Connect with us

Technology

Who are DarkSide Hacker Group?

A HACKER group hit the operator of a major fuel pipeline last week in one of the biggest cyberattacks in US history.

The mysterious team behind the scheme, DarkSide, say they’re only in it for the cash – but who are they, and how did they breach Colonial Pipeline?

Who are DarkSide Hacker Group?

Getty

A hacker group breached a major US fuel pipeline last week[/caption]

DarkSide is a ransomware group linked to an extortion attempt that has snared fuel deliveries across the US East Coast.

The criminal gang may be new, but that doesn’t mean its hackers are amateurs, according to Reuters.

Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.

“They’re very new but they’re very organized,” Lior Div, the chief executive of Boston-based security firm Cybereason, said on Sunday.

Alamy

The attack on the Colonial Pipeline, which carries nearly half the fuel consumed along the US East Coast, is one of the most disruptive digital ransom schemes ever reported[/caption]

“It looks like someone who’s been there, done that.”

DarkSide is one of a number of increasingly professionalized groups of digital extortionists.

The group has a mailing list, a press centre, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.

Experts like Div said DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.

“It’s as if someone turned on the switch,” said Div, who noted that more than 10 of his company’s customers have fought off break-in attempts from the group in the past few months.

Ransom software works by encrypting victims’ data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars.

If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.

DarkSide’s site on the dark web hints at their hackers’ past crimes, claims they previously made millions from extortion and that just because their software was new “that does not mean that we have no experience and we came from nowhere.”

The site also features a Hall of Shame-style gallery of leaked data from victims who haven’t paid up, advertising stolen documents from more than 80 companies across the United States and Europe.

Reuters was not immediately able to verify the group’s various claims.

One of the more recent victims featured on its list was Georgia-based rugmaker Dixie which publicly disclosed a digital shakedown attempt affecting “portions of its information technology systems” last month.

A Dixie executive did not immediately return a message seeking further comment.

In some ways DarkSide is hard to distinguish from the increasingly crowded field of internet extortionists.

Like many others it seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.

It also has a public relations program, as others do, inviting journalists to check out its haul of leaked data and claiming to make anonymous donations to charity.

Even its tech savvy is nothing special, according to Georgia Tech computer science student Chuong Dong, who published an analysis of its programming.

Fox

The cyberattack has been branded an ‘act of war’ by former House Speaker Newt Gingrich[/caption]

According to Dong, DarkSide’s code was “pretty standard ransomware.”

Div said that what does set them apart is the intelligence work they carry out against their targets beforehand.

Typically “they know who is the manager, they know who they’re speaking with, they know where the money is, they know who is the decision maker,” said Div.

In that respect, Div said that the targeting of Colonial Pipeline, with its potentially massive knock-on consequences for Americans up and down the Eastern seaboard – may have been a miscalculation.

“It’s not good for business for them when the US government becomes involved, when the FBI becomes involved,” he said. “It’s the last thing they need.”

As for DarkSide, which usually isn’t shy about putting out press releases and promises registered journalists “fast replies within 24 hours,” the group has stayed uncharacteristically silent.

The reason is not clear. Requests for comment Reuters left via its main site and their media centre have gone unanswered.

What is the Colonial Pipeline attack?

The biggest US gas pipeline will not resume full operations for several more days due to a ransomware cyberattack blamed on a shadowy criminal network called DarkSide.

The attack on the Colonial Pipeline, which carries nearly half the fuel consumed along the US East Coast, is one of the most disruptive digital ransom schemes ever reported.

While the impact remains to be quantified, the pipeline shutdown will reduce fuel availability in the near term, push up prices and force refiners to cut production because they have no way to ship the gas.

The privately owned company said on Monday it was working on restarting in phases with “the goal of substantially restoring operational service by the end of the week.”

The FBI attributed the cyberattack to DarkSide, a group believed to be based in Russia or Eastern Europe.

Its ransomware targets computers that do not use keyboards in the languages of former Soviet republics, cyber experts said.

President Joe Biden said there was no evidence thus far that Russia’s government was involved.

A statement issued in the group’s name on Monday said: “Our goal is to make money, and not creating problems for society.”


Its statement did not mention Colonial Pipeline by name.

Ransomware is a type of malware designed to lock computers by encrypting data.

The hackers demand payment to let the owner regain access.

It is unknown how much money the hackers are seeking, and Colonial has not commented on whether it would pay.

Anne Neuberger, deputy national security adviser for cybersecurity, told reporters that the Biden administration is not offering advice on whether Colonial should pay the ransom.

Colonial on Friday shut its 5,500-mile (8,850-km) pipeline network, which moves fuels including gasoline, diesel and jet fuel, to protect its systems.

The episode laid bare the vulnerabilities of energy infrastructure to hackers.

US lawmakers responded with calls for stronger protections for critical energy infrastructure.


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk