U.S. Surrenders in IT War, Starts Paying Tribute to Russia
By
Duane Thresher, Ph.D. May 31, 2021
On Memorial Day, in memory of those who actually fought and
died to protect America.
Colonial Pipeline Company is a corporation headquartered near
Atlanta Georgia, like also-hacked Equifax is. Like most large
corporations, it is incorporated in Delaware, to take
advantage of their corporate law and proximity to Washington
DC. Colonial Pipeline Company's largest shareholder is Koch
Industries, the private corporation owned by the Koch
brothers, well-known conservative donors. The majority of
Colonial Pipeline Company however, is owned by foreigners.
Colonial Pipeline owns a critical pipeline, actually two, that
runs from a refinery near Houston Texas (been there) up the
East Coast to New York City (lived there), through major
cities, including Atlanta, or with branches to them, including
Richmond Virginia (been and go there) and Washington DC (been
and go there). One pipeline carries gasoline, for cars at
filling stations, and one pipeline carries diesel fuel, for
trucks at filling stations, and jet fuel for airplanes,
including directly to major airports along the way. If the
flow of Colonial Pipeline is interrupted, transportation in
the most densely populated part of the U.S. can be dangerously
interrupted. Colonial Pipeline is thus a strategic military
target.
In early May, Russian-backed hackers easily hacked
into
IT
incompetent Colonial Pipeline's computer system, which
controls the pipelines. The Russian hackers installed
ransomware that prevented use of Colonial Pipeline's computer
system until a $5 million ransom was paid via Bitcoin. For a
week, East Coast filling stations and airports experienced
transportation-interrupting fuel shortages. The
IT
incompetent FBI confirmed that the hackers were
Russian-backed but was powerless to do anything about them.
President Joe Biden, Commander-in-Chief of the U.S. military,
was also powerless to do anything about the Russian-backed
hackers and could only declare a state of emergency and make
hollow threats. Finally, Colonial Pipeline just had to pay
the ransom. Even after they did, their computer system ran
slowly, indicating the ransomware is still there and the
ransom will become a regular event, which is called a
"tribute". The
IT incompetent
media understood none of the technical aspects nor the
importance of this story and flitted on to some celebrity
news, which is mostly what it covers. This allowed President
Biden to do the same.
Besides being headquartered near Atlanta Georgia, Colonial
Pipeline Company is like Equifax, whose hacking was also a
national security disaster (see
Equifax
Dead: Hacked So Credit Reports Worthless), in that it is
IT incompetent. Equifax's Chief Information Security Officer
(CISO) during its data breach was
Susan
Mauldin, who has no IT education — see
The
Most Important IT Credential: An IT Education in
Principles of IT
Incompetence — only degrees in music composition
from a Georgia college. Colonial Pipeline Company's Chief
Information Officer (CIO) is, for the last 5 years,
Marie
Mouchet, who is also IT incompetent, having no IT
education, only degrees in math education, for teaching high
school, from a Georgia college. As
Marie Mouchet
also makes clear on her LinkedIn
page, her main interest is teaching STEAM (Science,
Technology, Engineering, Art, Math; one more ridiculous step
beyond STEM) and women in technology; see
No
IT Education: STEM and
IT
Hiring: Trading IT Competence for Diversity in
Principles of IT
Incompetence.
Even more frightening for national security, for the 13 years
before Marie Mouchet became CIO of Colonial Pipeline, she was
CIO for Southern Nuclear, which operates three nuclear power
plants (currently two reactors each) in Georgia and
Alabama.
Marie Mouchet was replaced as CIO of Southern Nuclear 5 years
ago by
Martin
Davis, who also has no IT education so is IT incompetent;
he only has a bachelor's degree in business
administration.
Further, by Martin Davis's own admission on his LinkedIn page,
from 2003 – 2009 he was responsible for "all aspects of
[information] technology for Wachovia Corporation worldwide".
For many years now, all checks have been processed via IT. In
2007 it was discovered that using stolen identities, probably
stolen via IT and from Wachovia itself, unsigned checks, which
should have been checked for by IT but were not, had been used
to steal $142 million from personal Wachovia bank accounts.
In one of the largest penalties ever demanded by the Office of
the Comptroller of the Currency, the Treasury Department
bureau responsible for regulating banks, Wachovia had to pay
$144 million.
Martin Davis
seems to have been hired only
because he is an African-American and Southern's leadership is
otherwise mostly white; see
IT
Hiring: Trading IT Competence for Diversity in
Principles of IT
Incompetence. Davis couldn't protect people, black or
white, from having money stolen from their accounts in his
bank; he certainly can't protect them from what will happen to
them from hacking of his nuclear power plants.
When hackers hack into nuclear power plants, which as shown
they inevitably will — or already have, as explained in
Handing
Over America's Electrical Grid to the Russians —
given all the IT incompetents like Marie Mouchet and Martin
Davis doing cybersecurity for them, many people will not just
be greatly inconvenienced as they were in the Colonial
Pipeline hacking, they will be killed, as they were in the
Chernobyl nuclear power plant disaster. The Russians are
eager to prove that they are not the only country capable of
such a disaster.
The FBI, who already knew about the hackers from similar
earlier hackings and should have stopped them before they
hacked Colonial Pipeline, could not because they too are IT
incompetent. I have a long history with FBI IT incompetence.
My family and I were the victims of not one but two health
insurance company data breaches over the years and we demanded
the FBI find, arrest, and prosecute the hackers, but they
never did, or even tried; see
FBI
Hacking Investigation Negligence Lawsuit. I've thus
researched FBI IT incompetence over the years. This turns out
to be difficult because the FBI conveniently has legal
protection against FOIA requests (see for example
FOIA:
That's Some Exemption, That Exemption 6), which is perfect
cover for incompetents (FBI = Federal Bureau of
Incompetents?).
The FBI does advertise that it has a Cyber Division, with an
Assistant FBI Director as its head and whose task is
explicitly to investigate hackings. However, even before
researching the IT incompetence of the FBI Cyber Division's
employees, its PR leads you to think they are not even trying
against hackers:
"The FBI's cyber strategy is to impose risk and consequences
on cyber adversaries. Our goal is to change the behavior of
criminals and nation-states who believe they can compromise
U.S. networks, steal financial and intellectual property,
and put critical infrastructure at risk without facing risk
themselves."
No mention of actually finding, arresting, and prosecuting
hackers, just scaring them and changing their behavior —
a Scared Straight program for hackers (Scared Straight
programs have been proven to not only not work, but to
actually create more criminals of the children in the
program).
The only FBI Cyber Division employee I could find anything
about is
Bryan Vorndran
, who was made the Assistant FBI
Director head of the Cyber Division under President
Joe Biden
. Vorndran has no IT education; he
is IT incompetent. He has as much chance of stopping the
Colonial Pipeline hackers as
Marie Mouchet
did.
Although the FBI certainly didn't discover it itself, the FBI
did confirm that the Colonial Pipeline hacking was done by the
DarkSide hacking group. As indicated, DarkSide has been
around for years and attacks strategic targets using
ransomware to extort money ... but not from Russia or its
allies, only from the U.S. and its allies. There is a lot of
stupid speculation in the U.S. media and government about
whether DarkSide is state-sponsored, i.e. paid by the Russian
state — but it does not need to be paid by the Russian
government because it makes so much money from extortion.
Duh. Throughout history soldiers have been at least partly
paid by the "spoils of war".
The fact of the matter is that DarkSide is an organization
that attacks strategic targets of the U.S. and its allies with
the backing of Russia and from the soil of Russia or its
allies. Russia is waging IT war on the U.S.
How is ransomware used? First, hackers hack into a computer
system just like they usually do. Then software is installed
on the computer that encrypts important program and data files
just like
emails
are encrypted, except the key is kept by the hackers.
When the ransom is paid, the hackers may — or may not
— provide the key to decrypt the files. If the hackers
do provide the key in exchange for the ransom it is only to
ensure that the victims will pay future ransoms.
Paying the ransom and getting the key does not mean that the
encrypting software is gone and the computer system is now
secure. In fact, the encrypting software is certainly not
gone and the system is still hacked. That the computer system
is running slowly after the ransom is paid and the decryption
key is provided, as was the case for Colonial Pipeline, is an
indication the encrypting software is still there, ready to
re-encrypt with a new key, and the system is still
hacked. (Colonial Pipeline says it reinstalled from backups,
but if this solved anything they would not have had to pay the
ransom.)
As I have written, for example in
HealthCare.gov
Hacked and
Hackers
Own The Federal Legal System, the goal of hackers is to
permanently hack into computer systems, since doing so is at
least somewhat of an effort, even with rampant
IT incompetence, and they
want to continue to make money from it. For ransomware this
means periodically re-encrypting program and data files and
demanding a new ransom. For Russian hackers attacking the
U.S., this turns ransoms into "tribute", which is defined as
"money regularly paid by one nation to another for peace or
protection, in acknowledgment of submission".
Ransomware is paid via Bitcoin, the new "criminal currency",
now that electronic payment has become so ubiquitous. (For
another Bitcoin crime example, see
Apscitu
Warned of Twitter Hacking Two Years Ago.) Bitcoin
blockchains do keep a record of their transactions, but the
transactors, particularly if one is in another country, like
Russia, can be hard to find, and prosecute. The
U.S. Government has allowed Bitcoin, and thus crime, to
flourish. The new head of the Securities and Exchange
Commission, Gary Gensler, even encourages Bitcoin use (he
allows violation of securities laws — see
Banned-For-Life
Trader and Business Insider CEO Henry Blodget Using Fake News
for Stock Price Manipulation? — so why not
Bitcoin?).
My first experience with ransomware was in 2015 when the wife
of one of my clients had her doctoral program laptop hacked
into and her files encrypted, including her dissertation and
photos. Even if she could have afforded the ransom, there was
a good chance she would not have gotten the key since hackers
can't count on the computers of individuals being available in
the future for repeated ransoms, so why risk any further
contact with them after the ransom is paid? I reformatted her
hard disk and re-installed the operating system —
directly from the OS manufacturer, not from backups, which may
also have been hacked — and gave her advice on how to
get her dissertation and photos from other places.
More recently (2020), in a variation of ransomware, hackers
sent me a
spear
phishing email saying they had hacked into my Apscitu
website and unless I paid $1500 to a Bitcoin address within 5
days, they would destroy my business. I program my own
websites and run their host computers myself so I knew this
was nonsense and didn't pay, but the hackers were preying on
how common it has become for this to happen; see
Websites:
Simple is Smart, Secure, and Speedy. I checked the
particular Bitcoin blockchain (the hackers might have used
other cryptocurrencies as well) and the hackers had already
made several thousand dollars. I also reported this to the
FBI, as they request you do, but they of course could and did
do nothing about it.
Tribute, as defined above, one nation essentially surrendering
to another but not being physically attacked in exchange for
regular large payments, has been around since war has,
including being mentioned numerous times in the Old Testament.
A popular (e.g.
Corsair by Clive Cussler and Jack Du
Brul) example from early U.S. history is the Barbary States,
which once lay along the coast of North Africa, now Libya,
Algeria, Tunisia, and Morocco.
From 1795 to 1801, when Thomas Jefferson was elected
U.S. President, the U.S. paid a tribute each year of,
incredibly, almost one-tenth of all its tax revenues to the
Barbary States so their pirate ships, "corsairs", would not
attack U.S. ships. When Jefferson came to power he stopped
this tribute and fought instead, including using the U.S.'s
most powerful ship of the time, the USS Constitution ("Old
Ironsides", which still exists and I've actually been on in
Boston Harbor). After a long fight, to 1815, all the Barbary
States were beaten by the U.S. and declined greatly in power
after that.
Of course,
Joe Biden
is no Thomas Jefferson, nor
Vladimir Putin
, President of Russia. (Ever notice
how much the photo I use of President
Joe Biden
looks like the complete invalid
Captain
Christopher Pike
from the original Star Trek series?)
So the U.S. will be paying tribute to Russia from now on, and
any other of the U.S.'s enemies who are not so IT incompetent,
which is all of them. Remember the
Stop IT Incompetence motto:
"IT's destroying US."
[Update: For more on Bitcoin and other cryptocurrencies,
see Cryptocurrency
Crisis: All Cryptocurrencies Might As Well Be Tulip Bulbs.
I have continued to receive emails like the described Bitcoin
ransom spear phishing email, so obviously, as expected, the
FBI did, and can do, nothing about
them.]