Homeland Security Investigates Colonial Pipeline Ransomware Attack


Colonial Pipeline CEO, Joseph Blount appeared before the Homeland Security Committee on Tuesday. The U.S. Senate is investigating the May 7th ransomware attack on Colonial, the largest fuel pipeline in the U.S. They also talked about cyber threats to critical infrastructure.

The Ransomware Taskforce announced they were able to recover some of the ransom which was paid in bitcoin. Despite the success, the Senators had a lot of questions for Colonial Pipeline’s CEO and for their cybersecurity company, Mandiant.

The pipeline is the supply chain to 50% of the fuel the East Coast consumes. Blount assured the panel that Colonial ‘takes cybersecurity very seriously.”

Signup for the USA Herald exclusive Newsletter

Nevertheless, the DarkSide ransomware hackers successfully attacked Colonial’s computer network using a single compromised password.

Blount testified the attack was made using a legacy Virtual Private Network (VPN) network on a single password. And also claimed the password was ‘complex.’ Adding that, ‘It wasn’t just Colonial123.”

The VPN account, which allows employees to remotely access the company’s computer system should not have been open at the time of the attack.

“ It was not intended to be in use, and has since been shut down,” Blount said.  

Cyber expert updates Homeland Security 

Charles Carmakal, Senior V.P. of cybersecurity at Mandiant described his firm’s response to the ransomware attack. And he says it’s still not confirmed how DarkSide obtained the password to the network.

The password for the VPN account had been previously compromised. It was leaked on the dark web. 

Without multi-factor authentication, the Colonial system was at risk of attack. With sophisticated hackers, any system is not secure without two-factor authentication.

Security researchers suggest two-factor authentication to protect against hackers. It requires a second confirmation, in addition to a single password. And they often use a mobile text, hardware token, or even fingerprint across all internal applications. In fact, two-factor authentication should be a standard security precaution. 

Blount defended his actions to pay the $4.4 million in ransom just hours after the ransomware attack. He claims it was  ‘the hardest decision’ of his 39-year career. But he believes it was the right one.

When questioned, Blount said the attack could have been much worse. If the company hadn’t paid to get its data back, Blount said, “That’s an unknown we probably don’t want to know.”

Cybersecurity remains a priority in D.C. In December 2020 it was reported that the massive SolarWinds hack breached 9 U.S. agencies including the Department of Homeland Security.