After Colonial Pipeline shutdown, hacker group 'Darkside is just getting started,' experts say
The Colonial Pipeline stretches from Houston to New Jersey
ATLANTA, GA – Colonial Pipeline, the largest fuel pipeline in the United States is under attack. The pipeline stretches from Houston to New Jersey and usually transports more than 100 million gallons of fuel a day.
On Friday, the pipeline was forced to shut down after a gang of hackers known as Darkside broke into some of its networks.
The pipeline transports 45% of the fuel along the East Coast, reaching over 50 million Americans and now it’s in jeopardy.
The CEO of a Prevaillon, Karim Hijazi, runs a security intelligence agency that infiltrates hacker communities every day. Hijazi said Darkside is just getting started.
"The fact that they came into the environment, they looked around and took the time to figure out where they were, they stole information beyond just simply ransomware, it was sort of a double extortion attack. It really is unprecedented," Hijazi said.
COLONIAL PIPELINE OUTAGE HAS DOT IN OVERDRIVE
The FBI released a statement confirming that Darkside is responsible for the hacking at the pipeline.
President Biden said, "so far there is no evidence, based on our intelligence people, that Russia is involved although there is evidence that the actor’s ransomware is in Russia."
Experts say Darkside is very strategic about who it attacks.
"They’ll actually look at machines they're infecting and if those machines have any Russian language settings or something similar to that they won’t attack that organization," Hijazi said.
Goizueta Business School Associate Dean Ramnath Chellappa said Darkside is fairly new but highly sophisticated.
"It is believed that Darkside does a great job of actually figuring out who the competitors are so they actually know what the next steps to follow if the ransom is not paid," Chellappa said.
COLONIAL PIPELINE GAS SHORTAGES WIDEN: STATE-BY-STATE BREAKDOWN
However, experts say paying the hackers may not solve anything.
"I definitely wouldn’t suggest that paying is the way out of these problems – it certainly is not a guarantee of any sort that you would get your data back," Hijazi said.
Darkside said on its website that its goal is to make money and not create problems for society, but the hack could have long-lasting impacts.
"Once things are embedded – once it’s in, it's really hard to get rid of because it can proliferate, it can laterally move, it can spread within the network and go to places it wasn’t before, it can go silent," Hijazi said.
Plus, another concern is that other actors or adversaries can learn from the mistakes or successes of Darkside.
"This is a good way to see where the weak spots are, where people are going to respond, how they’re going to respond, how aggressively we as a country respond to this politically," Hijazi said.
While many of the systems of the pipeline remain offline, gas prices are surging across the East Coast.
"We’re probably going to feel the effects of it if this doesn’t get resolved soon. If there is another wave of attacks here this could add to a lot more," Hijazi said.
Hijazi said most times hackers have multiple stages in their attack efforts.
"It is an ongoing battle – we may win this battle here, but the war will continue to wage," Hijazi said.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
However, experts say the biggest takeaway from this attack is the importance of protecting the country’s infrastructure.
"The first step is to try and always address vulnerabilities that exist in your environment. The next step is training and educating your staff to not click on things that look suspicious and when things get clicked on work with groups like ourselves to preventably see when something is inside your environment," Hijazi said.
Some states along the East Coast are preparing for a fuel shortage. North Carolina has declared a state of emergency in response to the pipeline shutdown.
Colonial Pipeline said it expects to resume full service by this weekend.