The giant

Spud_Monkey · May 17, 2021

When I was in Woodstock/Atlanta, Georgia last week the day I was picking the backhoe up every fuel station within 40 miles between where the rig was parked and where the backhoe was was either empty or packed with about 30 plus cars. Interesting thing is where the rig was parked there was no panicking, in fact I filled up the car and put 180 gallons of diesel in the semi for $2.89 a gallon. Not needing to hoard just what was needed to get 1200 plus miles down the road.

skyking1 · May 17, 2021

The railroads and military have had dark fiber for decades now. If you have the pipeline right-of-way, you can string your own dark fiber and have NOTHING facing the internet.

I dug in the railroad's own dark fiber alongside the new tracks in Tacoma, and dodged the military's dark fiber while doing it. Some of it was so obscure that nobody wanted to claim it when I first dug it up. It may have been abandoned but nobody wanted to say one way or the other.
Fiber is not impervious, but if you concrete case the conduit and physically secure the end points it is pretty tough to break into. You have to disconnect it to tap in, there is nothing to pick up by induction or any other means. That will set off all sorts of alarms.

JD955SC · May 17, 2021

From what I heard it wasn’t the pipeline controls that got hit it was the company’s administrative network and they shut down the pipeline controls as a safety measure to preempt any attempt on them.

skyking1 · May 17, 2021

that is my point. The pipeline controls on standalone dark network would never need to be shut down. The corporate offices could burn down, as long as you can drive your lazy ass out to the pipeline you can control it. Clearly they ran a slipshod operation if they had to shut it down that way.

Crummy · May 17, 2021

Hard to hack into a couple of trained humans in a utility truck that know how to turn valves and such.
Just a thought on the "Internet-of-Things"

lantraxco · May 17, 2021

Birken Vogt said:
Yes, the tech exists to secure this stuff. They just saved a little money and it cost them a lot. The next chapter is here now. It won't happen to them again, hopefully others get the message before it happens somewhere else important.

all you have to do is take it off the interweb and put it all back on secured dedicated lines, problem mostly solved.

Delmer · May 17, 2021

I suspect they could have backed up the system on a $10 thumb drive and been back in business the next day.

skyking1 · May 17, 2021

Those ransomware attacks are a little more than a $10 thumb drive fix. They are designed to exploit the network infect all the host computers all the servers, files. I have been through one at one of my clients. I had all of their files backed up, but I didn't have all of the machine images backed up so it took some doing but we never paid them a scent.
Actually I've been through two.
The first one I was on a cruise ship in St Petersburg Russia when the hack went down. Naturally I was disconnected from the internet while I was in Russia there was no way I was going to put my phone on their network. I didn't get the news until we were in Estonia.
The servers there were all Linux, so I was doing command line work using my phone. We found the infected computer and got it off the net, then I started restoring files. Our next Port of call was Stockholm Sweden. You get good internet coverage for about 3 hours sailing in there through all of the islands. I got most of the work done before we got to the dock.

Birken Vogt · May 17, 2021

This pipeline was built I think in the 1960s? Operators and telephones. It would be hard to get enough operators in place to replace the robot gear all at once like this but you would think even running at 20% capacity would have been better than zero. But I am outside looking in.

John C. · May 19, 2021

I'm not sure the issue is about valves and indicator lights. I think it is more about administration of who gets how much fluid and then gets billed for it. In the old days fuel had to be manually measured using dipsticks and sight glasses. Say you wanted to sent 100K of diesel from Houston to South Carolina, you had someone in Houston who set the line up of valves all the way through and then someone had to read the level in the tank as fuel was moved out. Now you have digital flow meters all along the lines reading flow at all the various outflow ports along the way.

Ransom was paid because they would lose more money not knowing where the bills were supposed to go.

Birken Vogt · May 19, 2021

I've been involved in custody transfer of fuels on a smaller scale, and while it is usually done very carefully, when the chips are down, a pen and paper, start and stop gauge readings, and a little math are all that is really needed. But putting together enough people at each end who can do that might pose a challenge, when nobody working there has any experience with it, I guess.

On the other hand, do they normally rely on the computer to do everything? Is there zero manual cross checking of tank height beginning and end, etc.? What if, under ordinary conditions, something fails or gets programmed wrong?

seatwarmer · May 19, 2021

Birken Vogt said:
I've been involved in custody transfer of fuels on a smaller scale, and while it is usually done very carefully, when the chips are down, a pen and paper, start and stop gauge readings, and a little math are all that is really needed. But putting together enough people at each end who can do that might pose a challenge, when nobody working there has any experience with it, I guess.

On the other hand, do they normally rely on the computer to do everything? Is there zero manual cross checking of tank height beginning and end, etc.? What if, under ordinary conditions, something fails or gets programmed wrong?

Birken
Today it is what the computer says, when computer fails whe scrath the head and say WTF?

Welder Dave · May 19, 2021

skyking1 said:
Those ransomware attacks are a little more than a $10 thumb drive fix. They are designed to exploit the network infect all the host computers all the servers, files. I have been through one at one of my clients. I had all of their files backed up, but I didn't have all of the machine images backed up so it took some doing but we never paid them a scent.
Actually I've been through two.
The first one I was on a cruise ship in St Petersburg Russia when the hack went down. Naturally I was disconnected from the internet while I was in Russia there was no way I was going to put my phone on their network. I didn't get the news until we were in Estonia.
The servers there were all Linux, so I was doing command line work using my phone. We found the infected computer and got it off the net, then I started restoring files. Our next Port of call was Stockholm Sweden. You get good internet coverage for about 3 hours sailing in there through all of the islands. I got most of the work done before we got to the dock.

How did you get involved in fixing the problem on the cruise ship, you offered up your expertise?

skyking1 · May 19, 2021

I was on vacation Dave on a cruise ship and I got an email from the client in the US.

Welder Dave · May 19, 2021

You must be pretty well known for these kind of fixes. That's way more than coincidence you just happened to be on that cruise ship but a darned good thing you were. How did you go from digging dirt to cyber security?

skyking1 · May 19, 2021

You're reading way too much into that Dave. Somebody opened a stupid email at a client that I did part-time work for. I was the first guy they emailed. I wasn't a cyber security expert I was a jack of all trades doing phone systems security cameras servers Network wiring etc.
I fired them this year. Maybe we fired each other I don't know but I'm glad I don't have to worry about something that's 160 mi from my house.
EDIT: to be absolutely clear I was not working on the computers on the cruise ship! I was fixing servers and files 9000 miles away in the US. I was also stuck with using my phone to do the work which is really a pain in the ass typing on the small screen.
I've always dabbled in computers and Linux in particular, and network infrastructure. I've supported half a dozen small businesses over the years. Just something different to keep the brain engaged.

Welder Dave · May 19, 2021

Wow, good job for such a fluke type e-mail.

WaterDoc · May 19, 2021

crane operator said:
I won't get within 1.6km's of that statement. Or touch it with a 3.04m pole.

Fixed that for you

The giant

Spud_Monkey

Senior Member

skyking1

Senior Member

JD955SC

Senior Member

skyking1

Senior Member

Crummy

Senior Member

lantraxco

Senior Member

Delmer

Senior Member

skyking1

Senior Member

Birken Vogt

Charter Member

John C.

Senior Member

Birken Vogt

Charter Member

seatwarmer

Senior Member

Welder Dave

Senior Member

skyking1

Senior Member

Welder Dave

Senior Member

skyking1

Senior Member

Welder Dave

Senior Member

WaterDoc

Well-Known Member