A Russian criminal hacker group behind a major attack against a major U.S. oil and gas pipeline has caused substantial disruptions throughout the Eastern United States and its effects could trickle into Canada as well. The Russian cyber criminals, known as DarkSide, hacked into the Colonial Pipelines network this month, leading the company to shut down all of its operations for nearly a week.
The fuel shortages affecting the entire Eastern United States demonstrates the potential threats from malign foreign actors against critical infrastructure. The situation also raises questions about whether Canada is prepared to defend against these actors.
Colonial Pipelines was targeted with what is commonly known as a ransomware attack. As the name suggests, criminal hackers identify and exploit vulnerabilities in a targeted system to access and seize control of data and even entire networks and systems and a ransom is demanded to release them. In the Colonial Pipelines case, Russian hackers stole over 100GB of data from the Georgia-based company and then locked up part of the pipeline after which the criminal hacker group demanded a ransom.
The Colonial Pipelines system stretches from Texas to Maine, supplying gasoline, diesel and jet fuel supplies to the entire Eastern US. Its near weeklong shutdown has forced the U.S. government to approve alternate methods to transport oil and fuel across the region, including railways and roads.
The Wall Street Journal reported Colonial paid $4.4 million in ransom. Cyber criminals in past hacks have demanded amounts ranging from as little as a few thousand to millions of dollars in order to release data and hijacked systems. In October 2019, a Canadian insurance company reportedly paid $1.3 million to recover 20 servers and 1,000 workstations.
Over the past several years, cyber security experts have warned about the vulnerability of Canada’s critical infrastructure to foreign hackers and cyber criminals. In its 2020 threat assessment report, Canada’s Centre for Cyber Security noted that “cyber threat actors will intentionally seek to disrupt Canadian critical infrastructure and cause major damage.”
In July 2020, Russian government hackers