Go to home page

‘DarkSide’ Hacking of Colonial Pipeline Is Dark Indeed

May 16, 2021 (EIRNS)—President Joe Biden took two, characteristic actions on May 15. As the “un-President,” he made a tepid phone call to Israeli strongman Benjamin Netanyahu—his first engagement after a week of deadly war provoked by Netanyahu supporters—after which the latter immediately announced his attacks on Palestinians would continue unabated. But as the would-be nemesis of Russia, Biden jumped on the mysterious shutdown of the Colonial Pipeline oil pipeline to announce he was forming a task force to “target the hackers” and demanding that Russia act against cybercriminals, whose actual whereabouts and lineage are unknown. The White House quoted Biden on May 13: “We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks.” Rep. Adam Schiff (D-CA) and former Homeland Security cybersecurity chief Christopher Krebs used today’s “Face the Nation” program to pile on, Schiff saying “We should put the pressure on the responsible countries, Russia, China and others”; and Krebs, “Sovereign nations don’t allow cyberattacks to take place from their territory with impunity” (unless, presumably, the CIA carries them out, against Iran, North Korea, Russia, Libya, etc. etc.).

Now that the operation of the Colonial Pipeline Company’s system is “being restored to normal,” questions should be asked about some aspects of the reported ransomware hacking of the company one week ago. They include the report which emerged in the Wall Street Journal on Friday, May 14, that the DarkSide hacking group, or network of groups, had announced it was disbanding; and that the alleged reason for this retreat was that its hacking software system was effectively retaliated against by U.S. law enforcement and the State Department, shutting down DarkSide’s server and preventing it from collecting the bitcoin ransom equivalent to $5 million which Colonial may or may not have tried to pay.

Many things are murky about this episode, although some, besides Biden’s targeting of Russia over it, are clear: It caused Americans across a broad swath of the Southeast and Mid-Atlantic states to panic and hoard gasoline, creating shortages, shutdowns of up to half of gas stations in some states, and social conflicts among people trying to get gas; this in turn “caused” an increase of 10 cents/gallon in the gas price; and Biden’s Transportation Secretary Pete Buttigieg was enabled to claim that the United States urgently needed to build “a new grid,” even though the electricity grid was in no way involved.

The Wall Street Journal’s report immediately raises the suspicion that the “DarkSide” hackers group either doesn’t actually exist, or was an operation by some state intelligence actor which needed to be quickly shut down by its sponsor after one caper. DarkSide is only claimed in major media reports to have existed since August 2020. The Journal’s source was FireEye, the same clearly U.S. intelligence-connected company which attributed the Colonial Pipeline ransomware attack to DarkSide, and the “SolarWinds” hack of U.S. government computer systems last year, to Russia’s GRU. FireEye itself admitted on Twitter May 14 that “there is speculation from some ... that this could be an exit scam.”

RT reported on May 15 that former Kaspersky Lab CEO Natalya Kaspersky told RIA Novosti in an interview that DarkSide was a CIA operation, specifically of the Remote Development Branch of the CIA’s Center for Cyber Intelligence.

There were also conflicting reports in various media as to whether Colonial Pipeline Co. even attempted to pay a ransom. And of course, there has been a big, unanswered question from the start on May 10: Why did Colonial shut the pipeline down, triggering a panic among the public, when the hack was to its business software and the pipeline system can be operated outside the Internet?

This was, after all, the third major North American oil pipeline to be hit by attempted sabotage in four months: The first, Keystone XL, by President Biden; the second, Enbridge Line 5, by Michigan Governor Whitmer and Energy Secretary Granholm; and now Colonial Pipeline, by itself?

Back to top    Go to home page clear