U.S. capital and 17 states enter a state of emergency

In the past weekend, a hacker attack caused the main oil pipeline in the eastern United States to be shut down, and the situation is still escalating. In order to prevent energy shortages, the Biden government announced on the 9th that the United States has entered a regional emergency and relaxed the land transportation of fuel products in multiple states. At present, many media have characterized this incident as the “most serious cyber attack” ever suffered by large-scale infrastructure facilities in the United States.

Strong concerns about rising oil prices

According to a report by the Financial Times on the 10th, the Biden government activated emergency authority on the 9th, lifting restrictions on road transportation of energy products in many parts of the United States, reducing the time limit for large-scale tankers and other vehicles, and ordering relevant units The transportation business can be arranged more flexibly. The measure covers 17 states in the United States including Texas, Maryland, Florida, Georgia, New Jersey, and New York, as well as the capital Washington-the District of Columbia. Most of these administrative divisions are located in the eastern United States, which is the area through which the “Colonial Pipeline Company” oil pipeline system that was attacked by hackers runs through. The U.S. Department of Transportation said in a statement that the move is aimed at coping with increased demand for the transportation of gasoline, diesel, jet fuel and other finished fuel products, and the government will provide assistance if necessary.

Agence France-Presse stated that the hacking incident has already had a certain impact on the US market: US oil prices rose by more than 1% on the 9th. Experts predict that if the fault cannot be eliminated in time, US oil prices will rise by 15% to 15% within a week or two. 20%, and may cause social “panic hoarding”. Some experts said that if the problem cannot be solved by the 11th, there may be panic grabbing oil in many places, including some small airports. “The suspension of operations for four or five days will cause the inventory of some oil depots in the east to bottom out.” North Carolina. A driver in the state said, “I’m doing two jobs, just want to feed myself…but the price of gas is too high and it’s too difficult.”

“Russian mysterious hacker group”?

Bloomberg said that the colony pipeline company that was attacked by the hackers is in charge of the energy transmission artery throughout the eastern United States. Its oil pipeline stretches for 8,850 kilometers and can transport fuel products from Texas to North Carolina, with a daily capacity of more than 3 million barrels. . The company said in a statement on the evening of the 9th that its four main oil pipelines are still closed and only a small number of small pipelines have resumed operations. The statement stated that the company will implement a “system restart,” but did not disclose when it will fully resume operations. The New York Times stated that because the company involved was privately owned, they were not open and honest about many details about the hacking incident. For example, a person familiar with the matter said that although the company insisted that it only learned of the hacking incident on the 7th of this month, the incident may have been going on for many days before, because the company had hired a well-known “Fire Eye” cyber security company early on. The latter has handled many hacking incidents involving Sony Pictures Entertainment and the federal government.

Although relevant investigations are still ongoing, CNN and many other US media quoted people familiar with the matter as saying that the initiator of the cyber attack was a “Russian mysterious hacker group” named “Dark Side”. Using malicious software to forcibly encrypt and hijack about 100GB of data in the fuel pipeline company’s computer system, causing the system to fail to operate normally. The hacker group threatened the company involved, saying that if the ransom is not paid, the company’s confidential data will be exposed on the Internet platform. The detection of such cases is often very difficult: hackers usually stay overseas to carry out attacks, and the ransoms requested are mostly paid in virtual currencies such as Bitcoin, which makes it difficult to find traces.

It is understood that the “dark side” was established in 2010. The organization known as “robbing the rich and helping the poor” has stated that it will not attack hospitals, nursing homes and educational institutions, and will use part of the ransom to “do charity.” The “dark side” admitted that they have attacked more than 80 European and American companies and extorted millions of dollars from them. Currently, the “dark side” has not mentioned the attack on the oil pipeline on its website.

The BBC reported that hacker groups such as the “dark side” have now formed a mature business model on the “dark web” platform. They are committed to developing more advanced malicious programs and rogue software, and training offline execution Cyber ​​attacks can also be drawn from the proceeds of offline. Not only that, there is also “commercial cooperation” among hacker groups. For example, a hacker named “login broker” collects the login information of various institutional systems, but does not carry out attacks, but sells the information to the highest price. Peer.

The Russian “Morning News” reported on the 10th that the US media claimed that the hacker organization that attacked the pipeline company came from Russia, which may have provided an excuse for the United States to impose sanctions on Russia. Russian netizens sarcastically stated that no matter what bad things happen to the United States, they are all done by Russian agents. It seems that Russian agents are really omnipotent.

U.S. corporate governments are frequently attacked by hackers

The attack on the fuel delivery system in the United States has attracted great attention from the federal government. Secretary of Commerce Raymondo admitted in an interview with the CBS “Face the Nation” column on the 9th that such hacking incidents are becoming more frequent in the United States. , And emphasized that such incidents are the “first priority” that the Biden administration must work hard to resolve. Raymondo reminded that these hacking actions should arouse the vigilance of American companies.

US government agencies have also been frequently attacked by hackers in recent years. Just last week, the official website of the city of Tulsa, Oklahoma’s second largest city, was also extorted by hackers. This is the 32nd case of a US state and city government unit that has suffered “cyber extortion” by hackers. In the previous hacking activities, some local water treatment plants were almost “poisoned”, the treatment process for critically ill patients in some hospitals was interrupted, and some schools were forced to suspend classes, and municipal governments and law enforcement agencies were “shut down. and many more. Just before the colonial pipeline company’s hacking incident, the United States had suffered two large-scale cybersecurity incidents: the country’s famous software system “Solar Wind” and Microsoft’s email server were both recruited. Governments and private institutions affected by this were as high as Tens of thousands.