I'm not a pipeline expert, but I've been doing computers sense the early 90s. You have a pipe. It has pumps and valves. You have a computer that controls it all. The computer gets hacked. UNPLUG THE DAM COMPUTER... and plug in another one. Then restart the pumps. If they are too incompetent to figure out a workaround then get the hell out of the way and let someone else try.
If there is one thing I've learned with computers its that the guy at the console is god. There is no such thing as taking over from a remote location. Anyone that tells you differently has been watching too many movies. Send real actual human beings out the the pumps, unplug the dam computer and just turn the pump on manually. Yeah, a person might have to watch the pressure and flow rates etc rather than the computer. So the hell what. Get the dam gas flowing again morons.
It's not just the pumps. If that was the issue, then turning them on manually isn't a big problem.
You have the metering, flow indications, pressure readings, leak detection systems, filter differential pressure readings, emergency shutdown valves and relief system indicators, etc... . Also, most pipeline pumps are set up with variable frequency drives.
It's not as easy as simply turning on a pump. Imagine turning on a car... having all the power you need, but not having a gas gauge, no speedometer, basically no way of monitoring the vehicle. You CAN drive like that on a country road... but not on a major highway through a large city. Now imagine having incredible liability in case anything went wrong. That's what the equivalent would be in pipeline terms.
And they can't switch out the computers? They have NO backup systems at all?
If that's the case its just poor planning, and utter incompetence. There is no way you will convince me that if someone with half a brain was turned lose in fucking Microcenter they couldn't completely replace/bypass whatever computer these hackers have access to.
If that is a complete impossibility then the entire system is designed poorly and everyone involved should give back their paychecks to pay the ransom.
GET IN HERE GUYS!!! ... THE NERDS ARE ARGUING!!!
KEK!!! I LOVE OUR COMMUNITY. LOTSA SMART MFs AROUND THESE PARTS.
?Best comment in this thread
Depending on the retention period of their backups.....ransomware now infects systems and sits dormant 6 months before going live sometimes and unless you restore back far enough backups wont work.
I haven't look up the flavor of ransomware used to know if it is the above type or not.
Forgive me but I'm a unix admin. Ransomware and viruses don't really work on FreeBSD. I stopped using winblows like 10 years ago. If these idiots running this pipeline are too stupid to build their control systems on a real OS then we know the problem don't we.
This is categorically false, and really sheds light on what you know vs what you think you know. There are certainly fewer exploits to take advantage of in *nix systems, but you don't need an exploit, whether hardware, software, or operator, to wreak havoc on a system or network of systems.
Please... do link to a "virus" that works on FreeBSD. I'll wait.
You can install things like root kits if you get root access, but as a person who has spent DECADES on the console of unix machines all you have to do to fix that is unplug the network cable and fix it. Sure it can take 24-48 hours to fix depending on how long they've had root, how good your backups are, etc, but the idea that it couldn't be fixed quickly is just silly.
Winblows on the other hand... LOL... SMH... Its like it was designed to be compromised. The most hilarious part is windows recently has started using pieces and parts of unix to increase its security.
I just reread what you said... I don't need an exploit? So if they aren't attacking the routers, which are hard as hell to attack in the first place... What you said makes no sense. There has to be some gap in their security that was exploited. Otherwise everything would be fine.
Look I ran a company that provided unix shells to hackers. I never got rooted. I know how this shit works. There is a right way and a wrong way to secure computers.
Whatever....
Read my post below. Updoot for you.
I have three 25 plus year IT experts here at work. I'm not a techie but I showed them both Comments and they agree with Darwyn. And they stood there for 20 minutes and came up with 3 ways to make this shit all work.
You guys fight about it. Computers are so awesome they stole.an entire globes worth of nations with them.
Also they called you an idiot for saying it was categorically false... just passing it on.
Kek...
True, but I sadly have seen a lot of Gov't stuff run off windows boxes and servers, although it typically is local municipalities and not anything as large as a pipeline company. I am curious what systems they use.
I believe some Navy systems are STILL on Windows XP
I work for the gov in a 'tech-ish' job. Everything we use is microsoft ... everything.
Then you should know that corporate america doesn't run on BSD or *nix. And it's not even a technically operable alternative 90% of the time.
As an adversary (pentester), I give zero fucks about your workstation OS. I want your credentials. And yes, I am absolutely targeting you, because the people with keys to the kingdom run *nix. And I always bet they're arrogant enough to not have a top-tier endpoint security tool, which gives me more options to pre-place my malicious garbage I'll pivot off of.
Now give me one admin or DevOps monkey with sa or dba privileges through an API and it doesn't really matter that the critical data is on a *nix server, it's hosed anyway.
Damn I starting to.think you are all arrogant fans. I trust tech less now than ever.
It is truly terrifying how little thought our tech overlords give to practical cybersecurity.
Job security for those of us in the sector, though...
If you don't have root on the unix server you don't control jack shit and you know it. Hacking admin rights on a database might allow you to break shit in the control structure sure, but root can remove you in a matter of hours. Data bases can be reloaded. Passwords can be reset. etc etc etc. These stupid winblows machines half the times its not the database that is hacked its the machine itself. The fucking OS is shit and you know it.
And yes I know much of corporate America doesn't run unix based servers. Cause their fucking idiots. They believe the sales pitch of the Microsoft or Google guy. Worse they are getting a kickback. If they are so awesome how come they are getting hacked all the time?
That's a joke right? You seriously think there is a job that a microsoft server can do that unix can't? My first PC ran SCO Xenix BTW. A 386DX16. Unix is what the entire internet was built on. My first time wasn't on the "internet" it was called PeachNet and at the time Windows didn't even have a way to access it. I used UUCP. Winblows was just an afterthought with flashy graphics and our overlord's approval because they could use it to control us. Wake the fuck up.
(Re-reading what you said has me confused. You seem to contradict yourself.)
Yeah, that's not what I'm driving at. FWIW, it's all been Linux on my personal machines since 1999. (Xenix can suck my ass, I felt that pain too.)
Corporate America = MS Office and client/server apps that are Windows-only. Few corps have purely web-based apps that meet all their business needs. Active Directory is king of the Identity Providers. ISV (prepackaged, turnkey, vendor-controlled) systems that use a GUI are generally Windows- because *nix simply doesn't have a cohesive, stable desktop environment, and no vendor wants to recode everything every two years because a bunch of college kids decide to swap out the WM or throw out GTK2 compatibility when they make GTK3. Micro$oft is unavoidable.
When I pentest, I'm not always interested in getting root. I don't need it most of the time. Being able to find an open service where I can put a piece of malware and point target machines at to fetch is a typical goal. Because it's *nix, it will be a stable repository or C2 node. 99% of the time, there won't be an antimalware engine on that machine that will blow it away, and it's usually considered a trusted machine so there are favorable network ACLs giving its communications carte blanche access. A perfect foothold.
If I can traverse through the service to grab a copy of a keytab or ssh keyring I can use to pass the hash, awesome, that's bonus loot. If there's a DBMS with a vulnerability, it rarely matters what OS it's on; I attack the service, regardless of how secure the OS is. And realistically, unless you're watching SELinux logs 24x7 (who the hell has time for that), you're not going to even know I'm there.
Now take everything I said and recognize that within a corp infrastructure, 10% or more of the devices connected to the network are running a flavor of Unix, not counting the server farm. Fewer than half are updated on a regular basis, with a quarter that are never upgraded from the day they're put in place to they day they're obsoleted and ripped out, which is 8-10 years. They are monitored for uptime, but that's about it. Manufacturing and Healthcare are the worst- those systems are lightly protected, designed to fail open, require executive-level permission for even routine maintenance, and they sweat those assets sometimes for 15 years.
Over the last 3 years in the Incident Response arena, *nix machines have been a critical piece in the infection nearly 3/4 of the times I've been associated with the cleanup effort, and I think only once was root compromised.
Okay... let's put this in context now. They've hacked the database or bounced off the Unix box into the PLCs etc just like you say, but they don't have root. They've now been discovered because of the ransom. So without root getting rid of them should be far easier. The hackers don't control the routers or the OS. Unplug the dam network cable and remove the problem. Its all software. They don't physically control anything.
Yes I know I'm over simplifying. I don't have time to write a dissertation about systems I'm not an expert on. Or time to become an expert. All I'm saying is an expert... a person who deals with those systems every day should be able to resolve this in days maybe less. If the problem is that the individual boards all need to be checked then you bring in more people to help so it goes faster. ANY problem can be solved.
And that's the crux of my point. Those problems aren't being solved and everything is being drug out has a logical explanation... bureaucrats and politicians are in the way. They won't bring in those extra warm bodies. Etc. Why? Because they want this drug out. The hack becomes an excuse. Its possible the cabal is even behind "the hack". Hell it might have been an inside job. Yeah, I'm making leaps, but isn't it awfully convenient that the states effected are all red states in the SE that all lifted WuFlu restrictions and were expecting hundreds of thousands of travelers to show up on vacation who would need lots of gas?
These people set a virus lose on the world, lied about it, tried to bury treatments for it, used it as cover to hack an election, and you seriously think they are above sabotaging a gas pipeline and using a "hack" as an excuse?
Have I got news for you.
That's not a virus. Its just a remote hack. Those happen every once in a while. You just have to stay patched. There are other ways to prevent that type of attack. Like for one don't run Imap or pop servers unless you HAVE to. Like on a mail server.
An equivalent exploit on windows would mean a virus/worm that spreads from machine to machine automatically infecting every machine in the network and then emailing itself to every persons contact list to attempt to spread to other networks.
An exploit like what you listed has to be used by a somewhat skilled hacker to directly attack one individual machine. If he gains access then he has to personally invade the machine and attempt to take it over.
One is easy to stop. A guy like me goes to the effected machine once the problem is spotted and unplugs the network cable. Then you fix it. The other can take out and entire building in a matter of hours and take 20 people a week to fix.
Windows is a security joke. If you believe otherwise then you clearly have never done real computer security.
Everyone is still ignoring my original point. Skilled technicians should be able to solve these problems in 1-2 days and get the gas flowing again. The fact that the gas isn't flowing clearly shows this is about bureaucrats and/or politicians don't WANT it to flow. Computer problems are just an excuse for the normies who don't know better.
Hey I just wanted to dispel the myth that "MuH bSD iS uNhAcKaBlE" for your own professional integrity. If a PLC can be wormed into blowing up a centrifuge an OS can be exploited. Maintaining up to date patches is apparently no small task, as most ransomware attacks were preventable by simple patching.
I wasn't trying to imply that BSD or unix is un-hackable. Any OS can have a vulnerability. Most unix OS are much harder to hack. They also give the admin much more control over how they run and what's turned on or off. A properly fire-walled FreeBSD box with every unnecessary network service turned off is virtually un-hackable.
I know this for a fact. For three years I ran a company that provided shell accounts to hackers. I lived in what could only be compared to Dodge City of the internet. I was never hacked, but almost all of my competitors were at some point. Mainly because most of them ran Linux. It wasn't because I was some awesome hacker it was because I had a simply philosophy... if its not needed turn it off. If it is needed keep it up to date etc.
Windows on the other hand... heh. Back then it was a joke. These days its still half a joke. You can put frosting on a turd... its still a turd.
If this pipeline attack was an attack on the equipment directly(PLCs, stuxnet etc) then I have to wonder why the equipment had such a vulnerability. I guess sometimes its impossible to know you are vulnerable but if that was the case wouldn't they be hacking other pipelines and even other industries that use the same hardware? No, either someone screwed the pouch or maybe someone installed a screen door on the submarine on purpose.
And my original point still stands. It doesn't matter what system was effected. You get extra people to help and you fix it. The idea that a remote software attack requires more than a few days to overcome seems odd to me. It seems even more odd given the politics involved. Its almost like its just an excuse to screw over the southern states. Hmmmm... I wonder who would want to do that?
Fuggin Kek.
You're asking the right questions. No back up plan, no off-site disaster recovery facility, no backups of data? What's really going on here. I've seen pizza shops with a better disaster recovery plan.
Exactly. They might as well be telling us the Death Star was remotely hijacked by a hacker and that's why it blew up Alderan. It makes no dam sense... until you realize they would love nothing more than to punish the southern states for daring to remove WuFlu restrictions, and for just being red states in general.
There is still fuel in those lines. If all of those things need a computer to monitor them then it's too dangerous NOT to do what the guy above said to do.
As far as leaks we already use K9S to walk pipelines and pump stations. In truth t here is zero reasons they cant turn it back on.
I take that back there is one reason. Their ccp masters won't let them.
90% of those safety protocols etc is because they run the pipes at high pressure to push the gas through faster etc. So why can't they run it at half capacity with a nice slow steady rate of flow? If the pump is set to 60% you aren't going to pop a seal etc. Yeah, I admit I'm no expert but I find it hard to believe they can't get something going to solve the problem. the only explanation is the bureaucrats don't want the fuel flowing. Its not like someone blow up the physical pipe and it will take weeks to patch it.
Are you assuming an entire pipeline is controlled by one computer? Are you sure you're the expert on this?
You're making my point for me. It probibly takes two dozen computer clusters to control something that large. So the bad guys got control of what one maybe two systems. UNPLUG the fucking network cable(or the power), replace/repair that system, and restart it all. Sure you need to check everything out. That takes what a day? Maybe two?
I'll say it again. The idea that some dude in his basement has the power to remotely control something so large as a pipeline is pure movie FICTION. It can't happen. If it REALLY is happening then that is the single most poorly designed security/computer control setup in the history of computers. AND its being run by the biggest bunch of idiots ever to sit at the console of a server.
Now let's talk about the REAL reason the pipeline is down. A bunch of bureaucrats and/or politicians are worried about profit margins or they are just using this as an excuse to keep it shut down, or they are punishing the southern states because they lifted WuFlu restrictions, or they are idiots who are frozen in inaction... on and on... the list is so long I can't type out all the possible reasons.
There is no way you will ever convince me that a dozen smart technical guys like me can't fix this in a day or two. That's not how this shit works. Its always the fucking bosses. There is something else going on here that has jack shit to do with hackers.
You’re either an engineer or controls contractor aren’t you? Lol
Well I’m a pipe fitter and you’re somewhat right but also misinformed. Large piping systems like these do have manual valves but they also have control valves. Depending on the control valve, if something happens with the system they will either fail open or fail shut. If they fail shut, there’s no opening them without the control system. All piping systems these days have control valves and have had them for a while now. Not to mention it’s not just simply the system for the fuel lines but multiple other piping systems that work in conjunction with the fuel lines. Tons of variables at play here
Well then the designers are fucking morons not to have a back up mechanical contingency.
2 is one, 1 is none. Your people failed.
Unfortunately as a contractor, you’re bound by the approved plans for a project. Depending on jurisdiction, engineers can have the last day even if it violates a code. We’re contractually obligated to put it in as they design it or we don’t get paid
The control system was not compromised to their knowledge, it was the business network and the control network is undergoing diagnostics as a precaution as things could have actually been damaged if they just assumed it was fine and left it running potentially compromised.
Also you are showing your lack of knowledge if you think it's as simple as tossing in a different computer. (Controls Engineer speaking.)
A pipe is a fucking pipe. It doesn't mater if its 1-2" PVC or 4' steel. The science is the same. Yeah oil and gas is more dangerous than water but I find it hard to believe that someone with some balls and a little know how couldn't get the pipe back running at say 50-75% of full capacity.
The idea that some dude in his basement encrypted a few hard drives completely stops something as massive as a pipeline is a joke.
What you're really saying is this hacker spooked them AND THE FUCKING BUREAUCRACY HAS THE FLOW OF GAS TOTALLY SHUT DOWN BECAUSE THEY ARE FUCKING RETARDS.
Some retard in a suit that knows even less about pipelines than me decided it was best if they shut everything down and wreck the economy. I wonder if he donated to Biden/DNC?
Ccp
The New World Order caused this and is inhibiting fixes.
Guess that makes sense. I still think we rely too much on computers and need to move away from them in certain areas. Anything can be hacked.
It is prudent to have manual as well as lower tech overrides to such an important system.
I can understand why you think they can just restart it all without the computer. It's really not that simple. There are instruments for density, leak detection, flow rates etc. all along the line. These instruments are needed to turn pumps on/off as well as valve control. All these things work in unison for safe operation.
To use different computers would take weeks to rebuild the control systems. Also you would have to be sure that the virus has been cleared from the field instruments or it could re-infect the new control systems.
This is what happens when your network security is lacking. I know this because that's what I do IRL.
there is the small issue that of a "Disater Recovery Plan" appears to be non-existent.
For such a critical infrastructure, (Strategic Energy supplies), which is inherently dangerous and has many public safety issues, not to have a plan to keep the system safely up and operational is a massive failure in itself, This pipeline is pumping gasoline, there must be many safety features built in to preserve life.
did you ever see videos of what happens in some third world counties when a gasoline pipeline catches fire, due to vandalism or simple theft attempts ?
simply opening the facet and letting it flow in an uncontrolled way creates a severe danger. One spark and you have a big problem and usually, death.
There are many pipeline companies so the system is compartmentalized somewhat.
But theybare all strategic critical nodes Nd that is something a foreign enemy will pay attention to. However I think tjey had inside help.
Yeah, I get that gas is dangerous. My dad used a large syringe to spray gas on a wasp nest one time. He didn't squirt fast enough and the fire went up the stream of gas and caught the syringe on fire. Wish I had that one on video. Totally hilarious.
I just find it hard to believe that someone can remotely effect a system so large that they couldn't just take 24-48 hours to remove/replace the effected systems and start everything back up. It makes no sense that its been down long enough to cause shortages at the pump.
This is about bureaucrats and politicians getting in the way. The only question is are they doing it intentionally or out of incompetence.
I've heard it was a stuxnet attack, against the Siemens process management functions. It's how the Iranian centrifuges were attacked. No good reloading compromised components, everything IT would have to be rebuilt from scratch and checked at every step.
Hmm. So you're saying its not servers... or not just the servers, they have infected all the PLC type devices that control the individual values and sensors...?
I guess I could see how that would be a harder problem to solve. Seems a bit odd that a US based company would allow their hardware to be that vulnerable.
But okay maybe... It just seems awfully convenient that this effects the SE... mostly red states... mostly vacations states that have removed WuFlu restrictions and are expecting tons of people to travel there in the next 2-3 months.
more to it than simply flipping a switch. Halt of one element in petroleum production/transport capable of halting everything from start to finish. Petroleum production industry has little to no overflow capacity. Meaning? one domino falls, all the rest follow, to restart, dominos must be stood back up one by one. Further complication, dominos must be stood back up in the correct order, or gaps occur in the system, when gaps occur, not all elements can idle and wait. Some elements must shut down when no product available to process/transport, and shutdown of one element means next in line must shutdown and wait or idle as well, until product fills the gap.
Petroleum production system highly complex, highly interconnected, and highly resource/time intensive to shutdown/restart.
Yeah, I do get what you're saying. I just find it hard to believe that some hacker accesses one or two systems which causes a shutdown out of security concerns... fine great... but then people are talking about should we pay a ransom? How long will it be before its back up? Then people start panic buying and its not back up after days...
Nah. I call BS. No computer is that critical. No computer is un-replaceable. If that's how their system works then its a flawed system. Yeah, they have to double check things blah blah... bring in extra people.
I'm just not buying it. If someone damaged or an accident had physically damaged a pipe or a pump sure, it takes time to replace things physically, but a computer hack, nah they should be able to fix that in hours maybe days tops.
Also maybe they should make more storage and build more pipes etc.
Check information. Pipeline in question utilizes computer operating system which is extremely old, outdated technology easy to hack. No up to date support. No patching. No security updates. OS name as ive heard. Cobalt.
"critical infrastructure" described so very well. SMH...
If it's shut down long enough yes. But a temporary interruption can not cause that domino effect.
Because that wouldn't drive the price of gas way up or prevent people from being able to get about their daily business. Just like the plandemic, this hack is black hats most likely in our own damn government.
Which is my point. Everyone keeps replying to technical jargon talking about that's not how pipes work blah blah. I said it right there I'm not a pipe guy. I'm just a computer guy. I KNOW COMPUTERS. You can't take total control over something that big remotely. If they really wanted the gas flowing it would be flowing.
Either bureaucrats or politicians are getting in the way. They all have agendas. None of those agendas are about making sure the little people don't get crushed.
100 percent logic. D
100% agree!
Hey man ... I totally see where you are coming from. Here is the thing though, Stuxnet (if that is what it was) finds it's way into your SCADA and can fuck up the machinery all while reporting back to the control boards that everything is hunky-dory. If the hack managed to break some shit, it's not just the software that will need inspection and fixing, it will be the hardware that keeps thousands of gallons of wasp spray (liked your comment from earlier) from leaking out all over the local golf course, an into my favorite fishin' spot. I'm not too worried about being out of bourbon for a few weeks, but I'm not at all cool with high-octane catfish fillets. Nope ... not cool with that shit at all.
https://greatawakening.win/p/12iNncgkW9/x/c/4E0x3xivIw8
Student was an inside job by one of the Iranian engineers.
Everyone needs to start gathering info on this. I'm seem stations in the south east running out of fuel because people are panic buying not because the station can't get fuel. There's a lot more to this than meets the eye. Don't believe the hype. Just like Lumber sitting in massive yards in the north east this seems to be contrived. Plenty of gas in the US and plenty of lumber but both are controlled by very few.
^^^ THIS ^^^
Here's an analysis allegedly, of what happened
https://www.varonis.com/blog/darkside-ransomware/
I got into a BIG argument with some pump guy... and he made some very good points. Some of which are that pumps and pipes of this size are NOT similar to the pipes you are familiar with, the scale is outside your experience... Whether it is the scale of the volume and pressures to move a liquid of that mass or the pumps that don't just "start-up", the valves also are not some simple lever mechanism. Should it be simple... YES, I "think" so... but I am not a pipe mechanic.
Maybe I'm being naive and over simplifying, but this was supposedly a computer hack and they were demanding a ransom? So I keep comping back to just unplug the network find the compromised systems and replace them. Then people say it is stuxnet and it got to all the individual parts... it all sounds like a lot of excuses.
If this stuff is that vulnerable why isn't it better protected? There is more to this story. Every angle I come at it just leads me back to wondering if the gas isn't flowing because the powers that be don't want it flowing.
You should probably do a little research. Your understanding of how the pipeline operates seems to be rooted in mental imagery stuck in "the early 90s."
As someone else who has "been doing computers" for decades, I can tell you it is certainly not as simple as you have made it out to be. You are right, it is not the movie "Hackers" and there isn't some terminal being remotely controlled, but when a system relies on a massive amount of data, and the network to that data is compromised, or the data itself needs to be recovered, it becomes a much more complex problem.
Additionally, most engineers (as most anythings) aren't great when it comes to having to think outside the box, and are used to applying cookie-cutter formulas to solve problems. So when something out of the ordinary happens, it takes longer to figure out.
P.S.: *since the early 90s.
As I said in my other reply. What you are really saying is a bunch of bureaucrats are going to have a meeting about it. Meanwhile they tell the technical people to turn it all off and stand down. Yet the technical people are screaming at them that they can have it back up in 24 hours. So instead of getting it up and running at all costs they sit around debating and/or worrying about their own asses, CYA.
Meanwhile the economy collapses.
I used to be that tech guy that did the dirty work. I know how this shit works.
EXACTLY - this is just to crush our economy - I can guarantee SOMEONE could have it up and running now - but they don't want that!
Mmm... not even remotely what I said.
It would appear you have over-estimated your understanding of how things outside your purview work. Nonetheless, you are free to think and believe what you like.
One thing is for sure.
The only thing two computer nerds can agree upon is what the third computer nerd is doing wrong.
I'm not one so I'll leave it too you needs. Good luck.