Colonial Pipeline Attack: Unwarranted Panic?
When someone hears the word “hacker,” they may immediately associate the term with computer viruses, personal information theft, and stealing information from users’ systems. However, it is very rare to see these hackers affect things on such a large scale that their actions impact a large portion of a nation’s population.
On May 7th, Darkside, an Eastern European cybercriminal hacking group, infiltrated the computerized system managing the Texas-based Colonial Pipeline system. The Colonial Pipeline system is an essential part of the infrastructure of the United States, providing gasoline and jet fuel from Texas to New Jersey, making up 45% of the East Coast’s fuel supplies. Mainly, though, the 5,500 mile pipeline supplies the southeastern United States. The attack that ensued forced the company to shut down its entire system for nearly a week.
Darkside used their position to ransom the computer system of Colonial Pipeline, making them pay 75 bitcoin, equivalent to around five million dollars, to regain access to their own software. This marked the largest recent cyberattack on oil infrastructure in the United States. On May 6th, the day before the attack, the hacker group also is believed to have stolen 100 gigabytes of data from the pipeline system.
Beyond the ransom itself, the pipeline shutdown had widespread effects on the country. On May 9th, the federal government declared a state of emergency for 17 states (including New Jersey) and the District of Columbia, easing travel restrictions on commercial motor vehicles transporting certain fuels within those areas. The most detrimental impact, though, was the panic among buyers in the southeastern United States. For the first few days following the incident, the on-ground gas supply remained stable, but people began to worry about the situation possibly becoming unstable.
Long lines at gas stations all across the southeast began to form, causing the pumps to run dry all over the Eastern Seaboard. Patrick De Haan, head of petroleum analysis at GasBuddy, a gas data compiling company, attributed an estimate of 90% of the damage to panic-buying and hoarding. Just like in the GameStop situation earlier this year, the power of consumers to disrupt the status quo through unanimous action cannot be undermined, as it can even go against the interests of consumers themselves at times.
Areas from southern Virginia to South Carolina were impacted the most, with 71% of stations running out of fuel in Charlotte by May 11 and 87% of stations in Washington D.C. by May 14. Videos could be seen of people filling up extra gas canisters or even plastic bags at stations, trying to hoard supplies, increasing the demand for gas, and in turn, the price. The average national gas price rose to its highest point in six years, rising 8 cents. The most heavily impacted areas could have seen price increases as great as 21 cents in just days.
Following the widespread power outages in Texas during the winter storms in past months, questions of the integrity of our nation’s infrastructure are being raised. Without proper protection of nationwide systems, digital or physical, the country can easily be engulfed in panic and a state of near non-function. Even though this kind of ransomware is not nearly as rare as one would expect, this specific incident struck a chord with so many who were personally affected by the damaged infrastructure.
While Darkside claims that the attack was not politically motivated and was solely done for the purpose of profit, this event could easily set a precedent for a group wishing to do more than just economic harm. This forces the country to question: will the leaders of our infrastructure systems learn from these attacks, or will they wait until another event, maybe even something worse, happens before they take the proper measures to protect the systems that run our country?