Last month, a group of criminal hackers known as Darkside launched a ransomware attack that prompted the six-day shutdown of the country’s largest fuel pipeline and created widespread gasoline shortages. On Tuesday, Colonial Pipeline CEO Joseph Blount testified before a Senate panel about the company’s cyberdefenses and revealed a key flaw.
Blount said the hacker gang broke into Colonial Pipeline through an account in a virtual private network “that was not intended to be in use.” That VPN account didn’t use multifactor authentication, an additional layer of protection many companies place on employee accounts. (It’s common on consumer accounts, too, in case you aren’t for some reason using it.) Absent multifactor authentication, it just takes cracking a password to log in — though Blount said Colonial’s was complicated: “It was not a ‘Colonial 123’–type password.” After May’s attack, the Department of Homeland Security issued its inaugural cybersecurity regulations for the pipeline sector.
For the first time, the public heard a detailed timeline of the attack. Shortly before 5 a.m. on May 7, Russian-based hackers infiltrated Colonial’s computer network using malicious software and demanded more than $4 million in ransom. Almost immediately, the decision was made to shut down the entire pipeline. “At approximately 5:55 a.m., employees began the shutdown process,” Blount said in prepared remarks, according to CNBC. “By 6:10 a.m., they confirmed that all 5,500 miles of pipelines had been shut down.”
To regain access to its computer systems, the pipeline giant paid the ransom amount in cryptocurrencies on May 8. “I made the decision to pay and I made the decision to keep the information about payment as confidential as possible,” Blount told the Senate Homeland Security and Government Affairs Committee on Tuesday, a day after the Department of Justice and a recently created digital-extortion taskforce touted the recovery of half of the ransom, about $2.3 million, collected by hackers. “It was the hardest decision in my 39 years in the energy industry.”
When asked where the pipeline is in terms of its restoration process, Blount said it’s a work in progress. “This week, we’re bringing back online seven finance systems that we haven’t had since the morning of May 7.” Blount is expected to testify again before the House Homeland Security Committee on Wednesday.
