Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Ransomware Struck Another Pipeline Firm -- and 70GB of Data Leaked (wired.com) 23

When ransomware hackers hit Colonial Pipeline last month and shut off the distribution of gas along much of the East Coast of the United States, the world woke up to the danger of digital disruption of the petrochemical pipeline industry. Now it appears another pipeline-focused business was also hit by a ransomware crew around the same time, but kept its breach quiet -- even as 70 gigabytes of its internal files were stolen and dumped onto the dark web. From a report: A group identifying itself as Xing Team last month posted to its dark web site a collection of files stolen from LineStar Integrity Services, a Houston-based company that sells auditing, compliance, maintenance, and technology services to pipeline customers. The data, first spotted online by the WikiLeaks-style transparency group Distributed Denial of Secrets, or DDoSecrets, includes 73,500 emails, accounting files, contracts, and other business documents, around 19 GB of software code and data, and 10 GB of human resources files that includes scans of employee driver's licenses and Social Security cards. And while the breach doesn't appear to have caused any disruption to infrastructure like the Colonial Pipeline incident, security researchers warn the spilled data could provide hackers a roadmap to more pipeline targeting. LineStar did not respond to requests for comment.
This discussion has been archived. No new comments can be posted.

Ransomware Struck Another Pipeline Firm -- and 70GB of Data Leaked

Comments Filter:
  • by notsouseful ( 6407080 ) on Tuesday June 08, 2021 @03:45PM (#61467014)

    And while the breach doesn't appear to have caused any disruption to infrastructure like the Colonial Pipeline incident...

    Didn't they simply turn off their infrastructure because their front office comps were jacked up and they weren't going to be able to account for things properly? I don't believe Colonial's infrastructure was directly affected by the attack either. I think it was reported that they "feared it would spread", or at least that's what they said about it.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      so it was less "OH no hackers turned the gas off" and more "Quick turn the gas off because we might not be able to charge for it"

    • by shanen ( 462549 )

      I think that's an accurate summary and not a bad FP, but there is a special word for the crime and I can't remember what it is. Can someone help out? It isn't "extracted" or "extricated", but something longer and quite specific. It's often used when discussing the channels for moving the stolen information. The word that keeps coming to me is "exfoliated", but that's completely different. It's the crime of secretly moving data out of a sealed network to other places...

      (Obviously all the warnings I received

    • by tlhIngan ( 30335 )

      Didn't they simply turn off their infrastructure because their front office comps were jacked up and they weren't going to be able to account for things properly? I don't believe Colonial's infrastructure was directly affected by the attack either. I think it was reported that they "feared it would spread", or at least that's what they said about it.

      Yes. In fact, even if you have an airgapped network, it too should be shut down if the main network is breached. You don't want to accidentally infect the criti

      • That's why "proper" environments don't let the IT/IS types touch the production control systems. It is not just because those people are incompetent, they are often stupid as well.

  • by Ostracus ( 1354233 ) on Tuesday June 08, 2021 @03:54PM (#61467050) Journal

    ...and 10 GB of human resources files that includes scans of employee driver's licenses and Social Security cards.

    And worries about.

    And while the breach doesn't appear to have caused any disruption to infrastructure like the Colonial Pipeline incident, security researchers warn the spilled data could provide hackers a roadmap to more pipeline targeting.

  • For Sale, slightly used technology and compliance company. Only driven to church on Sundays and garaged regularly. Unfortunately the garage burnt down so buyer beware.

  • by RitchCraft ( 6454710 ) on Tuesday June 08, 2021 @04:08PM (#61467088)
    Get these systems disconnected from the public Internet until a real solution to security is provided. This kind of crap will happen EVERY SINGLE DAY as it has been for the last few years. Stop *most* of it now by disconnecting. Start sanctioning countries heavily where these threat actors originate. If they are government sponsored attacks sanction completely (looking at you China and Russia!).
    • They stole contracts and other business information, this wasn't a SCADA level attack and neither was the Colonial Pipeline fiasco either.
      Companies are full of dumb people who have too much access. Access needs to be moderated, monitored and explicitly restricted. It also goes without saying that email systems and networks need a bit more intelligence in it to help prevent data from going offshore or to unauthorized locations.

      • This. Minimum access needed for the role, with efficient but secure processes in place where additional access is needed. Also, automated systems that trigger warnings where unusual access occurs.

    • You know it’s from management. I want remote access so I don’t have to drive to the office! Make my password easy to remember!

    • There are "real" security solutions out there, which are effective... they just need to be more widespread:

      For starters, FIDO keys, be it YubiKeys, Google Titan, Thetis, or other offerings. Just the fact that someone has to push the button on the key to get an action to happen will mitigate most remote attacks other than the ones trying to dupe or coerce the user into hitting the button. Alternatively, software solutions like Duo can stop an attack effectively.

      For file servers, separating user and admin p

  • There, title corrected for accuracy.
  • as a pipeline leak?
  • Congress can still issue letters of Marque and Reprisal if any hackers want to go privateer...

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...