How Does This Work, Exactly?

In a Thursday article concerning Colonial Pipeline apparently paying ransom to get their systems back online the Wall Street Journal‘s writers let this tidbit slip.

Bloomberg reported earlier Thursday that Colonial had paid the hackers a sum of nearly $5 million, and that the decryption tool ultimately wasn’t effective in restoring operations. Instead, Colonial was able to recover by relying on system backups, Bloomberg reported.

Which raises two questions. If Bloomberg‘s reporting is accurate,

  • Where were Colonial’s CEO, COO, and CIO that they allowed the hack to occur in the first place?
  • Where were Colonial’s CEO, COO, and CIO that they didn’t go to those backups right away instead of rewarding their attackers for the privilege of being their victim?

Colonial management’s apparent cowardice not only serves to expose their company to further extortion, it exposes their peers in the industry and businesses everywhere to this sort of extortion.

Just as bad is the Biden administration’s timid response. The longstanding (not just under this administration) vulnerability of all of our nation’s financial, power, water, fuel infrastructure, coupled with Biden’s ducking away from the current attack (it’s a private matter), exposes our nation to state-level attack and crushing defeat.

That’s Nice

The Senate Homeland Security Committee held a hearing last week regarding the Colonial Pipeline fiasco (which has much wider implications than just one company cravenly paying off its attacker/rewarding its attacker for the attack).

Congressman John Katko (R, NY), Ranking Member of that committee also wrote a letter to Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency, which is a part of the Department of Homeland Security. In his letter, Katko asked a number of questions regarding how well CISA works with its counterparts in other agencies and how well CISA’s inspections of the nation’s pipelines were going.

He also wrote optimistically

[T]he Pipeline Cybersecurity Initiative, housed within the National Risk Management Center (NRMC), has shown promise as a voluntary, public-private partnership between CISA, Transportation Security Administration (TSA), Department of Energy (DOE), and a range of pipeline-dominant critical infrastructure stakeholders. It is the Committee’s understanding that the core of this initiative revolves around conducting Validated Architecture and Design Review (VADR) assessments on pipeline assets.
These VADR assessments have proven effective at identifying a wide range of potential vulnerabilities within pipeline systems – some of which have been publicly distilled. Better understanding common security flaws and common misconfiguration issues is in everyone’s best interests, and these aggregated insights will help enhance national resilience.

It’s good to erect barriers that actually work.

Two things remain necessary, though. One is, once those barriers are set up, to go clean out the areas behind the barriers: to identify and remove existing malware from the operational and support software, to clean out the existing backups—both of software and of data—to improve training of human operators and support personnel regarding their role in preventing malware from reentering via phishing, spam, and so on, with more severe sanctions than heretofore applied to personnel who fail.

The other is to recognize that those barriers—software and human—will always be imperfect, will always become obsolete in the ongoing arms race between malefactors and targets, and will always need development, upgrade, and anticipation of future developments and potentials for attack.

Necessary Corrections

Two, in fact, for a recent Wall Street Journal article concerning the blacklisting of People’s Republic of China smartphone manufacturer Xiaomi Corp. The blacklist barred US investors from investing in Xiaomi, and Biden is backing away from that.

The first correction is the article’s headline. Pentagon Backs Off Xiaomi Blacklisting After Legal Challenge s/b Biden’s Pentagon Backs Off Xiaomi Blacklisting After Legal Challenge.

It’s misleading to imply that the Pentagon did this on its own, without President Joe Biden’s (D) instruction, especially with the body of the article making it plain that the Pentagon, in its original action, was acting on then-President Donald Trump’s (R) instruction.

The second is this one. The retreat comes two months after Xiaomi won a key victory in a federal lawsuit challenging the listing… s/b Biden’s retreat comes two months after Xiaomi won a key victory in a federal lawsuit challenging the listing….

Biden didn’t even have the courage to challenge the DC trial court’s ruling in the DC circuit or, potentially, the Supreme Court. Overruling the trial court, even at the circuit level, would have been a distinct possibility.

A Test of Biden

The Wall Street Journal editors wrote of a Hamas test of Israel and of President Joe Biden (D) in the context of the Hamas terrorists’ indiscriminate rocket attacks on Israeli cities and oil facilities and of Iran’s funding and supplying of its client, Hamas.

The editors concluded their piece with this:

[Biden] has not endorsed the left’s distorted interpretation of the conflict as a dichotomy of privilege and victimhood, with Israel responsible for every wrong.

That was supposed to be a (sort of) favorable remark about a part of Biden’s performance so far.

However.

That lack of endorsement is a bit of a non sequitur here. The Left isn’t distorting, so much as its “interpretation” is a precise reversal of the situation. The actual privileged are the terrorists, so enamored of by the Left and by the core of the Progressive-Democratic Party as embodied by the likes of Congresswomen Alexandria Ocasio-Cortez (D, NY), Ilhan Omar (D, MN), and Rashida Tlaib (D, MI). The victim is Israel, so openly hated by that same collection of persons, and now so plainly under terrorist attack by Party’s heroes.

Their beloved terrorists are murdering children over property.

Stipulate, arguendo, that Palestinians deserve that property and that their lives would be so much better if they had it.

Today, the murdered children are still dead, and the Palestinians, without that property, are still alive.

But, but–children in Gaza are being killed by the hated-Israelis’ as the latter respond to being attacked? True enough. The Left’s heroes should stop hiding behind their own children, stop using them as cover for their own launch sites.

This is the test that Biden and his Progressive-Democrat henchmen are failing.

Let’s Make Lots of Money

Sounds like a lyric from a Pet Shop Boys song.

The hackers who assaulted Colonial Pipeline, ostensibly for ransom, claim they

only want[] to make money, not disrupt society….

Never mind that their attack on a major oil pipeline does precisely that disruption.

Never mind, either, that these hackers aren’t total idiots—they knew their assault would disrupt a major segment of our economy and so our society. That was the purpose of the attack; this was no petty criminal act. Demanding to be paid by their victim is simply a distraction.

They claimed this, also:

From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.

Right. And they have some bridges across the Reka Vop’ to sell us, also. All illegal behavior, much less terrorist behavior, if left unanswered has social consequences.

No, these…personages…have simply applied a Willy Sutton tenet to their terrorism:

Go where the money is. Go there often.

Our Federal government, actively aided by our State governments, need to get aggressive with active responses to such attacks. The time for passivity, for merely acting defensively after the fact, is long past. Terrorists, physical or cyber, network entities or state-sponsored, need to be burned to the ground.

The negligence of company CEOs, COOs, and CIOs, including those officers at Colonial Pipeline, in not being serious about hardening their systems, also badly wants sanction.