I'm not a pipeline expert, but I've been doing computers sense the early 90s. You have a pipe. It has pumps and valves. You have a computer that controls it all. The computer gets hacked. UNPLUG THE DAM COMPUTER... and plug in another one. Then restart the pumps. If they are too incompetent to figure out a workaround then get the hell out of the way and let someone else try.
If there is one thing I've learned with computers its that the guy at the console is god. There is no such thing as taking over from a remote location. Anyone that tells you differently has been watching too many movies. Send real actual human beings out the the pumps, unplug the dam computer and just turn the pump on manually. Yeah, a person might have to watch the pressure and flow rates etc rather than the computer. So the hell what. Get the dam gas flowing again morons.
And they can't switch out the computers? They have NO backup systems at all?
If that's the case its just poor planning, and utter incompetence. There is no way you will convince me that if someone with half a brain was turned lose in fucking Microcenter they couldn't completely replace/bypass whatever computer these hackers have access to.
If that is a complete impossibility then the entire system is designed poorly and everyone involved should give back their paychecks to pay the ransom.
GET IN HERE GUYS!!! ... THE NERDS ARE ARGUING!!!
KEK!!! I LOVE OUR COMMUNITY. LOTSA SMART MFs AROUND THESE PARTS.
?Best comment in this thread
Depending on the retention period of their backups.....ransomware now infects systems and sits dormant 6 months before going live sometimes and unless you restore back far enough backups wont work.
I haven't look up the flavor of ransomware used to know if it is the above type or not.
Forgive me but I'm a unix admin. Ransomware and viruses don't really work on FreeBSD. I stopped using winblows like 10 years ago. If these idiots running this pipeline are too stupid to build their control systems on a real OS then we know the problem don't we.
This is categorically false, and really sheds light on what you know vs what you think you know. There are certainly fewer exploits to take advantage of in *nix systems, but you don't need an exploit, whether hardware, software, or operator, to wreak havoc on a system or network of systems.
Please... do link to a "virus" that works on FreeBSD. I'll wait.
You can install things like root kits if you get root access, but as a person who has spent DECADES on the console of unix machines all you have to do to fix that is unplug the network cable and fix it. Sure it can take 24-48 hours to fix depending on how long they've had root, how good your backups are, etc, but the idea that it couldn't be fixed quickly is just silly.
Winblows on the other hand... LOL... SMH... Its like it was designed to be compromised. The most hilarious part is windows recently has started using pieces and parts of unix to increase its security.
I just reread what you said... I don't need an exploit? So if they aren't attacking the routers, which are hard as hell to attack in the first place... What you said makes no sense. There has to be some gap in their security that was exploited. Otherwise everything would be fine.
Look I ran a company that provided unix shells to hackers. I never got rooted. I know how this shit works. There is a right way and a wrong way to secure computers.
Whatever....
I have three 25 plus year IT experts here at work. I'm not a techie but I showed them both Comments and they agree with Darwyn. And they stood there for 20 minutes and came up with 3 ways to make this shit all work.
You guys fight about it. Computers are so awesome they stole.an entire globes worth of nations with them.
Also they called you an idiot for saying it was categorically false... just passing it on.
True, but I sadly have seen a lot of Gov't stuff run off windows boxes and servers, although it typically is local municipalities and not anything as large as a pipeline company. I am curious what systems they use.
I believe some Navy systems are STILL on Windows XP
I work for the gov in a 'tech-ish' job. Everything we use is microsoft ... everything.
Then you should know that corporate america doesn't run on BSD or *nix. And it's not even a technically operable alternative 90% of the time.
As an adversary (pentester), I give zero fucks about your workstation OS. I want your credentials. And yes, I am absolutely targeting you, because the people with keys to the kingdom run *nix. And I always bet they're arrogant enough to not have a top-tier endpoint security tool, which gives me more options to pre-place my malicious garbage I'll pivot off of.
Now give me one admin or DevOps monkey with sa or dba privileges through an API and it doesn't really matter that the critical data is on a *nix server, it's hosed anyway.
Damn I starting to.think you are all arrogant fans. I trust tech less now than ever.
If you don't have root on the unix server you don't control jack shit and you know it. Hacking admin rights on a database might allow you to break shit in the control structure sure, but root can remove you in a matter of hours. Data bases can be reloaded. Passwords can be reset. etc etc etc. These stupid winblows machines half the times its not the database that is hacked its the machine itself. The fucking OS is shit and you know it.
And yes I know much of corporate America doesn't run unix based servers. Cause their fucking idiots. They believe the sales pitch of the Microsoft or Google guy. Worse they are getting a kickback. If they are so awesome how come they are getting hacked all the time?
That's a joke right? You seriously think there is a job that a microsoft server can do that unix can't? My first PC ran SCO Xenix BTW. A 386DX16. Unix is what the entire internet was built on. My first time wasn't on the "internet" it was called PeachNet and at the time Windows didn't even have a way to access it. I used UUCP. Winblows was just an afterthought with flashy graphics and our overlord's approval because they could use it to control us. Wake the fuck up.
(Re-reading what you said has me confused. You seem to contradict yourself.)
Have I got news for you.
That's not a virus. Its just a remote hack. Those happen every once in a while. You just have to stay patched. There are other ways to prevent that type of attack. Like for one don't run Imap or pop servers unless you HAVE to. Like on a mail server.
An equivalent exploit on windows would mean a virus/worm that spreads from machine to machine automatically infecting every machine in the network and then emailing itself to every persons contact list to attempt to spread to other networks.
An exploit like what you listed has to be used by a somewhat skilled hacker to directly attack one individual machine. If he gains access then he has to personally invade the machine and attempt to take it over.
One is easy to stop. A guy like me goes to the effected machine once the problem is spotted and unplugs the network cable. Then you fix it. The other can take out and entire building in a matter of hours and take 20 people a week to fix.
Windows is a security joke. If you believe otherwise then you clearly have never done real computer security.
Everyone is still ignoring my original point. Skilled technicians should be able to solve these problems in 1-2 days and get the gas flowing again. The fact that the gas isn't flowing clearly shows this is about bureaucrats and/or politicians don't WANT it to flow. Computer problems are just an excuse for the normies who don't know better.
Fuggin Kek.
You're asking the right questions. No back up plan, no off-site disaster recovery facility, no backups of data? What's really going on here. I've seen pizza shops with a better disaster recovery plan.
Exactly. They might as well be telling us the Death Star was remotely hijacked by a hacker and that's why it blew up Alderan. It makes no dam sense... until you realize they would love nothing more than to punish the southern states for daring to remove WuFlu restrictions, and for just being red states in general.