There are better ways to stop them maybe…
‘NEW: The hacker group DarkSide, which was responsible for the attack on the Colonial Pipeline, claims to be shutting down, saying it lost access to the infrastructure needed to carry out its extortion operations.’
At some point they’re going to hit a business/product that has investment in or backing by someone high ranking in their own country… and then magic that will “remove their operating conditions” will occur. Then, 5 minutes later, a whole new group will spin up. Easy money is too hard for the criminal minded to ignore.
That’s the key criticism voiced by those less enthusiastic about making everything connected to the Internet.
Btw: the current TWiG episode has a great discussion of the subject. Therein, it’s being reported that the attack did not immediately disable the pipeline but that the operator chose to shut down the pipeline to ensure that the pipeline operation itself could not be manipulated. Furthermore, that the attacker may not even have known they are attacking a pipeline operator.
All in all a pretty bizarre story that, in hindsight, makes prefect sense: nefarious actors buy ransom as a service, tries to extort, operator gets burned, rinse, repeat. Not going to stop unless we implement more secure operations. In a way, the experience is helpful to increase awareness and improve robustness of systems.
There’s a wide gulf between doing nothing and covert action within other countries’ borders.
Well, it seems like something is happening. I suppose we’ll learn more about who all is involved … or maybe we won’t.
I’m more in the camp that this is some staged “exit stage left with all the money” event more than any [oxymoronic] “quick co-ordination between governments” action… just too convenient.