Cyberattack on Colonial Pipeline was huge, but it won't wake us the hell up
Opinion: Not until hackers stage their internet 9/11 will the United States summon the will to stop them.
Phil Boas“I guess I’m jaded,” said internet guardian Ori Eisen.
When he said it, I thought I detected just a hint of amusement at my question.
I had asked if the Colonial Pipeline episode could be a blessing in disguise – the event that finally wakes up America to the threat hackers pose to our critical infrastructure.
“We’ve had so many wake-up calls by now,” he said. “That’s the problem.”
The impact of the Colonial Pipeline attack cannot be understated. Hackers seized up the largest conduit of gasoline in the United States, a 5,500-mile pipeline network that provides 45% of East Coast fuel. They triggered a 1970s-like run on gas stations in seven Southern states.
Forty-nine percent of gas stations in Virginia, and 45% in both Georgia and South Carolina for a time went dry. The governor of North Carolina declared a state of emergency.
For the first time in more than six years, the price of gasoline rose above $3 gallon nationwide, the Wall Street Journal reported.
He spent a career combating internet criminals
Eisen is a Scottsdale tech entrepreneur who has spent a career fighting internet crime – and the people he calls “cyber-punks,” who find vulnerabilities in corporate and government computer systems and use them to steal information and collect ransom.
He is founder and CEO of Trusona, a company that develops password-less entry into computer systems. Before Trusona, he founded the online fraud prevention firm 41st Parameter and was worldwide fraud director for American Express, “focusing on internet and counterfeit fraud.”
The only thing extraordinary about the Colonial Pipeline cyberattack, said Eisen, is just how ordinary it was. While it is still too early to know exactly who did this, early information points to common internet thieves.
Their M.O., explained Eisen, is to rent ransomware from a criminal gang such as DarkSide, identified as one of the culprits in the Colonial Pipeline attack, and then use it to take over computers. They charge corporations millions to give them back control of their own operating systems.
There are 2 kinds of internet crooks
There are two standard profiles for these internet crooks, Eisen explained. The first is a typical criminal “who used to rob banks and used to do other crimes, but realized this is just safer, easier, better.
“I jokingly say the people who still use guns are not advanced.”
The second “is more nefarious,” he said. “You have computer engineers who actually know how this stuff works, and they’re unwilling partners in this.”
They are told by criminal syndicates, “If you don’t help us we will kill your family,” Eisen said. “Now you end up sitting in a click farm or somewhere where ransomware is done. You’re helping to set the servers up. And to send the emails out. And to collect the money. You don’t want to do it, but you are forced into it.”
These operations originate “in countries in Eastern Europe, Vietnam, China, North Korea, Iran, Syria,” he said, “where you have servers that you have no way of getting to. Even with a judge saying cease and desist, no one is ever going to get there to shut it down, because the local police are incentivized to look the other way.”
America has slept through previous attacks
To know why the Colonial Pipeline attack is not the American wake-up call, said Eisen, you have to understand the extraordinary events we’ve already slept through.
In 2013, a group of Syrian hackers in service to their nation’s leader Bashar Assad, took control of the Twitter feed of the Associated Press and put out a news alert that two explosions had gone off in the White House and injured President Barack Obama.
It went uncorrected for six minutes, and in that time it spurred steep self-offs in the stock market, resulting in $136.5 billion in lost market cap or dollar value, reported MarketWatch.
That didn’t wake us up, said Eisen.
On Sept. 27, in the middle of a pandemic, hackers launched what is believed to be the largest ransomware attack on American health care, striking Universal Health Services, Inc, a 400-hospital nationwide system, reported the San Diego Union Tribune.
They've even tried to poison our water
They locked down electronic medical records and forced diversion of ambulances to other hospitals. The system did not return to normal for three weeks. The financial impact was $67 million, the newspaper reported.
“There were no riots,” Eisen said. “There was no call to arms. There was no ‘Congress, you need to do something.’ ”
On Feb. 5, a plant operator in the Florida city of Oldsmar (pop. 15,000) detected a cursor moving across his computer screen. A hacker had taken control and was raising the level of sodium hydroxide (lye) to 100 times its normal strength. They were trying to poison the water system, according to the Pew Charitable Trusts. The operator stopped the attack before it could pose a danger.
Sadly, it's going to take a 9/11-like attack
The nation isn’t going to wake up until there is a 9/11-scale attack, Eisen said. Unless you have loss of life, it’s just not going to shock people enough to change their behavior.
In the years before the Sept. 11, 2001, attacks, al-Qaida was talking to us, telling the West that something big was coming, Eisen said.
In 1996 they attacked the Khobar Towers in Saudi Arabia, killing 19 U.S. servicemen. That same year Osama bin Laden declared war on the United States. In 1988, al-Qaida bombed the U.S. embassies in Kenya and Tanzania. In 1993 they staged the first bombing of the World Trade Center in New York. In 2000, they bombed the U.S.S. Cole in Yemen.
Likewise, hackers have been attacking critical infrastructure in the United States for years. One day they will unleash the big one that finally gets our attention, said Eisen, an event he has dubbed E-9/11.
We cannot cede the internet to the bad guys, Eisen said. “It is the sum of our ambition as a species, as a race, as humanity. The internet is one of the greatest things we’ve ever created, so letting the bad guys own it is not even acceptable.”
Phil Boas is editorial page editor of The Arizona Republic. He can be reached at 602-444-8292 or phil.boas@arizonarepublic.com.