# Why does the oil pipeline even connect to the internet? I don't get it... seriously, why can't it be a LAN based setup?



## Space Lynx (May 12, 2021)

Can someone please explain this to me? I am referring to the oil pipeline that was hacked recently and has caused part of the shortage issues.

So, ok I understand why a big pipeline needs a computer system, flow states probably, leak check sensors, etc etc - but why does it have to be connected to the internet? Why not just a LAN all self-enclosed for only those workers to access it? Also, this topic applies to a lot of government stuff hooked up to the internet... I just don't get it... why not have it as a LAN based system for those who work on it and need to the sensors, etc... and then have a secondary computer that sometimes takes a raid 1 drive backup and connects it to internet on a separate system... this would be failproof... seems pretty simple to me. I guess I just need someone to explain to me why an oil pipeline needs to be hooked up to the internet... the wires for the internet are already run on it, just convert it to a LAN based system or something for those that need to know only... remote monitoring will have to be done through Skype and a remote worker on site or something if there really is some type of worker that is rare and needs to be in know but is far away... this is only scenario I can think of.


Any ideas or thoughts on this?  @R-T-B @TheLostSwede


----------



## R-T-B (May 12, 2021)

It might NOT connect to the internet at all.  Someone could've brought this malware in on thumb drive.  It happens a lot on high value air gapped systems (earliest instance was the Iranian centrefuge worm, IIRC), as cryptolocker malware like this only needs to be installed.  It does not need the internet to actually function.


----------



## Space Lynx (May 12, 2021)

R-T-B said:


> It might NOT connect to the internet at all.  Someone could've brought this malware in on thumb drive.  It happens a lot on high value air gapped systems (earliest instance was the Iranian centrefuge worm, IIRC), as cryptolocker malware like this only needs to be installed.  It does not need the internet to actually function.



ah ok I had no idea... thread closed LOL


----------



## MentalAcetylide (May 12, 2021)

lynx29 said:


> Can someone please explain this to me? I am referring to the oil pipeline that was hacked recently and has caused part of the shortage issues.
> 
> So, ok I understand why a big pipeline needs a computer system, flow states probably, leak check sensors, etc etc - but why does it have to be connected to the internet? Why not just a LAN all self-enclosed for only those workers to access it? Also, this topic applies to a lot of government stuff hooked up to the internet... I just don't get it... why not have it as a LAN based system for those who work on it and need to the sensors, etc... and then have a secondary computer that sometimes takes a raid 1 drive backup and connects it to internet on a separate system... this would be failproof... seems pretty simple to me. I guess I just need someone to explain to me why an oil pipeline needs to be hooked up to the internet... the wires for the internet are already run on it, just convert it to a LAN based system or something for those that need to know only... remote monitoring will have to be done through Skype and a remote worker on site or something if there really is some type of worker that is rare and needs to be in know but is far away... this is only scenario I can think of.
> 
> ...


Because we have a bunch of idiots running everything that would rather have profits & convenience instead of security? 
As was already pointed out, it isn't necessary for it to be jacked into the internet. Some assclown doing something that he/she knows damn well that they shouldn't be doing could easily cause the same problem on a closed network. 

Imo, this is how the next "Pearl Harbor" is going to do more than just sink a few US warships. Its going to sink the country unless they get their heads out of their asses and start taking more proactive steps to remedy the situation.


----------



## Fangio1951 (May 12, 2021)

lynx29 said:


> Can someone please explain this to me? I am referring to the oil pipeline that was hacked recently and has caused part of the shortage issues.
> 
> So, ok I understand why a big pipeline needs a computer system, flow states probably, leak check sensors, etc etc - but why does it have to be connected to the internet? Why not just a LAN all self-enclosed for only those workers to access it? Also, this topic applies to a lot of government stuff hooked up to the internet... I just don't get it... why not have it as a LAN based system for those who work on it and need to the sensors, etc... and then have a secondary computer that sometimes takes a raid 1 drive backup and connects it to internet on a separate system... this would be failproof... seems pretty simple to me. I guess I just need someone to explain to me why an oil pipeline needs to be hooked up to the internet... the wires for the internet are already run on it, just convert it to a LAN based system or something for those that need to know only... remote monitoring will have to be done through Skype and a remote worker on site or something if there really is some type of worker that is rare and needs to be in know but is far away... this is only scenario I can think of.
> 
> ...


Like what RBT said plus =

I'm a computer WAN Engineer with the 2nd largest IT Outsourcing company in the Oceania region.

These type of systems are on their own LAN systems, but support engineers use various methods to remotely access the systems for management and monitoring processes on a daily basis.

We perform white hat brute force attacks on our systems to check for any vulnerabilities  in our gateways and firewalls.

If the systems aren't patched ad up to date, then these types of attacks can succeed.


----------



## Shihab (May 12, 2021)

Having one computer connected only to a LAN does not necessarily mean you can't get to it through the internet. If any node in this network is exposed to the outside world, there is a risk. Don't know if there exists a computer worm that doesn't scan the local network for other targets to hit once it lands on a new computer.

That said, ransomware folks also nuke any backups they detect, so an online backup system wouldn't be as failproof as you might think.


----------



## Space Lynx (May 12, 2021)

I mean were oil pipelines really that inefficient before computers...? Has anyone actually ever compared it... maybe it doesn't need to be computerized at all (probably does, just saying I wonder if any of the higher ups of these companies even considered it)... like I mean we had oil and gas before computers, so it must not be impossible. lol


----------



## MentalAcetylide (May 12, 2021)

Fangio1951 said:


> Like what RBT said plus =
> 
> I'm a computer WAN Engineer with the 2nd largest IT Outsourcing company in the Oceania region.
> 
> ...


These types of attacks can & will succeed, regardless of how patched and up to date the system is. All this does is prevent the more common stuff from getting through. Anyone that has the know-how & determination will eventually get through to a system that relies on a network & software.


----------



## Shrek (May 12, 2021)

They did investigations on internet vulnerability in 2007

Staged Attack Causes Generator to Self-Destruct - Schneier on Security

Staged cyber attack reveals vulnerability in power grid - Bing video


----------



## R-T-B (May 12, 2021)

MentalAcetylide said:


> These types of attacks can & will succeed, regardless of how patched and up to date the system is. All this does is prevent the more common stuff from getting through. Anyone that has the know-how & determination will eventually get through to a system that relies on a network & software.


You say that like it changes anything.

The point in security is to make the asset more expensive to attain than the asset is worth.  If you have a properly patched offline system, it exited "one man job" territory long ago.


----------



## newtekie1 (May 12, 2021)

A lot of these systems are remotely monitored. That is why they are connected through the internet. 




Shihabyooo said:


> Having one computer connected only to a LAN does not necessarily mean you can't get to it through the internet. If any node in this network is exposed to the outside world, there is a risk. Don't know if there exists a computer worm that doesn't scan the local network for other targets to hit once it lands on a new computer.


Reminds me of the casino that was hacked through a fish tank thermometer. 



Shihabyooo said:


> That said, ransomware folks also nuke any backups they detect, so an online backup system wouldn't be as failproof as you might think.


Online backups are only vulnerable if the system has constant access to them. Something that opens the connection, uploads the files, then closes the connection isn't likely to be nuked by a ransomeware attack.


----------



## Shrek (May 12, 2021)

I have a dedicated firewall at home, but I am not sure how much it helps.


----------



## R-T-B (May 12, 2021)

Andy Shiekh said:


> I have a dedicated firewall at home, but I am not sure how much it helps.


A lot more than no firewall.


----------



## newtekie1 (May 12, 2021)

R-T-B said:


> A lot more than no firewall.


I can't imagine many people have no firewall these days, considering every ISP(at least in the US) gives a firewall away with their service.


----------



## R-T-B (May 12, 2021)

newtekie1 said:


> I can't imagine many people have no firewall these days, considering every ISP(at least in the US) gives a firewall away with their service.


true.  Well, mostly.  Many of those aren't given away, but rented.  Beside the point.


----------



## ratirt (May 12, 2021)

The oil pipelines you refer to are coming directly from production sites. The internet access is to reduce the labor needed for the production and exploration sites enabling personnel doing it remotely. Even though it's a production platform, it still requires people to operate it. When internet access kicked in with the bandwidth necessary, the number of people needed to be physically on-site has reduced. Which means the possibility of somebody getting injured or dead in case of an incident, has been reduced. You may not know that but it's always people who make a mistake that causes a disaster not a machine itself. Less people onboard less possibility that someone will be overlooked, forgotten during evacuation. Internet access gives a faster response to what's happening and allows you to act faster in some cases. Well more less. That's for people already there and you still need to get there as well. That can be an adventure of a life time in a harsh environment and a lot incidents happened due to people's transportation to/from rig-sites. Also there's an economical aspect to this as well. The internet connection is to improve safety of all the people working with production off-shore. Reducing the number of people on-site is important although there are still people there.  
LAN connection only is an option and it is being used still but that depends on the job. Internet connection on site is not something you have at home and firewall is not a MS defender. You don't get a fiber optic running to the rig from shore for internet access though. There are specific providers which can provide an internet connection and that one is not via cable although it's been changing. Well that all depends.
Energy business is the most important aspect in today's world. Every country is trying to be energy independent and have a secure delivery of energy. Most of disputes are due to that aspect. Oil is an still will be an important source of energy. If you think these companies use common firewalls to prevent hacks to their systems or data frauds you are looking at this from a wrong perspective. Also, people who are willing to hack into these networks or acquire sensitive data, are not users who are trying to get twitch girls naked photos for free.
You can all read about piper Alpha and what happened back then in 1986. Since that day, oil industry has been through a lot of changes and human safety has been a priority number one and it continues till this day. To bad, this care about human safety is not a priority number one in every aspect of our lives. 
That's more less why but there's way, way more to this.


----------



## Caring1 (May 12, 2021)

Oil, Gas, Electricity, as long as they are connected, they will be targets.


----------



## Shrek (May 12, 2021)

I worry about someone spoofing an OS update and bringing down a large number of computers.


----------



## dragontamer5788 (May 12, 2021)

Caring1 said:


> Oil, Gas, Electricity, as long as they are connected, they will be targets.





> In its own statement, the DarkSide group hinted that an affiliate may have been behind the attack and that it never intended to cause such upheaval. Like some other ransomware groups, DarkSide offers to sell its malware to others in what is known as “ransomware-as-a-service,” according to the cybersecurity firm Cybereason.
> 
> In a message posted on the dark web, where DarkSide maintains a site, the group suggested one of its customers was behind the attack and promised to do a better job vetting them going forward.
> 
> “We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”



To be fair, the criminal group behind the ransomware attack did *NOT* want to cause such a big ruckus. They promise to do a better job at vetting their clients (and their targets) in the future. This oil pipeline wasn't "targeted" per se. It just so happened to be somewhere, and the group just so happened to shut it down.

If you find a ransomware target, you don't necessarily *know* what that thing is doing. They probably just saw "Oh, these files look important. I bet we can get lots of money from this", and bam. Woops, you shut down the southeast's source of gasoline. No criminal gang wants the FBI to actually come after them. By accidentally going after such a huge thing, they've accidentally put themselves in the crosshairs of the FBI. That's bad for criminal business.


----------



## 64K (May 12, 2021)

Cheap gas is critical to our economy and it doesn't look like there's a quick fix. President Biden addressed the effects of the pipeline shutdown. He had this too say:

“Remediation and recovery is not necessarily a quick and easy process, and while essential functionality can be restored more quickly, it can take organizations weeks or even months to fully return to normal operations."


----------



## dragontamer5788 (May 12, 2021)

64K said:


> Cheap gas is critical to our economy and it doesn't look like there's a quick fix.



The good news is that demand is overall down, because we're still "recovering from COVID19" state. Its not like everyone is going out to summer vacation yet. If this gas event happened in June or July (when the country is expected to be largely vaccinated), it'd be much harder to deal with.

Most people I know are still work-from-home (for example), so gas demand is almost non-existent for these workers. This "work-from-home" status is probably going to go away as vaccinations increase, which really will increase our consumption of gasoline. But really, we don't actually need much gasoline right now.


----------



## 64K (May 12, 2021)

dragontamer5788 said:


> The good news is that demand is overall down, because we're still "recovering from COVID19" state. Its not like everyone is going out to summer vacation yet. If this gas event happened in June or July (when the country is expected to be largely vaccinated), it'd be much harder to deal with.
> 
> Most people I know are still work-from-home (for example), so gas demand is almost non-existent for these workers. This "work-from-home" status is probably going to go away as vaccinations increase, which really will increase our consumption of gasoline. But really, we don't actually need much gasoline right now.



Good point but people "panic buy". Do you remember the toilet paper shortage when Covid-19 broke out. Hell, probably a lot of people have a 10 year supply of toilet paper now but I don't think it goes bad.

The gas price hikes will alleviate the shortages some.


----------



## MentalAcetylide (May 12, 2021)

dragontamer5788 said:


> To be fair, the criminal group behind the ransomware attack did *NOT* want to cause such a big ruckus. They promise to do a better job at vetting their clients (and their targets) in the future. This oil pipeline wasn't "targeted" per se. It just so happened to be somewhere, and the group just so happened to shut it down.


Fair?  
Are we to just look the other way and assume, despite the nature of the "business" the group is involved with, that they're a bunch of "gray-hat" hackers too ignorant to have enough foresight to realize that their "clients" could use them & their "tools" for pulling stunts like this? Please.... if a group of individuals is doing stuff like this, whether directly or indirectly, and it causes something like this, they deserve to be hunted down by the FBI. Not so much as a punishment, but because of the potential threats from their recklessness. They can go on all they want about being apolitical or whatever on the dark web AFTER the fact, but regardless of whether they admit it or not, this kind of behavior is part of the problem. Besides, they've admitted as much that they're just in it to make money by offering these services, so if they had any sense of responsibility, they would march their collective asses to the nearest law enforcement agency and have them put to work fixing the affected systems. Knowing the FBI, they would probably hire them, lol.


----------



## Steevo (May 12, 2021)

A lot of the systems are NOT connected to the internet, but have/use low frequency serial data links, but along the whole system is run by centralized computers that are connected to the internet somewhere, or some angry employee may have done it, or some former employee who worked long enough to learn to sabotage. 

Here in MT a lot of places are moving to cell or satellite service internet that manage remote compressor or boost stations for different pipelines.


----------



## ratirt (May 12, 2021)

Caring1 said:


> Oil, Gas, Electricity, as long as they are connected, they will be targets.


As long? These will be connected for long.  It's energy brother. There is nothing hotter than energy 



Andy Shiekh said:


> I worry about someone spoofing an OS update and bringing down a large number of computers.


Not gonna happen  no spoof  believe me  It's like a man land on a moon  Yeah I know. This catches up too


----------



## R-T-B (May 12, 2021)

MentalAcetylide said:


> gray-hat


Frankly, they are blackhat, period.  Just because they supposedly have groups they will not target does not mean they are not still trying to exert hacking as a manipulative, threatening force.  There is nothing "grey-hat" about that.


----------



## ShiBDiB (May 12, 2021)

newtekie1 said:


> A lot of these systems are remotely monitored. That is why they are connected through the internet.



This is the likely answer. Although requiring a secure company VPN would definitely help with this situation (but would still be vulnerable if someones credentials were cracked, can be mitigated further with 2fa like requiring a physical card and password).

Can't say for sure what the case was as the company isn't even sharing with CISA let alone the public.


----------



## MentalAcetylide (May 12, 2021)

R-T-B said:


> Frankly, they are blackhat, period.  Just because they supposedly have groups they will not target does not mean they are not still trying to exert hacking as a manipulative, threatening force.  There is nothing "grey-hat" about that.


Yeah, that was my point, hence I put it in quotations. I think "ass-hat" would be more fitting.


----------



## R-T-B (May 12, 2021)

MentalAcetylide said:


> Yeah, that was my point, hence I put it in quotations. I think "ass-hat" would be more fitting.


"Hactivism" does indeed deserve to die in a dumpsterfire.


----------



## Shrek (May 12, 2021)

I imagine each country has its own group of hackers building weapons for use in case of conflict, this attack is a blessing in disguise; better to harden the systems now than later.


----------



## phill (May 12, 2021)

R-T-B said:


> It might NOT connect to the internet at all.  Someone could've brought this malware in on thumb drive.  It happens a lot on high value air gapped systems (earliest instance was the Iranian centrefuge worm, IIRC), as cryptolocker malware like this only needs to be installed.  It does not need the internet to actually function.


Bit late to the party but didn't they have to physically be at the property in like Die Hard 4 to hack these places??  

Film I know but......


Andy Shiekh said:


> I worry about someone spoofing an OS update and bringing down a large number of computers.


I thought Microsoft did that fairly well and regularly with what's called Windows 10 updates....  ??


----------



## MentalAcetylide (May 12, 2021)

R-T-B said:


> "Hactivism" does indeed deserve to die in a dumpsterfire.


I have something more fitting in mind. 
1st offense: cut off their hands.
2nd offense: cut off their feet.
3rd offense: cut off their head. Seeing as how they like to repeatedly create havoc that could cause people to lose their head, it would be fitting. Three strikes with a keyboard and they're dead. They don't want to give it up, then they can give up the ghost.


----------



## damric (May 12, 2021)

The pipelines probably upgraded the old analog relays to PLCs we see in modern mills and production facilities. The last steel mill I worked at had everything interconnected on the local network but you could easily remote in from home to check on things or tweak some settings. Even the overhead cranes were in the network. Often the login/password was "admin/password" which was just nuts. What was interesting is that every PLC and machine was cooled by refrigerated water, which created even more maintenance issues. A disgruntled somewhat knowledgeable employee could seriously do some damage.


----------



## R-T-B (May 13, 2021)

MentalAcetylide said:


> I have something more fitting in mind.
> 1st offense: cut off their hands.
> 2nd offense: cut off their feet.
> 3rd offense: cut off their head. Seeing as how they like to repeatedly create havoc that could cause people to lose their head, it would be fitting. Three strikes with a keyboard and they're dead. They don't want to give it up, then they can give up the ghost.


I'm a fan of reeducation more, but acknowledge some people never learn.  For that, my preference would be life in prison but I'm a known bleeding heart.


----------



## dragontamer5788 (May 14, 2021)

__





						DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized – Krebs on Security
					





					krebsonsecurity.com
				






> “A few hours ago, we lost access to the public part of our infrastructure,” the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom. The outage also took down its payment server and those that supply its distributed denial-of-service feature, which is used to turn up the heat on victims who balk at paying



Well, RIP Darkside. They messed with the wrong group. They should have stuck to RansomWare-as-a-Service vs Hospitals, and not move in vs oil pipelines.

EDIT: It could very well be an inside-threat though. If Darkside-group felt like this latest hack got them too much attention, maybe one of the hackers just took the money (from their own group) and ran. Hard to tell without much more context, but either way, Darkside-group is gone. Whether or not they come back in a new form will remain to be seen in the near future.


----------



## AliJa (Sep 20, 2021)

hello. an interesting question. most likely, it is easier for the owners of the oil pipeline just like that. They have offices not only near the oil pipeline itself. They are scattered all over the country. And the company is simply easier when they can somehow interact with the oil pipeline from anywhere in America. As a person who worked at a Mexican oil well, I can say with confidence that the biggest problem in this matter is the speed of the Internet. I hope that artificial intelligence will be introduced soon, which will fix these problems. I became interested in artificial intelligence when I read about it in an article: https://www.techtimes.com/articles/...cial-intelligence-in-our-day-to-day-lives.htm


----------



## the54thvoid (Sep 20, 2021)

Always good to remember, these groups mostly operate out of Russia. And they operate with absolute impunity and state indifference (if not support).


----------

