The cyberattack that exposed the fragility of the United States

A gas pump in Falls Church, Virginia, last Wednesday, when thousands of service stations ran out of gas on the east coast of the United States.KEVIN LAMARQUE / Reuters

The United States this week has relived scenes that it had not seen since the oil turmoil of the 1970s: endless lines at gas stations and service stations limiting purchases or announcing that they had run to zero. The large pipeline of the Colonial company, one of the main energy arteries in the country, closed on May 7, Friday, as a result of a computer attack, and for the first time had to stop completely, putting 45% of the supply in check of fuel all the east coast of the country. The panic of running out of fuel prompted millions of citizens and businesses on the East Coast to fill up their tanks, boosting demand and exacerbating supply problems.

Several states, such as Florida and Georgia, declared a state of emergency in order to take exceptional measures.

The average price of a gallon reached three dollars (2.47 euros), the highest since 2014. The authorities were quick to warn consumers who intended to stock up on gasoline using bags, given that the cans were running low, and the The federal government had to adopt emergency measures, such as the suspension of environmental requirements and the Jones Act on maritime trade - which requires vessels to be American - to solve supply problems.

More information

• DarkSide, the hackers with customer service channel pretending to be Robin Hood

• Colonial's great pipeline in the United States resumes its activity after the cyberattack

This whole mess took place despite the fact that, as published by the Bloomberg agency and

The Wall Street Journal

newspaper

, Colonial paid cybercriminals a ransom of about five million dollars in cryptocurrencies on the same day of the attack in order to be able to operate again. . DarkSide, as the group behind the outrage calls itself, is one of those criminal organizations that is dedicated to cyber kidnapping of the critical data of a company or institution that they only release in exchange for a payment. This is what is known in technological jargon as a

ransomware

attack

: they use malicious programs (

malware

) to penetrate systems, they encrypt sensitive information and sell a tool to decrypt it.

They happen every day without anyone knowing, companies don't want to reveal them for reputational reasons, and criminals don't want to be noticed.

But on Friday of last week DarkSide launched itself on Colonial and unleashed the largest known cyberattack on an energy infrastructure in the United States, an offensive that had a dramatic impact on the real world.

It managed to paralyze more than 8,000 kilometers (5,500 miles) of pipe that connects Texas with New Jersey, shaking the markets and the vulnerability of the world's greatest power to a civil criminal gang, in principle not linked to any government, despite the experience of recent years and efforts to improve cybersecurity.

Padraic O'Reilly, one of the founders of the firm CyberSaint Security, an expert in the energy sector and other critical infrastructures, warns that the danger is increasing. "The real world is going digital and the pandemic has also forced a greater virtualization of the tangible world, which what it does is that it exposes the physical systems to the network," he says. To this is added that 85% of critical infrastructure in the United States "is in private hands, that's a lot, and private companies have the incentive to look at the results in the short term and not always ensure security as much as they need. ”. In the case of the pipeline, O'Reilly believes that "something has derailed this time, [the criminals] have gone too far." "What is striking about this whole story is that they have had to close the pipeline," he explains,"It is one thing to steal a movie, or to block the medical records of a hospital, but that does not spread to an entire sector of the economy, as this time it has happened on the East coast."

DarkSide, which boasts of not attacking hospitals or schools, made a kind of apology on Monday, assuring that its objective is "to make money, not to create problems for society." In a statement that evoked the Spanish comedian Miguel Gila, whose popular gag consisted of telephone calls to the enemy to agree on what time and where to attack, the band made a commitment to “introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future ”.

They have not transcended the interlinings of the entire episode. According to the version that Bloomberg obtained from sources familiar with the process, under condition of anonymity, Colonial paid the ransom within hours of the cyber-hijacking of the data and DarkSide gave it the necessary computer tool to decrypt it, but this was very slow and the company had to They also use their own safeguards. At the time, the company claimed that it had stopped the operation to prevent the virus from spreading throughout its system. Regarding the payment of the ransom, of course, he did not say this mouth is mine. The figure that has transpired, those close to five million dollars, represents an exponential leap to the most common cases so far.

There are different estimates on this great little cyber data hijacking industry. According to information from the security firm Emsisoft, there are around two dozen major groups in the business and last year they moved up to $ 18 billion in ransoms around the world, an 80% increase over 2019, spurred in large part by this virtual impulse of economic and human activity that the pandemic has entailed. Another firm, Chainanalysis, estimates that 406 million were paid in cryptocurrencies, a balance so uneven that it gives an idea of ​​how diffuse this world is. There is, however, a consensus on the trend: it is going up.

“Everything is becoming more and more connected and, therefore, what we call the attack surface increases. The United States is a very advanced country and therefore also very connected, which is why it offers a great spectrum. When a company or an institution undergoes an operation like this, if it does not have good

backup

systems

, well updated, it has no other way out than to pay the ransom ”, explains César Cerrudo,

hacker

and chief technology officer of the information security company IOActive.

For Biden, the case opens different fronts. The shaking of these days has been ammunition for the Republican opposition, which reproaches him for the cancellation of the project for the new Great Keystone pipeline, a controversial project due to its environmental impact. And the impulse to the electric car, one of the basic measures of the environmental plans of the countries, expands what César Cerrudo calls "attack surface" of the criminals. The Democrat has to deal with Russia, as the criminal group is considered to reside in this country and Biden wants the Kremlin to take action.

This week he signed an executive order on cybersecurity that, roughly, obliges contractor companies to reinforce their measures. Work began on it precisely as a result of the massive cyberattack that several federal agencies suffered last year and Washington attributes to Moscow. Ukraine also accused Russia of attacking its electricity system in 2015 and 2016. And the hacking of the Democratic Party emails in the 2016 presidential elections is still very present. This time it has been a group of criminals supposedly based in Russia, but apparently independent from the Government, and the actions have transcended the physical world.

For now, pressure from the United States has led DarkSide to close its operation.

In a statement sent to some media this Friday, he said that the group would leave cyberspace within 48 hours.

Experts believe, however, that they will return under another identity.

Saying goodbye, DarkSide said, "Stay safe and have good luck."

Subscribe here to the

EL PAÍS América

newsletter

and receive all the informative keys of the current situation in the region.