Colonial Pipeline’s top executive told a Senate committee that an oversight appeared to have allowed hackers to break into their computer systems and contribute to crippling gasoline and oil shipments. other fuels up and down the East Coast.
Joseph Blount, the pipeline company’s chief executive officer, said the company believes criminal hackers broke into Colonial’s computers through an old virtual private network, commonly known as a VPN, “with no purpose in mind. intended use”. He added, “We’re still trying to determine how the attackers got the credentials needed to exploit it.”
VPNs, a technology commonly used by companies to allow employees to access corporate intranets from home, do not require multi-factor authentication, a process through which users are authorized. access to a computer system or application only after successfully presenting two or more pieces of information – security experts often call it “what you know and what you have”. The first piece of information is usually the password; the second could be a code sent to a mobile phone, for example. Multi-factor authentication is becoming more and more popular, and even free services like Gmail and Facebook offer this feature and encourage people to use it.
Democratic and Republican senators were largely sympathetic when they questioned Blount and failed to impress him with the apparent flaw. Colonial operates a 5,500-mile pipeline network that supplies 100 million gallons of gasoline, diesel and jet fuel daily to gas stations, airports and other customers along the East Coast, supplying nearly half of it. transport energy of the region.
“We deeply regret the impact this attack has had,” Blount said.
Blount said the company promptly notified the Federal Bureau of Investigation on the day of the attack and suggested that the damage caused to the pipeline could have been much worse had the company not paid a ransom for a A criminal group called DarkSide has infiltrated their system.
The Justice Department said on Monday that it has seized more than half of the ransom, totaling more than $4 million, of the Bitcoin digital currency.