One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators

"Not a Colonial123-type password."

One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators

The head of Colonial Pipeline told US senators that hackers who launched last month's cyber attack against the company and disrupted fuel supplies to the US Southeast were able to get into the system by stealing a single password.

Colonial Pipeline Chief Executive Joseph Blount told a US Senate committee that the attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor authentication in place.

That means it could be accessed through a password without a second step such as a text message, a common security safeguard in more recent software.

“In the case of this particular legacy VPN, it only had single-factor authentication,” Blount said.

“It was a complicated password, I want to be clear on that. It was not a Colonial123-type password.”

The panel was convened to examine threats to critical US infrastructure and the Colonial attack, which shut key conduits delivering fuel from Gulf Coast refineries to major East Coast markets.

Cyber attacks also hit US meatpacking plants owned by JBS, showing the breadth of infrastructure facing cyber threats.

The Colonial Pipeline hack demonstrated that much of the company's infrastructure remains highly vulnerable and the government and companies must work harder to prevent future hacks, senators said during the hearing.

Security experts call the use of a single-factor login system a sign of poor cyber security “hygiene.”

They recommend two-factor authentication, which requires a secondary measure like a mobile text or hardware token, and most major companies require this across all internal applications.

Senators questioned Blount about the company's preparations and the timeline for responding to the ransomware attack, which shut the line for days and led to a spike in gasoline prices, panic buying and localised fuel shortages.

“I'm alarmed this breach ever occurred in the first place,” said Senator Gary Peters, the committee's chairman.

“Make no mistake: if we do not step up our cyber security readiness, the consequences will be severe.”

The FBI attributed the hack to a gang called DarkSide. Some senators suggested Colonial had not sufficiently consulted with the US government before paying the ransom against federal guidelines.

Blount said he made the decision to pay ransom and to keep the payment as confidential as possible because of concern for security.

“It was our understanding that the decision was solely ours to make about whether to pay the ransom,” he said.

Blount said Colonial did not have a plan in place to prevent a ransomware attack, but did have an emergency response plan. The company notified the FBI within hours.

Blount said Colonial has invested over US$200 million (A$258 million) over the last five years in its IT systems.

When pressed to answer how much Colonial has spent to keep its pipeline cyber secure, Blount repeated that amount.

A company spokesperson later clarified the US$200 million was for IT overall, which includes cyber security.

Last week, US Deputy Attorney General Lisa Monaco urged companies to tell federal authorities whether they paid ransom to cyberattackers, information that can help investigators.

Blount said even after getting the key from the hackers, the company is still recovering from the attack and is bringing back seven finance systems that have been offline since May 7.

On Monday, the Justice Department said it had recovered some US$2.3 million in cryptocurrency ransom paid by Colonial Pipeline.

Colonial Pipeline previously had said it paid the hackers nearly US$5 million to regain access.

The value of the cryptocurrency bitcoin has dropped to below US$35,000 in recent weeks after hitting a high of US$63,000 in April.

As a result, the government recovered about 60 of the 75 bitcoin paid, but the value has dropped, falling short of the total dollar amount Colonial paid.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.

News Related

OTHER NEWS

‘Burnt out' cyber security professionals can make organisations even more vulnerable

Security analysts in Singapore are overwhelmed. Relieving the burden of mundane, repetitive tasks can reduce their workloads. Read more »

Biden names Google critic Kanter as Justice Dept antitrust chief

Big Tech put on notice. Read more »

Some crew taken off virus-affected cargo ship and put in hotel quarantine

A crew member of the BBC California. Picture: Trevor Collens / AFPSource:AFP Three healthy crew members from a coronavirus-infected cargo ship docked in Perth have been moved to hotel quarantine ... Read more »

Field Solutions Group to launch regional mobile network

Regional and rural telco Field Solutions Group has launched a mobile network for rural, regional and remote areas across Australia. The company will be the newest Optus mobile virtual network ... Read more »

How to best understand your audience, without cookies

Without being able to track users online, advertisers will gradually lose visibility on learning about consumer behaviour. What can they do? Read more »

Billionaire Jeff Bezos has successful suborbital jaunt

Helps usher in a new era of space tourism. Read more »

Priming Telstra for growth in the Asia enterprise network landscape

Telstra’s advantages lie in its rich legacy in local markets, as well as intimate knowledge and experience with customers, where it can play a role as a trusted advisor. Read more »

Dexus signs on to develop $1.4bn Atlassian office tower

Software maker agrees to 15-year lease. Read more »

The network is key in providing the right AR/VR experience

The success of AR/VR technology depends on whether organisations possess the wherewithal to handle the intensive bandwidth and processing requirements. Can AR/VR be more boon than bane? Read more »

EPA Victoria signs $52m IT services deal with Empired

Transition to take six months. Read more »

Melbourne's Global Storage scores at NetApp's APAC partner awards

Melbourne-based managed services provider Global Solutions has been awarded by storage vendor NetApp with an Asia-Pacific partner award. The company took home the solution innovation partner award for backup-as-a-service at ... Read more »

Kaseya has working REvil decryption key

Customer data unscrambling operations started. Read more »

Equinix Australia leads group negotiation for access to renewable power

After its progress was criticised in report. Read more »

FSG, Optus to trial 'host neutral' radio network in Queensland

Tests new model to share mobile equipment with many access seekers. Read more »

Linux systemd bug allows denial of service attacks

Old Linux bugs come back to bite users. Read more »

Covid-19 Qld: zero new local cases

Queensland’s latest Covid-19 numbers have been released and zero new cases were recorded. Picture: NCA NewsWire/Tertius PickardSource:News Corp Australia Queensland has recorded zero new locally acquired Covid-19 cases on Saturday. ... Read more »

Solarwinds spin-off N-able goes public on Nasdaq

N-able Technologies Tuesday completed its spin-off from parent company SolarWinds via an IPO that saw its shares tumble from its opening price. Canada-based N-able, which provides a full technology stack ... Read more »

NBN roundtable returns focus to customer needs - and NBN Co's costs

Areas of scrutiny revealed. Read more »

‘We were pretty shocked': Melbourne man speaks out about contracting Covid-19 at AAMI Park

Zac (left) tested positive to Covid-19 after attending the Wallabies match at AAMI Park. Picture: 9NewsSource:NCA NewsWire A young Melbourne man has opened up about contracting Covid-19 at a “super ... Read more »

Covid-19 Victoria: 12 new local cases recorded

New locally acquired cases have been recorded in Victoria. Picture: NCA NewsWire / Ian CurrieSource:News Corp Australia Victoria has recorded 12 new locally acquired cases of Covid-19 on Saturday. In ... Read more »

The Project: Dr Norman Swan's brutal lockdown prognosis

Carrie Bickmore and Norman Swan on The Project. Picture: Channel 10.Source:Supplied A health expert has told The Project’s Carrie Bickmore that New South Wales “might not get over” its current ... Read more »

Anger at Prime Minister Scott Morrison grows over coronavirus failures

Prime Minister Scott Morrison. Picture: Gary RamageSource:News Corp Australia Backlash against the prime minister has grown overnight with Scott Morrison the topic of conversation from Australian screens to the UK. ... Read more »

Calls for tower apology, Victoria enters seventh day in lockdown

• This coronavirus article is unlocked and free to read in the interest of community health and safety. Click here for full digital access to trusted news from the Herald ... Read more »

Melbourne couple sentenced for owning and exercising power over a slave

Kandasamy and Kumuthini Kannan were jailed on Wednesday. Picture: Andrew Henshaw/NCA NewsWireSource:News Corp Australia Kumuthini Kannan sat rocking in her chair on Wednesday, the same way she had on numerous ... Read more »

Press Council Adjudication

.Source:News Regional Media The Press Council considered whether its Standards of Practice were breached by an article published by the Herald Sun online on 21 January 2021 headed “Mill Park ... Read more »

Live breaking news: Growing fears NSW has lost control of worsening Delta strain covid outbreaks across Sydney

LIVE Last updated July 22, 2021 7:27AM AEST There are growing fears NSW has lost control of the Delta outbreak. There are growing fears New South Wales has lost control ... Read more »

Covid-19 SA: Centrelink office added to huge list of exposure sites as lockdown continues

Centrelink at Modbury has become one of the latest Covid-19 exposure locations, listed by SA Health. Picture: Scott Barbour/Getty ImagesSource:Supplied A busy Centrelink office in Adelaide’s north eastern suburbs is ... Read more »

Katie Hopkins blasts Australia's leaders for ‘imprisoning' people amid lockdowns

Katie Hopkins takes to Instagram Live to criticise harsh lockdowns as she quarantines in Sydney.Source:Supplied Katie Hopkins has blasted Australia’s handling of the pandemic to her large international following, declaring ... Read more »

Farmer Wants A Wife star denies domestic violence allegations

Farmer Sam Messina.Source:Supplied Farmer Wants a Wife star Sam Messina has strongly denied seven alleged domestic violence offences against a former girlfriend. A Current Affair reported the bombshell allegations last ... Read more »

Gold Coast teen creates viral sensation after puffy corn chip attracts $20k bid on eBay

The corn chip now has bids of $20,300.Source:Supplied A Gold Coast teenager has become the centre of a viral sensation after her unique corn chip attracted bids of more than ... Read more »

Woman hits back after cruel letter accuses her of being a bad owner for leaving her dog in the car

An angry note was left by someone who saw Drake in the car on his own. Picture: SuppliedSource:news.com.au An angry letter has left a Canberra local rattled after she found ... Read more »

Women separated from their partners during birth, pregnancy complications and miscarriage

A Sydney woman was forced to endure a traumatic procedure without her husband.Source:Supplied A Sydney woman who miscarried twins is among a growing cohort of women who say their treatment ... Read more »

PM pleads with Queenslanders eligible for AstraZeneca to get the ‘totally safe' vaccine now

​The PM insists AstraZeneca is ‘totally safe’, highlighting it has been given the ‘seal of approval’ from the TGA. Picture: Nikki Short / NCA NewsWireSource:News Corp Australia Prime Minister Scott ... Read more »

Sydney professor Dianne Jolley guilty of sending herself fake threatening letters

Former UTS professor Dianne Jolley has been found guilty of sending herself a bizarre series of fake threats. Picture: NCA NewsWire / Jeremy PiperSource:News Corp Australia A high-ranking Sydney academic ... Read more »

‘Man with bloody face' sought after fatal Newcastle shooting

A man was wounded in a daylight shooting in Newcastle on Thursday, officials have said. Picture: NCA NewsWire / Gaye GerardSource:News Corp Australia Newcastle police have asked the public to ... Read more »

ASIC secures winding up order for AI software firm Semantic Software Asia Pacific

Now-defunct Australian artificial intelligence software company Semantic Software Asia-Pacific is set to be wound up following a court decision. The Australian Securities and Investments Commission (ASIC) announced it secured the ... Read more »

Orient Futures in Singapore leverages Snowflake data analytics

Orient Futures Singapore aspires to be a ‘broker of the future’ by become intrinsically data driven. Read more »

ACCC to examine Amazon, eBay, Kogan and other marketplaces

Over rising competition concerns. Read more »

Brad Hazzard flags tough new mask exemption rule in fight against Delta Covid outbreak

Nurses are seen working at the Covid Testing clinic at Fairfield Showground, as essential workers in Sydney are now required to be tested every three days. Picture: NCA Newswire /Gaye ... Read more »

Sacked CEO refused to leave job at ritzy music school: court

The school teaches degrees, certificates and diplomas related to music and speech. Picture: iStockSource:istock A music school in one of Melbourne’s wealthiest suburbs is embroiled in a 17-month court battle ... Read more »