing that they had fallen to zero. The Colonial Company’s large pipeline, one of the country’s main energy arteries, closed on May 7, Friday, following a computer attack, and for the first time had to shut down completely, putting 45% of supply. Fuel Checks Across the Country’s East Coast Panic over fuel shortages has prompted millions of East Coast citizens and businesses to refuel, increasing demand and exacerbating supply problems.

Several states, such as Florida and Georgia, have declared states of emergency in order to take exceptional measures. The average price of a gallon hit three dollars (2.47 euros), the highest since 2014. Authorities were quick to warn consumers who intended to fill up with gasoline at the help from bags, given that the cans were low, and the federal government had to adopt emergency measures, such as the suspension of environmental requirements and the Jones Act on Maritime Commerce – which requires ships to be American – to resolve supply issues.

This whole mess has taken place despite the fact that, as the Bloomberg agency and the newspaper published it The Wall Street JournalColonial paid the cybercriminals a ransom of around $ 5 million in cryptocurrency on the day of the attack so they could operate again. DarkSide, as the group behind the outrage is calling it, is one of those criminal organizations that are dedicated to cyber-kidnapping critical data from a business or institution that they only disclose in exchange for ‘a payment. This is what we call in technological jargon ransomware: they use malware (malware) to penetrate systems, they encrypt sensitive information and sell a tool to decrypt it. They happen every day without anyone knowing, companies don’t want to reveal them for reputation reasons, and criminals don’t want to be noticed.

But on Friday of last week, DarkSide launched into Colonial and unleashed the largest known cyberattack on energy infrastructure in the United States, an offensive that had a dramatic impact on the real world. He succeeded in crippling more than 8,000 kilometers (5,500 miles) of pipes that connect Texas to New Jersey, shaking markets and the vulnerability of the world’s greatest power to a criminal civilian gang, in principle unrelated to a government, despite the experience of recent years and efforts to improve cybersecurity.

Padraic O’Reilly, one of the founders of CyberSaint Security, an expert in the energy sector and other critical infrastructure, warns that the danger is increasing. “The real world is going digital and the pandemic has also forced greater virtualization of the tangible world, which it does by exposing physical systems to the network,” he says. Added to this is that 85% of critical infrastructure in the United States “is in private hands, that’s a lot, and private companies have an incentive to look at short-term results and not always provide security as much as they can. ‘they need it. “. In the case of the pipeline, O’Reilly believes that “something went off the rails this time, [los criminales] they have gone too far ”. “What’s striking about this whole thing is that they had to shut down the pipeline,” he explains, “it’s one thing to steal a movie or block medical records from a hospital, but it does not spread to an entire sector of the economy, like this time on the east coast ”.

DarkSide, which boasts of not attacking hospitals or schools, made some sort of apology on Monday, assuring that its aim is “to make money, not to create problems for society.” In a statement that referred to the Spanish comedian Miguel Gila, whose popular gag consisted of phone calls to the enemy to agree on time and where to attack, the group pledged to “introduce moderation and check every business that our partners want to encrypt to avoid social consequences in the future ”.

They did not transcend the line spacing of the whole episode. According to the version Bloomberg obtained from sources familiar with the process, on condition of anonymity, Colonial paid the ransom within hours of the cyber-hijacking of the data and DarkSide gave him the necessary computer tool to decrypt it, but it was very slow. and the company also had to use their own collateral. At the time, the company claimed it had stopped the operation to prevent the virus from spreading throughout its system. As for paying the ransom, of course, he didn’t say that this mouth was mine. The figure that has emerged, those close to five million dollars, represents an exponential leap towards the most common cases to date.

There are different estimates on this small industry of cyber data hacking. According to information from security firm Emsisoft, there are about two dozen large groups in the company and last year they transferred up to $ 18 billion in ransoms around the world, an increase of 80 % compared to 2019, driven in large part by this virtual impetus. of economic and human activity that the pandemic has signified. Another firm, Chainanalysis, estimates that 406 million were paid in cryptocurrencies, a balance so uneven that it gives an idea of ​​the spread of this world. There is, however, a consensus on the trend: it is upward.

“Everything is becoming more and more connected and as a result what we call the attack surface is increasing. The United States is a very advanced country and therefore also very connected, which is why it offers a wide spectrum. When a company or an institution undergoes such an operation, if it does not have good safeguard systems [backup], well updated, they have no other means than to pay the ransom ”, explains César Cerrudo, pirate and CTO for IT security firm IOActive.

For Biden, the case opens different fronts. The shock of those days has been ammunition for the Republican opposition, which blames it for canceling the project of the new Great Keystone pipeline, a project controversial because of its environmental impact. And the promotion of the electric car, one of the basic measures of the environmental plans of the countries, widens what César Cerrudo calls the “surface of attack” of the criminals. The Democrat has to deal with Russia because the criminal group is seen to be resident in that country and Biden wants the Kremlin to act.

This week, he signed a cybersecurity decree that roughly requires outsourcing companies to step up their measures. Work began precisely following the massive cyberattack that several federal agencies suffered last year and which Washington attributes to Moscow. Ukraine has also accused Russia of attacking its electricity system in 2015 and 2016. And the Democratic Party’s email hacking during the 2016 presidential elections is still very much present. This time it was a group of criminals supposedly based in Russia, but seemingly independent of the government, and the actions transcended the physical world.

So far, pressure from the United States has led DarkSide to shut down its operations. In a statement sent to some media on Friday, he said the group would leave cyberspace within 48 hours. Experts believe, however, that they will come back under a different identity. Saying goodbye, DarkSide said, “Stay safe and good luck.”

Subscribe here to newsletter of EL PAÍS América and receive all the informative keys of the current situation in the region.