14

Colonial Pipeline Attack -The rise of cyberware attacks and the future of prepping

Another cyberware attack in the news, affecting fuel. This kind of crime is on the rise for business and personal users. What does this mean for the future of prepping?

None of us can control the methods or security used by business, so how safe are we? What do we need to do as individuals to prevent personal devices from being shut down?

In the early days of computer use in business, I was taught: the computer you are using is nothing more than an electronic filing cabinet. It is not infalliable. Print hard (paper) copy of anything important.

So for anyone relying soley on external drive backup or thumb drive, if all the computers/phones are shut down, how will you read your data? For any important prep info or instructions: hard copy on paper.

Here’s the article:

Colonial Pipeline Cyberware Ransom Attack

24

  • Comments (24)

    • 5

      The solution to these cyber attacks is as clear as white light passing through a prism. 

      The IT – Information Technology – as least as of this stage of development – is a weak link. I’ve heard the expression “electronic filing cabinet”. I clearly remember being told something in this digital/cyber form is a post card available for reading.

      We had a similiar technology problem with submarine development.  The development of the sub wasn’t in tandem with the submarine rescue technology.  Although for other reasons, this technology gap was mentioned in the lost submarine USS Thresher.

      For a prepper, technology cannot be depended on in all circumstances. It’s back to the semaphore flags and lanterns. Then, write the info down on paper or parchment with a pen or quill or even a lumber crayon.

      For the specific Colonial Pipeline closing, the big issue is cost. There’s an emergency supply of gasoline up in the Northeast – believe metro New York City, Maine and somewhere else. It’s not much of a supply but can be augmented by boats from the Gulf Coast. The gasoline supply is called the Northeast Gasoline Supply Reserve, a component of the Strategic Petroleum Reserve.  Another of these components is for heating oil.  Forgot what its named; also in NYC area.

      Americans might remember the program to computerize an interface between US military medical records and the veterans’ records in the Veterans Health Agency of DVA.  Not working yet. 

      The World War Two stories were true.

      • 3

        Good morning Bob,

        When we are no longer on this earth, people in generations after us will not understand that it is possible to live without this massive injection of technology. They have been raised with it, in all it’s invasive forms.

        The problem is the lack of duality. Everyone should know how to function and be capable of functioning without it. That idea is not a radical concept.

        Any tech based operating system for any plant, e.g. water treatment should always have the ability to switch to manual controls. 

        If cyber attacks continue, then perhaps certain life sustaining or critical industries should not be allowed to use certain types of hackable technologies. Again, not a radical concept.

        People who have grown up with technology don’t realize that all of these tasks were accomplished without it, and in many cases with less headache.

        When got email in an office I was managing, it drove me up a wall. It was very fast paced and I had no time to type a message and tap my foot while waiting for a response. I would get up and walk into the other office and get the answer I needed.

        One of the owners and I got into it over this and I told him point blank “do you want the loads moved or would you like me to lose out on the load and have the equipment parked overnight?” I also told him email in trucking was the most ridiculous, pretentious idea I had ever encountered. Aside from walking over to get an answer, we could phone and in some cases yelled across the room. But we didn’t miss a load and I got my work done.

        Technology is a market that was created but rarely does anyone question it’s actual necessity. I am not a Luddite or tech phobic. I have worked with enough of it and part of my post-secondary education is in it.

        I just see it for what it is – a way of doing something, another form of picking up that lumber pen and paper you mentioned.

        The difference is that technological methods by their design leave us vulnerable to attack. And we are only as safe as a split second ago. We just never know when someone is going to back door a hack through some software or someone else’s computer or security is hacked and infects us.

        So how can we balance the invasion of technology into the way our essential services function when it is enmeshed into everyone’s lives? Maybe it needs to be pruned back out of people’s lives as well?

        New is not always better, nor does it have to be this way. That is probably the most dangerous myth in existence.

        ps. WWII stories were true and have stood the test of time.

      • 3

        Good afternoon Ubique,

        The current batch of citizenry will be paying more for less in an unsafe environment.

        There are only a few US industries allowed to use whatever they want. One is those using atomic energy.  It’s too important.

        The pipelines, obviously enough, use the current generation of IT and the Colonial Pipeline illustrates why the product users will be paying much more for an already overpriced product.

        My experience with emails is that they are a slower form of communication than telex transmissions/receipts. The basic reason is that the texex is staffed as a separate department and the email transmissions/receipts are individual and typically not even worked 24/7.

        Plus, attended many meetings along with fire captains.  They won’t remove their gloves and masks to deal with the current IT emails AND they cannot be used in certain environments like subway tunnels. Plus, all users do not have interface aspects for an overall system.  At least it’s being worked on. Large staffs are needed.

        Only months ago, the insurance industry separated out of business interruption insurance the IT section. IT business interruptions now requires a separate policy.  It is expensive.

        ……

        Those WWII telegraph keys were eclipsed by runners. The runners were faster and more secure than the telegraph wire transmissions. 

      • 5

        Good afternoon Bob,

        We used telex when I moved money in International Banking. I started on the old tank telex units that pumped out a hole punched tape that we fed for transmission. Then we got the new models that were straight typing.

        We rotated into the locked down telex room for two week stints as a break from the desk part of our unit. Inbound and outbound traffic. The stress there was more from monitoring fraudulent transactions. We were big targets.

        I worked in different industries/sectors. I went to another bank later where we were also a lock down unit and still faced being a target. Part of the stress there was bomb threats or threats to kill us or our families. 

        I went to branch banking in the final years that I worked for banks just to get away from the specialized units and the associated stress. 

        Back to IT, I don’t see where it saves me any time, personally or professionally. Most of the time email/texts are a way to market stuff.

        I have a non-activated flip phone with a sim card but not as part of a service plan and only carry it when driving. I can call 911 or a wrecker if I break down. That’s all I need it for and I don’t like carrying more stuff on me than necessary. My home land line works if the power is out and I have an answer machine for messages. Cell phone rates here are the highest in the world and I am not drinking the overpriced Kool-aid.

        I email a couple of friends that live in other communities and also use it for business transactions. I prefer telephone or writing letters.

        Letter writing is a lost art that can never be compared to email or texting. There is a joy in receiving a letter and then responding. My paternal grandmother was a great letter writer, with letters that could reach over 10 pages. But they were interesting pages, packed with news and wonderful stories. She wrote to many people across Canada, friends and family alike. There are people now who will never know the joy of having a pen pal. How sad to lose such a simple, inexpensive and happy way of communicating.

        The runners in WWII were certainly faster and more secure. They could evade detection unlike other forms of transmission.  I remember my Dad talking about riding a Harley to run messages occasionally. He was in the Corps of Royal Canadian Engineers. 

      • 3

        Good evening Ubique,

        Had not heard the term “pen pals” in decades ! 

        I still use this program and my postage costs are returned in geometric amounts. A couple of years ago, a pen pal told me of a no-cost 2 day seminar, field exercise on animal rescue (SART – State Animal Rescue Team). It was one of the best courses I’ve taken; learned much, made good contacts. My pen pal also signed me up for a follow-on large animal rescue seminar (horses) but demand is tremendous and still waiting. 

        Sending a correspondent an envelop with eg a printed article or even an entire industry-only magazine yields more value to both of us than funds can purchase.

        My snail-mail network is my best of several networks. Viva le fountain pen and Waterman black ink for a signature.

        Your dad participated in what I learned about. Without my learning experiences from the WWII veterans, I wouldn’t be here on the planet. Yes, indeed, a Harley is a faster and safer method of communication.

      • 3

        Good morning Bob,

        Glad to hear you still use the power of the pen and pen pals. It is a wonderful way to network, learn and share expriences and information. It is akin to the slow food movement = slow words movement.

        Fountain pens and Waterman! Fine choices, for writing. The act of writing is a much different experience than typing. Typed words are rapid and flow in a detached way from our fingertips. When we put pen to paper, we hold the instrument, the pen, in our hands and there is the connection to the pen and the way our hand glides across the paper. The words unfold gracefully and thoughtfully along this connection.

        I hope others reading our discussion about pen pals will take it up and we can start a pen pal renaissance. New generations will experience the happiness of receiving a letter from a faraway friend. 

        Also, bravo to you for participating in animal rescue training. It is a much needed aspect of disaster response.

      • 2

        Good morning Ubique,

        Personally writing script or printing it on paper is autobiographic.

        Much can be “read” besides the narrative.

        Just looking at a signature tells much. It was obvious … at least to me … that Edgar Allen Poe was a no-nonsense individual.  Former Secretrary of State Madeline Albright’s signature displays well-prepared plans.  It’s clear to read. Former National Security Advisor Zbigniew Brzezinski’s signature is spaced-out. Please allow me some literary license writing this. Former Secretary of State Henry Kissinger’s signature looks like a flat line EKG.

        Got into the basics of animal rescue just to be “well rounded” when in disaster zones. There are many “experts” here and they are dangerous. The natural perils are the lesser danger. 

      • 3

        Good morning Bob,

        I also have an interest in hand writing analysis and once had a book on it. It is a fascinating subject and tells much about the person.

        I consider it part of sensible security – I beware the person with certain kinds of hand writing.

      • 3

        Good afternoon Unique,

        Excellent method to determine security situation re leader’s signature.

        I, too, use this method.

    • 4

      Just another reason why I want to be off grid and self reliant like I talked about here.

      While it’s a bit harder to be off grid with gasoline, you still can store quite a bit and be somewhat resilient to things like this.

      • 3

        Hi Robert, 

        You are wise to recognize that it possible to learn and know how to live without certain conveniences. I really liked that you began that thread, because sometimes people think that the past ways of doing things are no longer viable. Methods have changed, but that doesn’t always mean that they are better.

        Sometimes I think the way we are evolving is making us more fragile and dependent. We are nations of consumers. We need to design, build and get our hands dirty again – making things, growing things. Pushing buttons won’t keep us alive in the long run.

        Maybe some day we’ll be like Star Trek and a replicator will spit out a really nice lasagne or lemon pie. In the meantime, we need to be able to grow our food or at least know how in case we have to.

    • 4

      Cyberattacks are cheaper and easier than ever to implement and deploy. This will only continue to rise and affect our grid, privacy, security, and cost us millions along the way. 

      Prep now when times are good, they are only going to get worse from here.

      I would like to respectfully argue your point about printing hard copy paper things of important information. Sure it’s going to be hackproof, EMP proof, power outage proof, but then you also introduce other vulnerabilities of theft, fires, and it takes up much more space. There is no perfect solution here. So I like to have a mix and blend of the two. Store things digitally and encrypted offline in my home, and with a friend, and for really important stuff print it off and have a hard copy in a secure location. 

      • 5

        Good afternoon Supersonic,

        One of the problems involves rapidly changing circumstance.  

        Some document not currently important can have its status change real fast.

        Think of some certificate on eg emergency sheltering or basic SAR.

        Everything was planned to shelter in place and there’s well established inventories of food, water and supplies.

        There’s a mandatory evacuation order with requirement to LEAVE NOW.

        Having that SAR doc or Red Cross doc or CERT document could mean getting an assignment in a decent area with the evac officials. Without it could mean just sitting around waiting for further instructions.

      • 6

        Supersonic,

        Absolutely agree with your points. I do use digital back up in addition to paper and also store offsite, but like you I keep vip on paper also.

        It’s a way of spreading the risk and I use the same approach in other aspects of prepping.

        There needs to be major deterrents set for this type of crime if we are unable to stop it through design and security. I don’t recall reading if anyone has ever successfully tracked these operations. They must have caught some of them?

      • 4

        Some preliminary news articles have suspected that this pipeline attack could be from a Russian group. Not much we can do with that if it is true.

        Looks like Biden and his officials are working with the pipeline company, and although they have limited roles because the pipeline is a private company, they are still offering their services to mitigate the effects and prosecute the criminals.

        It’s going to take attacks like this unfortunately for people to realize it is an issue, we are vulnerable, and to do something about it.

      • 3

        This may sound simplistic, but I’m going to toss it out there anyway.

        At a basic level all business requires a business license from the community in which they operate. Couldn’t the big businesses who fail to beef up their security be denied a license to operate their business?

        Perhaps we need to add a security standards category for allowable operation of a business. This would be no different than health standards acceptable for a food service business. If the business fails to comply with security standards, they are shut down.

        If it is an essential service, they are subject to ongoing security checks and if they don’t like it then the government can appoint a management firm and accountants to handle compliance and interim management until a new management team (and possibly board of directors) can be appointed.

        From the article that Bob posted below, it appears that ongoing warnings and recommendations have been ignored.

         People can die if they don’t have heat. Essential service companies who blatantly refuse to comply should be subjected to the most severe penalities, up to and including prison time.

      • 2

        “Every modern Western nation is now a democratic socialist mercantile state with a managed economy and managed trade.  Corporations around the world are instruments of the government …”

        Dwayne Andress, Chairman, Archer Daniels Midland

        JOURNAL OF COMMERCE 9 May 1995

        ……

        Good morning Supersonic and Ubique,

        During a declared emergency, the US Government has more control over energy pipelines than the company’s Board of Directors and majority stockholders. This control might not be exercised but it is present. If, for example, during an emergency, Cargill wants to move some grain vessels Thunder Bay to Europe, they will. It’s not even relevant that Cargil is a private company – not on any stock market as is usually understood.

        No, big businesses without a beefed-up security program cannot be closed down. The current doctrine governing this is “Too big to fail”.

        For some businesses, it’s nearly impossible to close them down.  Frequently enough, these companies are more politically powerful than their regulatory agencies. I’m not posting examples to keep this post non-political.

        I once worked in the political department of a US oil company. It is SOPHISTICATED.

        Most Americans – well over 51% and closer to the 99% – do not participate in governmental activities … not even the local school board’s public meetings. My above percentages might explain residential real estate taxes. 

      • 2

        Haven’t been on this site for months, but seeing this cyber attack in the news reminded me of the forum so I came on here to see if people are talking about it. 

        I’m with Mister Bob here, the pipeline is “Too big to fail”. While the sanctions would be great, if they are relying on a private company to fuel 45% of the east coast, then it would be devastating to the economy and lives if they shut it down. 

        And as others have mentioned, we are seeing an uptick in cyber attacks, so the government and private organizations need to allocate a greater amount of their resources to security (physical and digital) to prevent things like this from happening in the future.

        Most of these ransomware attacks are from an employee clicking on a malicious email. I feel pity for the poor chap who clicked on that and about shut down the economy and who about crippled half the country and caused a disaster that is making national news. That person’s life is pretty much over. He’s obviously fired, he probably is going to have to move now and go off grid because if his name leaks so many hateful people will be after him. He’ll never get another job again because when future employers ask why he was fired from his last job and he says that he was the cause of the Colonial pipeline shutdown, no company is going to take that risk and hire him. 

        Be careful what you do guys. A single malicious email can cause so much damage and ruin your life. I don’t blame the guy and I hope he comes out of this pretty unscathed. These emails are tailored and designed so well that pretty much anyone will fall for it, this guy is just the unlucky chap who fell for it.

        Side note, not sure if that’s how all this started, but a majority of ransomware attacks are from this so it’s a pretty safe bet.

      • 4

        Good evening Haus,

        Appreciate the mention.

        The example of clerk clicking on a malicious email reminded me of the Exxon Valdez Captain, Robert Hazelwood. Even though not at fault, less a small fine and community service,  he never drove an oil tanker again.

        When in doubt, don’t click. When working fast, slow down.

    • 4

      https://www.insurancejournal.com/news/national/2021/05/11/613417.htm

      Good evening,

      Above link tells of IT professionals providing good info that’s ignored.

      What got my attention in article was “..industry … does not have real-time access …”

      The potential lawsuit gets more attention than the pure cyber threat.  We live in an oversaturated judicial environment.

      • 2

        Good morning Bob,

        Thank you for the excellent article. I would like to know what was contained in the 48 recommendations.

        The article underscores that there are solutions, but the solutions are being ignored.

        Also see my reply above to supersonic

    • 2

      Saw this online and my first thoughts were “This is nuts!” But come a disaster and people aren’t able to fuel their cars anymore and are stranded in the city and can’t even get home, then people are going to be jumping on deals like this. 

      6792d99

      A few weeks after this has all blown over and things go back to normal, I’m going to invest more in my fuel storage. Not only for myself, but can also double as a valuable trade item someday. I am NOT going to scalp gas though like this guy. Only use it for trade or charity in a real emergency.

      • 5

        Good afternoon Carter,

        Speaking of gasoline …… Yesterday afternoon the Virginia Governor declared an emergency re the Colonial Pipeline event.

        Do ensure you’ve got safety factored into your planned fuel storage. 

    • 3

      Not sure if you guys saw this, but The Prepared did a write-up on the pipeline attack. 

      https://theprepared.com/blog/details-and-preps-for-the-colonial-pipeline-cyberattack-and-gas-shortages/