Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom (bloomberg.com) 141

Colonial Pipeline paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country's largest fuel pipeline,
Bloomberg reported Thursday, citing two people familiar with the transaction. From the report: The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company's efforts said.
This discussion has been archived. No new comments can be posted.

Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

Comments Filter:
  • Fantastic Job (Score:5, Insightful)

    by nehumanuscrede ( 624750 ) on Thursday May 13, 2021 @11:04AM (#61380420)

    Fantastic Job there Colonial.

    When you give them what they want, they keep doing it. You should probably shore up your network because after getting a $5M payout, they, or someone else, will likely be visiting your networks again in the near future. :|

    • by boudie2 ( 1134233 ) on Thursday May 13, 2021 @11:15AM (#61380484)
      I sense that the sympathy for Colonial Pipeline is slowly dissipating.
      • There was any sympathy for them in the first place?

        I guess probably from politicians they have bribed to ignore their complete lack of security.

      • by Freischutz ( 4776131 ) on Thursday May 13, 2021 @11:53AM (#61380690)

        Fantastic Job there Colonial. When you give them what they want, they keep doing it. You should probably shore up your network because after getting a $5M payout, they, or someone else, will likely be visiting your networks again in the near future. :|

        I sense that the sympathy for Colonial Pipeline is slowly dissipating.

        Their mistake was not hiring https://www.cyberninjas.com/ [cyberninjas.com]

        I particularly like this image: https://www.cyberninjas.com/st... [cyberninjas.com] The real set of people who pulled this off are likely greasy haired, over weight, wearing a Star Wars T-shirt and subsist on Diet Coke and Mars bars.

        • by irving47 ( 73147 )

          Well, thank god I have an alibi. I wash my hair daily. I'm not fat. I'm not *currently* wearing a StarWars shirt, phenylalanine gives me horrible headaches, and I'm allergic to the milk (chocolate) in any candy bar..

        • The real set of people who pulled this off are likely greasy haired, over weight, wearing a Star Wars T-shirt and subsist on Diet Coke and Mars bars.

          They'll be getting a lot more over weight. With that $5 million courtesy of Colonial, they can start buying their Mars bars by the pallet.

    • Re: (Score:3, Funny)

      by Anonymous Coward
      At least the didn't rely on green energy. You know how they never work properly.
      Remember when cybercriminals turned off the wind and blocked out the sun...
      • Dumbass, they can hack their way into the control systems for assets like those and wreck things if they wanted to do so. Solar panels and wind turbines aren't much good anymore when the power conversion systems they're connected to are wrecked.
        • by ceoyoyo ( 59147 )

          Solar panels and wind turbines don't have the same scaling problems fossil fuels do. You can put solar panels on your roof that are pretty much as efficient as the ones in a gigawatt solar farm. Digging an oil well and setting up a refinery in your back yard is considerably less practical. We could use that to make a more robust energy system.

          We won't of course, we'll wire everything together and hook it up to the Internet, but we *could*.

          • Solar Panels and wind turbines have different scaling problems to fossil fuels. Solar/wind are forced to have greater diversity than fossil fuels because they are inherently unreliable.
            • by ceoyoyo ( 59147 )

              I expect you just wanted to say something bad about wind and solar, but if that comment relates in some way to the topic under discussion in this thread, could you please state it clearly?

        • Realistically though considering all the infrastructure out there significant hacks are pretty rare. It's not that hard to limit hacks to just causing compartmentalized damage which is more or less why most advanced infrastructure using any type of computerized automation is not constantly being shut down by hacks. Soo yeah paying the ransom is lame, but It won't really be that hard for them to make massive gaibs in security within just a few months if they just stop being complete slackers and pay for the
    • by Tx ( 96709 )

      Their mistake was getting hacked in the first place, and not then having a good enough recovery plan. Once they were in that situation, if paying the ransom was the fastest way to get back up and running again, it was pretty much the only move.

      • And now that they've paid 5million in ransom the problem doesn't exist anymore so they can go back to not doing the first two things.

      • Re: (Score:3, Informative)

        by Anonymous Coward
        The real kick-in-the-pants is that they paid the ransom, and then restored from backup anyway, as the crypto-jacking 'recovery' tool was taking too long to do its thing.
    • Re:Fantastic Job (Score:4, Insightful)

      by Anonymous Coward on Thursday May 13, 2021 @12:28PM (#61380886)

      Governments need to start classifying paying ransomware operators as funding terrorism, because, well, it is.

    • Re:Fantastic Job (Score:5, Interesting)

      by shanen ( 462549 ) on Thursday May 13, 2021 @12:30PM (#61380890) Homepage Journal

      Should have been modded funny, not insightful.

      Needs to be a law against paying ransom. Give the victims another layer of defense: "But if I pay you then you can threaten to reveal that I paid you."

      Stating the obvious, but the managers of the pipeline are guilty of criminal stupidity. Companies run by stupid managers deserve to go bankrupt.

      NOT worthy of Insightful moderation. "Just the facts, maam."

      I'll add a cultural note about a similar crime. Ever heard of "sokaiya"? It was a kind of extortion against companies. The extortionist merely bought a few shares in the company and then threatened to shop up at the annual meetings and create an embarrassing public ruckus unless the company paid up. The government finally (mostly) cured the problem by making it illegal to pay them.

      • by havana9 ( 101033 )
        This. In the 70s and in the 80s there was a surge of kidnapping, mainly by Sardinian bandits, and Calabrese 'ngrangheta organized crime. Even a two famous singers and songwriters Dori Ghezzi and Fabrizio de Andre' were kidnapped for ransom in Sardinia.
        What stopped it was a law that in case of kidnapping all the assets of relatives and the kidnapped people were seized until the hostage was released, makig very difficult to pay ransom.
        • Hmm... Not bad, but I see how the kidnappers could work around it. Obviously the criminals would put more pressure on the relatives not to ask for help from the police until after the ransom was paid.

          However, as regards my suggestion, I'd like to change the victims' response to something like "But if I pay you and you ever get arrested then I will get arrested, too, because I paid you. You're a professional criminal and you are going to get nailed sooner or later. But you know I hope for sooner, too."

      • I work in this space. Technically, it IS illegal if the people you're paying the ransom to are under sanctions by the US federal government and have a no-trade sanction imposed. https://www.sxsw.com/wp-conten... [sxsw.com]
        • by shanen ( 462549 )

          Sounds like a lawyerly distinction, but thanks for the data.

          I'd prefer to focus on the non-legal technical side. If only that could be separated out.

      • by AK Marc ( 707885 )
        Paying protection money should be covered under RICO. The feds never tried it, because they would have looked like assholes, but Colonial paid criminals to support criminal actions. I wouldn't mind if the CEO served some prison time under RICO.
      • by shanen ( 462549 )

        Maybe I need new glasses? Or new fingers?

        s/shop up/show up/

    • how many years have they gone without hiring a cyber security department? (they were advertising for the lead posiiton when they were attacked-- note to self don't advertise you are without a cyber security department!) The salaries and benefits alone over 10 years would be over 5 Million. And that's without actually impmentening the expensive physical and software security, replacing insecure systems, and so forth. On top of that it's likely that some of the less secure practices may have enabled cheap

      • by ceoyoyo ( 59147 )

        Yeah, that was a tremendously good deal. I imagine the gang could have sold their access to the Russians or Chinese for an order of magnitude more.

    • Hear, hear.
      Just imagine how much they'll demand of the U.S. Government when (not if at this point anymore, but when) they hijack critical infrastructure, or U.S. military assets.
      All of this penny-ante stuff they've been doing have been just the proof-of-concept for their capabilities.
    • by irving47 ( 73147 )

      I blame "work from home". They obviously opened up a bunch of ports on machines for PC Anywhere!

    • Someone must have given these 'hackers' access.
    • When you give them what they want, they keep doing it.

      I don't see this as a problem. Eventually, Colonial will go out of business paying so many repeated ransoms, and the hacking group will have enough money to invest in legitimate enterprises.

  • This is why hackers do what they do. There's a reason governments don't negotiate with terrorists.

  • When "Disaster Recovery" is something you think about only after the disaster happened, you suck at your job. I get that they probably have a huge complicated system ( which, itself, can be cause for alarm. "As simple as possible" should be the name of the game ), but there shouldn't be a single reason why they needed to pay their attacker to fix the system.

    IT leadership there should have their names published and fired. There is no excuse which justifies their incompetence.

    • by NFN_NLN ( 633283 )

      > When "Disaster Recovery" is something

      Pfftt.. this is critical infrastructure. They need "Business Continuance". IBM, Cisco and EMC can come in to do an assessment, but the IT big boys are seasoned professionals at shaking companies down. It would probably be cheaper to just pay $5M to hackers every month.

      • Infrastructure can't be that critical if the TSA was put in charge of overseeing security [wsj.com].

        Lawmakers are demanding answers on how the Transportation Security Administration probes pipeline security, after a cyberattack on the East Coast’s main conduit for fuel snarled the region’s gasoline supply.

        The Colonial Pipeline Co. hack has brought fresh scrutiny to optional U.S. cyber standards for the sector, which contribute to uneven security investments by companies that transport oil and gas and coul

    • I get that they probably have a huge complicated system ( which, itself, can be cause for alarm. "As simple as possible" should be the name of the game ), ...

      Noting that "as simple as possible" can still be hugely complicated ...

    • When "Disaster Recovery" is something you think about only after the disaster happened, you suck at your job. I get that they probably have a huge complicated system ( which, itself, can be cause for alarm. "As simple as possible" should be the name of the game ), but there shouldn't be a single reason why they needed to pay their attacker to fix the system.

      IT leadership there should have their names published and fired. There is no excuse which justifies their incompetence.

      Well I can think of at least one excuse. When IT presented their security and continuity requirements to the team of money grubbing MBA's on their board, they were shot down.

      As always, keep a paper trail to CYA when this type of situation occurs. On paper, and maybe a memory stick or 10 you keep in many different places.

      • IT leadership, in that case, should have employed other "methods". "Leaks" and the like, to prod the board towards the right decision. Absent that, leave.

    • by DaveV1.0 ( 203135 ) on Thursday May 13, 2021 @12:26PM (#61380872) Journal
      They started looking for a cyber security chief two months ago. That is only 4 years after they were told their cyber security was atrocious. They were doing the best they could because these things take time.
  • by Ostracus ( 1354233 ) on Thursday May 13, 2021 @11:17AM (#61380496) Journal

    . The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company's efforts said.

    Ok. Backups: check.
    Still gave them the money: check.

    • by Anil ( 7001 )

      for $5m they should get some customer support on that decrypt tool.
      get them a hot-patch for the bottleneck.

      • by Luckyo ( 1726890 )

        Funniest part is, this hacker group just did the biggest faux pas that ransomware group can make. They provided a worse way to decrypt the network than backup restoration.

        The one thing that ransomware groups have that is exceedingly valuable is their reputation that "if you pay, we give you your data back and we do it swiftly". Because if you don't have it, almost no one will pay your ransom. I wouldn't be surprised if other groups in the same business hired a hit on these idiots back in Russia for damaging

    • Yeah - this is what I'm not understanding. They HAD BACKUPS. They even did the restore from those backups.

      Why did they pay the ransom?

  • by TigerPlish ( 174064 ) on Thursday May 13, 2021 @11:22AM (#61380536)

    ...and whoever moron approved the payment.

    All three should get jail, hard time jail, for negligence. It'll never happen, but this just makes my blood boil.

    It's time to start cutting out the cancer anywhere it's found.

    Weak. What a fucking weak outfit.

    • by gillbates ( 106458 ) on Thursday May 13, 2021 @11:59AM (#61380734) Homepage Journal

      You've missed the point: the $5M payout is less than they'd spent if they'd done it right the first time. It's cheaper to ask for forgiveness than to get permission.

      Let's look at this from the business perspective:

      1. Colonial has saved money on IT spending.
      2. The oil companies have increased profits from the shortage.

      The only people getting screwed here are the little guys. IOW, Colonial is doing good business, maximizing revenue for their clients and minimizing cost. Sure, you have to pay more for gas, but that was the entire point of business in the first place. You may not be happy about it, but would you rather pay twice as much for gas all the time, just to know the pipeline was secure?

      It's like the credit card fraud finding algorithms. American credit card companies delayed chip-and-pin systems by more than two decades because they found it was less expensive to catch most of the fraud through pattern matching software than to implement a more secure system. Because they could pass the cost of fraud onto the merchants (a third party), the had very little incentive to change.

      • by Ksevio ( 865461 ) on Thursday May 13, 2021 @01:04PM (#61381072) Homepage

        Except the $5mil is only what it cost them as part of the payout. Presumably they also make money under normal circumstances that they weren't while their pipeline wasn't operating

      • You've missed the point: the $5M payout is less than they'd spent if they'd done it right the first time. It's cheaper to ask for forgiveness than to get permission.

        No, it's not such a simple cost/benefit analysis. Using this logic, no one should test their code, because it costs time and money to increase code quality. No one should do backups at all, because backup systems cost money. They can just pay off the ransomware gangs whenever they need to, and they'll come out ahead.

        The reality is that good backups and good software coding practices do cost money, but they pay dividends over the long term. It only makes sense to pay off ransomware gangs in the short term.

        Bu

      • > Colonial has saved money on IT spending
        > The oil companies have increased profits from the shortage

        So the CEO and all the O will have a big bonus at the end of the quarter/fiscal year!

    • Criminalizing these payments is the only way to stop it. But given how many banks were bailed out in the 2008 crash, I really doubt the government is willing to let big companies fail.

    • All three should get jail, hard time jail, for negligence.

      How were they negligent? Is it illegal to lose money? Is it illegal to have downtime? Is it illegal to be unable to meet contractual obligations between private entities? Is it illegal to pay "external IT consultants" for services to your business to help improve getting back online?

      As much as I want to see people punished as well at present it's not illegal to be stupid, and to prove criminal negligence you'd need to show how the way these people acted deviates drastically from the way anyone else would in

      • by AK Marc ( 707885 )
        It's illegal to pay criminals for criminal activity. You can't (legally) pay someone to rob a bank. They should go to prison under RICO violations. IT manager, CIO, CEO, and whoever paid. Send them all to jail for directly funding illegal activities.
        • It's illegal to pay criminals for criminal activity.

          They aren't paying for criminal activity. They are paying for decryption services. The criminal activities are in the past. And that is precisely how the legal system would work if anyone ever tried this stupid approach.

          They should go to prison under RICO violations.

          There's nothing quite like the word RICO to out people as not having a clue how the legal system works. Hint: You can't RICO yourself for starters.
          https://www.popehat.com/2016/0... [popehat.com]

  • by edi_guy ( 2225738 ) on Thursday May 13, 2021 @11:24AM (#61380554)

    If it was crypto those hackers are screwed. Everyone knows that the anonymity that bitcoin provides is only at the surface. Anyone who wants to really wants to put in the effort to track you can, even if you are trying to do some fancy laundering. And in this case I'm thinking the anyone are the FBI (with help from their 3 letter cousins) . And I'm thinking that unless these hackers are deep in Russia proper, they going to get caught in about 9-18 months. Even if they are in Russia, it's likely Putin will have more use for them as trading pieces for negotiations with the West than anything else.

    You got to monitor your systems and now when to walk away...hitting a small regional hospital, mid-sized city, you can still stay under the radar. Hit 'Muricans at the gas pumps and literally we'll start a war.

    • by DarkOx ( 621550 )

      it's likely Putin will have more use for them as trading pieces for negotiations with the West than anything else.

      Hard to say. That will come down to public perceptions. If the public comes to regard this group as a team of elite cyber terrorists than they will have have value to administration. It will be politically useful for various government agency heads and the president to show "they did something and put some bad hombres out of action!"

      On the other hand if they choose to spin this as being done by some "seriously bad dudes" they both give Putin something of value to trade, and expose themselves to uncomfortabl

    • You're right in that BTC is 100% transparent. However, there's other cryptos out there than BTC. Even if the payment was made in BTC, it would most likely be transferred through Monero or a similar clone to execute additional transfers with complete anonymity.

      https://www.getmonero.org/ [getmonero.org]
    • Despite what you may think about it's traceability, laundering exists for cryptocurrencies. [slashdot.org] It's a highly attractive option too because the losses are minimal when compared to laundering cash which is about a 50% loss rate.

      • by jythie ( 914043 )
        And when you are talking millions in payout, one can probably afford to launder through a few layers, thus using the strengths of both and weaknesses of neither.
      • by ceoyoyo ( 59147 )

        Yeah, laundering bitcoin works just fine. Except that there's a big sign on your wallets (input and output) saying "yo, this dude visited the laundromat!"

        • Except that there's a big sign on your wallets (input and output) saying "yo, this dude visited the laundromat!"

          Cryptocurrency laundering works by mixing legal funds and illegal funds. What this means is potentially millions of legitimate cryptocurrency wallets have a single launderer in the history of their cryptocurrency despite having no involvement with cryptocurrency laundering. The launderers that insufficiently launder funds are the ones that get caught. Thus far, only a handful have been caught.

          • by ceoyoyo ( 59147 )

            Regular money laundering works the same way. If cryptocurrency ever catches on then you'll be able to set up a casino or restaurant or some other business that at least theoretically attracts enough legit users to obscure the bad. With the dearth of legit uses for cryptocurrency right now, and the impossibility of hiding transactions, your mixing service is just begging for a visit from local state security. All your customers too, legit and otherwise. Could be next week, or it could be a decade from now. A

    • by g01d4 ( 888748 )

      still stay under the radar

      Law enforcement sat on its hands dealing with this issue until it was too late. Just as bad as the indifferent security implemented by Colonial.

  • by dark.nebulae ( 3950923 ) on Thursday May 13, 2021 @11:28AM (#61380578)

    The US govt keeps talking about cybersecurity for infrastructure, but a big chunk of that infrastructure is owned and operated by private, for profit businesses. These jokers were maintaining profit by not investing in and maintaining their own cybersecurity. The same reason the electric grid in Texas failed because the company maintaining it did not want to lose profit investing in something they didn't think would happen.

    Even now the bean counters at Colonial are probably like "$5 mil for that security breach, we saved a ton of money by not beefing up our security, by not staffing a team of security experts, by not investing in pentesting, and by not continuously applying product updates for OS, services, applications and tools that we use. Yay, more profit for us!"

    And as we've seen by the panic buying of gas, at this point really any attack is going to trigger panic buying by the herd of sheeple getting their news from alt-right sources.

    Penetrate and hack Sysco for example (a major food distributor to restaurants and stores in the US) and people will start clearing the shelves. Hold Firestone (a tire manufacturer) for ransom and people will start hoarding tires.

    The government doesn't get that it is not just the water and power that needs protection and can cause disruption. Those might be on a larger scale, but even a hit on a private company like this can have a major impact on people, on the economy, etc.

    • Amen. Time and time again, private companies show that the MBA's they hire to run things are no better than monkeys. You might as well just pay them in bananas. They make the government look like paragons of efficiency. There's no substitute for hiring people who care about doing a good job and rewarding them when they do.

    • While true, this is like saying that stores have a shoplifting problem because they are too cheap to invest in adequate security. It's blaming the victims for the crime.

      Should companies take better precautions? Yes. But let's not blame them for being "too cheap" for failing to build a fortress around their digital assets to fend off roving bands of criminal hackers. Instead, let's get better a tracking down and punishing the hackers.

  • by JoeyRox ( 2711699 ) on Thursday May 13, 2021 @11:28AM (#61380582)
    Running a hacker-provided tool on their systems doesn't sound like a great idea to me.
    • by thegarbz ( 1787294 ) on Thursday May 13, 2021 @02:20PM (#61381398)

      Running a hacker-provided tool on their systems doesn't sound like a great idea to me.

      Hackers, even the evil kind do have a big incentive to follow through and correctly and non-nefariously remove the encryption after a ransom is paid, otherwise they'd have very little hope for future business.

      These are criminals not politicians we're talking about, they still have some integrity.

  • $5 million is peanuts in the grand scheme of things. It will probably cost more in IT services to rebuild all of those Windows systems. Colonial pumps 100 million gallons per day. They could easily tack on a fraction of a cent for a few months to pay that ransom and nobody would care. But the longer they fart around pointing fingers and f*cking TALKING, the worse things get.

  • Sting operation (Score:5, Interesting)

    by Dan East ( 318230 ) on Thursday May 13, 2021 @11:39AM (#61380630) Journal

    This sounds like a sting operation, where the FBI told them to go ahead and pay so they could better track the hacker's organization and follow the cryptocurrency as it's transferred and spent.

    • The hackers are in Eastern Europe, they don't care fuck all about the FBI (they have zero jurisdiction).
  • by schwit1 ( 797399 ) on Thursday May 13, 2021 @11:43AM (#61380642)

    We've all read enough stories here to know that cryptocurrency IS traceable given enough time and resources.

    • by daten ( 575013 )

      Even more interesting to me, the actual article says "The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack"

      So did the submitter change it to "untraceable"?

  • Lets face it they treated it as a joke. We know they did. We have all been in the position to see the dullards at the top completely miss the point of spending money on security.
    • IT security is a lot like partying: It costs money, but money usually isn't the problem.

      The problem is IT departments not having a clue what they are doing. Giving those more money just means that they will buy more "security in a box" solutions which wouldn't have prevented this. Most of the problems which make such attacks to easy were actually caused by spending money on things that are inherently dangerous. Installing Active Directory costs money, installing Office software with scripting facilities cos

      • by DarkOx ( 621550 )

        Most of the problems which make such attacks to easy were actually caused by spending money on things that are inherently dangerous. Installing Active Directory

        There are absolutely risks with things like Active Directory. On the other hand its easy to forget things like AD exist to solve older security problems. Without central authentication is really hard to have concept of identity when it comes to systems access, without which audit becomes impossible; so you have a different set of risks. Without centeral authentication how to effect access control changes when someone leaves the organization, what about when people change departments or roles how to preserve

      • by jythie ( 914043 )
        Building off your point.. beyond budget and incompetence, another major issue is competing requirements. Generally these systems get set up in order to make people's jobs easier or more productive, and are insecure because often good security makes other people's jobs more difficult or less productive. There are a whole bunch of competing priorities that can be really difficult to balance since, while looking at the perspective of one you can call all the others 'unimportant', this can almost always get f
        • Well there is a solution here is to consult the users to find good solutions for their demands. Essentially it's a process of finding out what the users want, not what they say they want. If they still insist on a risque solution you should warn them of the risks in writing and let them sign the order.

  • by battingly ( 5065477 ) on Thursday May 13, 2021 @12:02PM (#61380746)
    This only cost Colonial $5M. However, the next 100 victims who will be attacked because Colonial paid up will have to pay a total of $500M. Colonial just put a huge cost burden on the rest of society.
  • While I generally don’t like to start with an explicative shitgoddamnhellfuck, don’t they get it? This means that the cost of defense has gone up so significantly due to the “easy payback” the criminals get.

    I get that it isn’t a huge deal for the company, and that it would theoretically save them money and protect trade secrets, but you have to break the cycle.

  • Pay the Russian mob $1,000,000 to hunt them all down and kill them.
    • by Ksevio ( 865461 )

      Is that like when people demand the police investigate themselves and hold themselves accountable?

  • As a sidebar to this subject: we need to disconnect critical infrastructure from any sort of remote access, especially internet-connected (even through a VPN, even through all the firewalls) so it's not possible for cyberwarfare / cyberterrorist / cybercriminals to attack those assets like this.
  • by jhylkema ( 545853 ) on Thursday May 13, 2021 @01:17PM (#61381126)

    From TFA, the decryption tool they received was too slow:

    Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the companyâ(TM)s efforts said.

  • by jhylkema ( 545853 ) on Thursday May 13, 2021 @01:22PM (#61381134)

    The CEO will still get tens of millions in bonuses even after this blatant dereliction of duty. Because freedom.

    MURICA!

  • Colonial Pipeline has always passed their cost to the consumers and will face little consequences. Colonial would probably make record profit out of this if Americans could remember the example of who made the most out of the Texas grid debacle:

    These companies marked up their sales to power plants delivering billions of dollars in windfall revenue, according to a raft of first-quarter earnings reports. Chief among them is Energy Transfer, one of the state’s biggest operators of natural gas pipelines

  • by jythie ( 914043 ) on Thursday May 13, 2021 @02:01PM (#61381288)
    And this is why BTC keeps having value. As ransoms become more common, and they must be paid in BTC, that drives demand. Doesn't matter how poor of a currency it is, doesn't matter how useful it is, criminals have essentially duplicated the old pattern of 'gold/silver/USD has value because that is what you pay your taxes in' by making its purchase and transfer a business reality.
  • by Roogna ( 9643 ) on Thursday May 13, 2021 @02:20PM (#61381400)

    A reminder that backups are only as useful as their ability to be restored

  • Just think how easy it would be to pay a junior admin to install the updates on your Exchange Servers?

  • by Froze ( 398171 ) on Thursday May 13, 2021 @02:36PM (#61381510)

    Calling earthworm, calling earthworm, this is altimeter one.

    This is earthworm, go ahead altimeter one.

    earthworm, can you confirm the laser paint on the digital signature?

    affirmative altimeter one, signature is bright.

    earthworm be aware there is one hot on the rail and this will be danger close.

    This is earthworm, we are dug in and waiting for the show to start. ...

  • As someone who was head of IT security at a site that had nasty enough chemicals that Homeland Security got involved and audited us. We were one step down from a nuclear site. All the fluff and great countermeasures were in the books and audited. But they were fluff because they had no teeth. All it took was one babied person at the executive level to bitch that the "requirements' were too onerous and that he had a business reason for not doing things, then it would not be done. There was no teeth and the f

  • Bitcoin has dropped so far they're only getting $4 million! HA HA!
  • "untraceable cryptocurrency" isn't a thing. Every one of those coins is tainted now. The crooks will fuck up in a few years and use part of a coin they've forgotten to launder correctly and boom, found you.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...