On Fri, 14 May 2021 14:04:52 -0700 (PDT), "
wrote:

On Friday, May 14, 2021 at 3:55:47 PM UTC-4, Mr. Luddite wrote:
On 5/14/2021 2:47 PM, wrote:
On Friday, May 14, 2021 at 2:37:59 PM UTC-4, wrote:
On Fri, 14 May 2021 11:46:20 -0400, Keyser Söze
wrote:

Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.
That is what happens when you are running an enterprise system on
homeowner grade software and most people do, including federal, state
and local governments.
I also question why any critical infrastructure is running on the
internet and not leased lines.

There pretty much aren't any "leased lines" anymore. The bell companies have
been pricing them out of existence for the last few years. You can get a data
drop at a location, but not a leased line.

Now you get a "private" IP address range that's carried on the provider's backbone.
That, along with good VPN and firewall hardware and software is supposed to
keep you safe. One thumb drive carried in a pocket with a spreadsheet from home
can screw that up.

I don't get how a VPN works. I installed one and could no longer log
into online banking because the bank's server (or something) didn't
recognize my computer or my location. (thought I was in Texas or something).

If I turned the VPN off ... everything worked fine. Turn it back on
and I am not recognized.

A VPN is typically a point-to-point connection. In other words, your VPN software would
log into your company's matching VPN software at the office, providing you with a secure
connection from your home to the office.

A great application is if you are travelling on business. When at the hotel your PC is fairly
"open" on the hotel's WiFi. Fire up your VPN and connect back to your company's servers.
Now you have a secure "tunnel" of sorts that doesn't expose your data to others that are
also on the hotel's network.

You may have been using a VPN that is part of a security package on your PC? It probably
provides a secure connection to a server farm somewhere so you can surf without exposing
yourself to the hotel. However, now your bank doesn't "know" your computer since it is behind
the VPN and appears to be in Texas. It thinks some bad Texan is trying to access your accounts.

That's my semi-educated guess.

I would not plan on the hotel network not being able to sniff your
packets unless your VPN is encrypting them.
I have a VPN available to me from my web host but I don't do anything
private enough to fool with it.
I am starting to get some pushback from a few people about why my web
sites are not encrypted (HTTPS)

On Friday, May 14, 2021 at 3:51:42 PM UTC-4, Mr. Luddite wrote:
On 5/14/2021 11:46 AM, Keyser Söze wrote:
Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.


I can't verify the accuracy of this but I heard one report that the
"hacking" was actually into Colonial Pipe's financial systems and not
the operations or equipment associated with the pipelines. Tying up
the banking and financial controls of the company is what caused it
to shut down the system. They reportedly paid a five million dollar
ransom to unlock the company's finances and hence, operations.

It makes sense that Koch Industries would be somehow tied to the
pipeline systems. One of the major business areas and products
of Koch and it's subsidiaries is steel piping. One division
built only nuclear graded products. Koch was also heavy into
gas separation systems that are used to provide oxygen, LN2 and
other gases for commercial and medical use.



--
This email has been checked for viruses by AVG.
https://www.avg.com

===

Here's more info on the actual hack:

---
In the case of Colonial Pipeline, the DarkSide ransomware group attacked the company's business network rather than the more sensitive operational technology networks that control the pipeline. But Colonial took down its OT network as well in an attempt to contain the damage, increasing the pressure to resolve the issue and resume the flow of fuel along the East Coast. Another potential factor in the decision, first reported by Zero Day, was that the company's billing system had been infected with ransomware, so it had no way to track fuel distribution and bill customers.
---
From Wired magazine:

https://www.wired.com/story/colonial...omware-payment

On Friday, May 14, 2021 at 8:54:13 PM UTC-4, wrote:
On Fri, 14 May 2021 14:04:52 -0700 (PDT), "
wrote:

On Friday, May 14, 2021 at 3:55:47 PM UTC-4, Mr. Luddite wrote:
On 5/14/2021 2:47 PM, wrote:
On Friday, May 14, 2021 at 2:37:59 PM UTC-4, wrote:
On Fri, 14 May 2021 11:46:20 -0400, Keyser Söze
wrote:

Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.
That is what happens when you are running an enterprise system on
homeowner grade software and most people do, including federal, state
and local governments.
I also question why any critical infrastructure is running on the
internet and not leased lines.

There pretty much aren't any "leased lines" anymore. The bell companies have
been pricing them out of existence for the last few years. You can get a data
drop at a location, but not a leased line.

Now you get a "private" IP address range that's carried on the provider's backbone.
That, along with good VPN and firewall hardware and software is supposed to
keep you safe. One thumb drive carried in a pocket with a spreadsheet from home
can screw that up.

I don't get how a VPN works. I installed one and could no longer log
into online banking because the bank's server (or something) didn't
recognize my computer or my location. (thought I was in Texas or something).

If I turned the VPN off ... everything worked fine. Turn it back on
and I am not recognized.

A VPN is typically a point-to-point connection. In other words, your VPN software would
log into your company's matching VPN software at the office, providing you with a secure
connection from your home to the office.

A great application is if you are travelling on business. When at the hotel your PC is fairly
"open" on the hotel's WiFi. Fire up your VPN and connect back to your company's servers.
Now you have a secure "tunnel" of sorts that doesn't expose your data to others that are
also on the hotel's network.

You may have been using a VPN that is part of a security package on your PC? It probably
provides a secure connection to a server farm somewhere so you can surf without exposing
yourself to the hotel. However, now your bank doesn't "know" your computer since it is behind
the VPN and appears to be in Texas. It thinks some bad Texan is trying to access your accounts.

That's my semi-educated guess.
I would not plan on the hotel network not being able to sniff your
packets unless your VPN is encrypting them.

That's a primary function of what a VPN does. It encrypts the data packets..
They can sniff all they want. Unless they have the key that only you and the host
has, it's all just gibberish.

On 5/14/2021 9:29 PM, wrote:
On Friday, May 14, 2021 at 3:51:42 PM UTC-4, Mr. Luddite wrote:
On 5/14/2021 11:46 AM, Keyser Söze wrote:
Colonial pipeline operators began restarting operations Wednesday
evening but said it would take “several days� for the supply chain to
return and warned some markets could continue experiencing “service
interruptions.� The mass panic caused by gasoline shortages and spiking
prices across the East Coast — nearly 7 in 10 gas stations in North
Carolina, and about half in Virginia and South Carolina, were out of gas
Wednesday evening, according to GasBuddy — highlighted the vulnerability
of aging U.S. energy infrastructure unable to handle 21st-century
threats, even those known about far in advance.

Founded as a joint venture by nine oil companies 59 years ago, *Koch
Industries* currently owns the largest stake in the company.

An outside audit of the Colonial Pipeline’s cyberattack defenses,
delivered to the company more than three years ago, described
“atrocious� information management practices and “a patchwork of poorly
connected and secured systems,� its author told The Associated Press.
“We found glaring deficiencies and big problems,� said Robert F.
Smallwood, whose firm prepared an 89-page report after a six-month
audit. “I mean, an eighth-grader could have hacked into that system.�
Colonial Pipeline operators have been seeking to hire a cybersecurity
manager for more than a month, with 32 applicants on LinkedIn.


I can't verify the accuracy of this but I heard one report that the
"hacking" was actually into Colonial Pipe's financial systems and not
the operations or equipment associated with the pipelines. Tying up
the banking and financial controls of the company is what caused it
to shut down the system. They reportedly paid a five million dollar
ransom to unlock the company's finances and hence, operations.

It makes sense that Koch Industries would be somehow tied to the
pipeline systems. One of the major business areas and products
of Koch and it's subsidiaries is steel piping. One division
built only nuclear graded products. Koch was also heavy into
gas separation systems that are used to provide oxygen, LN2 and
other gases for commercial and medical use.



--
This email has been checked for viruses by AVG.
https://www.avg.com

===

Here's more info on the actual hack:

---
In the case of Colonial Pipeline, the DarkSide ransomware group attacked the company's business network rather than the more sensitive operational technology networks that control the pipeline. But Colonial took down its OT network as well in an attempt to contain the damage, increasing the pressure to resolve the issue and resume the flow of fuel along the East Coast. Another potential factor in the decision, first reported by Zero Day, was that the company's billing system had been infected with ransomware, so it had no way to track fuel distribution and bill customers.
---
From Wired magazine:

https://www.wired.com/story/colonial...omware-payment



That's what I heard and it makes sense. Tying up the business and
financial data basically puts a company out of business, especially
one with a complicated distribution and billing system.