Expert: Hackers will continue cyber-attacks because 'it is profitable'

HENRICO COUNTY, Va. -- When Carson Winston walked up to the “chaos” at the three gas stations near the barbershop where he works, the master barber and instructor said he saw cars lined up down the road. He even saw one man trying to fill up a trash can with gasoline.

“He literally was like filling it up. I was like, ‘what are you doing?’ And he had a car, so I was like: how you going to get the trash can in the car?” Winston said. “You would’ve thought it was like a concert how many people were there [trying to get gas]. I was like what!?”

Overreactions like the one Winston said he witnessed and gas stations running out of fuel because of “panic buying” were the result of a ransomware attack on the Colonial Pipeline.

The pipeline supplies large amounts of gasoline to the eastern U.S. and to Virginia.

Data security experts said attacks like this one are becoming almost commonplace because of a lack of investment in cybersecurity for infrastructure.

“It’s not something people think about because most of this stuff just works,” Peter Aiken, a data security expert and professor at VCU, said. “Because computing is ubiquitous, that means everything now needs to be protected. There’s no more of this, oh I’ll get to it later, because people are getting very good at the process of doing the ransomware and other types of hacking.”

The criminal hacker group officials said was responsible for the attack is known as DarkSide. It likely took advantage of aging IT infrastructure, according to Aiken.

He said some of the computer networks that operate in the background of daily life need an upgrade, but companies and governments do not always act to replace them until something like this happens.

“We had a very similar type of problem at the beginning of the pandemic where many of the states' unemployment systems were not secure, and consequently, there was hundreds in millions of dollars in fraud,” Aiken said. “Because it isn’t in the Windows or Macintosh or iPhone or Android type of place where most of our thinking is these days, people don’t think that the things we’re doing for those devices also need to be done for the infrastructure.”

Similar attacks to the Colonial Pipeline will continue because it is a lucrative enterprise, according to Aiken. He pointed to studies that showed 70% of companies end up paying the “ransom” when their data is locked by hackers.

“One of the first things people don’t understand is that when you have a ransomware attack and they turn around lock up your data, if you pay them, they’ll give it back to you,” Aiken said. “But since we can’t seem to stop them, they are going to continue to make money because it is a profitable business.”

Cyber criminals are no doubt paying attention to how American consumers behave, and Aiken said he expected one-off attacks like this will continue but will not be widespread.

“These shortages are likely to be temporary in nature. There’s no evidence they have the ability to concertedly shut down all of the systems. It would have been wonderful if we found out the mess they had down in Texas was caused by hackers but that was incompetence down there and again points to the need for the infrastructure,” he said.

Back in Eastern Hernico, Winston said seeing someone attempt to fill up a trash can with gas should be yet another warning bell to big companies and governments.

“I think it’s serious, but I think we’re overreacting maybe a little bit. Yeah, the whole trash can thing. I was like yeah he’s completely out there right now,” Winston said. “I don’t think we are prepared because if we were prepared a lot of people wouldn’t be panicking and going crazy right now.”

On Wednesday, the Colonial Pipeline restarted operations Colonial said all lines, including those lateral lines that have been running manually, will return to normal operations.

But it will take several days for deliveries to return to normal, the company said.

You can read more from local cyber security experts about the issues at play here.