A Russian criminal hacker group behind a major attack against a major U.S. oil and gas pipeline has caused substantial disruptions throughout the Eastern United States and its effects could trickle into Canada as well. The Russian cyber criminals, known as DarkSide, hacked into the Colonial Pipelines network this month, leading the company to shut down all of its operations for nearly a week.
The fuel shortages affecting the entire Eastern United States demonstrates the potential threats from malign foreign actors against critical infrastructure. The situation also raises questions about whether Canada is prepared to defend against these actors.
Colonial Pipelines was targeted with what is commonly known as a ransomware attack. As the name suggests, criminal hackers identify and exploit vulnerabilities in a targeted system to access and seize control of data and even entire networks and systems and a ransom is demanded to release them. In the Colonial Pipelines case, Russian hackers stole over 100GB of data from the Georgia-based company and then locked up part of the pipeline after which the criminal hacker group demanded a ransom.
The Colonial Pipelines system stretches from Texas to Maine, supplying gasoline, diesel and jet fuel supplies to the entire Eastern US. Its near weeklong shutdown has forced the U.S. government to approve alternate methods to transport oil and fuel across the region, including railways and roads.
The Wall Street Journal reported Colonial paid $4.4 million in ransom. Cyber criminals in past hacks have demanded amounts ranging from as little as a few thousand to millions of dollars in order to release data and hijacked systems. In October 2019, a Canadian insurance company reportedly paid $1.3 million to recover 20 servers and 1,000 workstations.
Over the past several years, cyber security experts have warned about the vulnerability of Canada’s critical infrastructure to foreign hackers and cyber criminals. In its 2020 threat assessment report, Canada’s Centre for Cyber Security noted that “cyber threat actors will intentionally seek to disrupt Canadian critical infrastructure and cause major damage.”
In July 2020, Russian government hackers attempted to steal COVID-19-related vaccine research from facilities in Canada. The Communications Security Establishment (CSE) identified the hackers as belonging to the Russian intelligence APT-29 cyber warfare teams, known as “The Dukes” and “Cozy Bear,” whose goal was to hinder Canadian response efforts to COVID.
In December, Russian government hackers infiltrated critical updates of Solar Winds software. The hack affected large parts of the U.S. government, NATO and multiple tech and utility companies.
This attack may have been thwarted if a strikingly simple solution was used — strong password protocols. According to the New York Times, an intern at Solar Winds set the company’s password to its master updating system to SolarWinds123. The easily hacked password contributed to one of the biggest cyber attacks on record.
While it is unclear whether the Colonial Pipelines hack can be attributed to the Russian government, Russian pro-democracy and human rights activist, Garry Kasparov, tweeted that “no Russian hackers … would operate without his [Vladimir Putin’s] sanction.”
While the Russian government has denied involvement and there is yet no hard evidence pinning the crime at the Kremlin’s feet, those of us who have watched Russia closely have a running joke: we shouldn’t believe anything, until the Kremlin denies it.
Just as we ourselves are becoming more reliant on the “Internet of things,” so too are the operations of our critical infrastructure. The threat of hacking or interference in the functioning of our hospitals, power grids, traffic networks and beyond could put countless Canadian lives at risk, to say nothing of the devastating economic costs.
The consensus amongst experts is that much of the Western world and indeed Canada are unprepared to defend against these threats.
CSE has developed baseline cyber security guides for small to medium sized businesses to help them secure their networks. However, it’s unknown how many businesses have adopted these security protocols. Greater personal cyber literacy and the promotion of simple habits like adopting two-factor authentication, at a minimum, should be promoted among Canadians, and at all levels of government and business.
The cost of engaging in cyber and digital information warfare against Canada and our allies by malign foreign states and actors is extremely low. Without strong deterrence — and the ability of our intelligence community to actively defend against and to proactively neutralize threats — we invite further attacks against us. The cost of that may soon be counted not just in millions of dollars, but ultimately, in lives lost.
Marcus Kolga, Toronto
DIGITAL Estonian Life No. 29 - July 23, 2021
All issues with table of contents available here: https://issuu.com/estonianlife
Any questions or comments - email us at firstname.lastname@example.org