Colonial Pipeline hackers claim they disbanded amid 'pressure' from US -- but experts aren't buying it

Colonial Pipeline hackers claim they disbanded amid 'pressure' from US -- but experts aren't buying it
Vuxi / Wikimedia Commons
Gas Pipeline Forchheim–Finsing, Bauarbeiten bei Zolling

The hacking syndicate said to be responsible for the Colonial Pipeline has announced plans to "shut down" amid pressure from the United States government. However, according to The New York Times, cybersecurity experts are not sure they are buying that proclamation.

On Friday, May 14, DarkSide issued a Russian-written statement to the publication confirming their immediate plans. "Due to the pressure from the U.S., the affiliate program is closed," the statement said. "Stay safe and good luck."

While the group insists mounting pressure from the U.S. government influenced its decision to disband, they offered no specifications about the so-called pressure they are faced with. However, on Thursday, President Joe Biden did indicate that the government has not ruled out the possibility of a retaliation strike that could "disrupt their [DarkSide] ability to operate."

However, cybersecurity experts are not sure they believe the hacking syndicate. There are now concerns that the statement could simply be a ruse as the syndicate takes time to regroup and plot its next arrack. Based on the timeline of events leading up to the Colonial Pipelines hack, there is reason to believe the latest attack is only one of many others that could arise in the future.

"It's likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways," said Mark Arena, chief executive of Intel 471. "A number of the operators will most likely continue to operate in their own close-knit groups, resurfacing under different aliases and ransomware names."

Initially, Colonial Pipeline claimed it would not pay out a ransom but ultimately made the decision to do so in an effort to regain control of its network and get fuel flowing again.

After further investigation, the cybersecurity firm Elliptic managed to trace some of the transaction histories for the Bitcoin wallet address used to receive the $5 million ransom. In addition to the six-figure payment Colonial Pipeline provided for the ransom last Saturday, address logs also showed that the organization had also received a total of $17.5 million from 21 Bitcoin wallets since March.

This leads cybersecurity analysts to believe the organization is responsible for a number of cyberattacks that have taken place since August and they may have used multiple Bitcoin wallets to receive ransoms for previous cyberattacks.

According to the San Francisco-based blockchain intelligence company, TRM Labs, "on Thursday, someone withdrew roughly 113.5 Bitcoin, or $5.6 million, from DarkSide's Bitcoin wallet and moved it into an unknown user's account" and the total appears to have "amounted to Colonial's 75 Bitcoin ransom plus that of a German company, Brenntag, which also opted to pay its digital extortionists."

Despite having transaction history, the decentralized nature of cryptocurrency has made it nearly impossible for TRM Labs to identify who is the actual owner of the Bitcoin wallet.

Understand the importance of honest news ?

So do we.

The past year has been the most arduous of our lives. The Covid-19 pandemic continues to be catastrophic not only to our health - mental and physical - but also to the stability of millions of people. For all of us independent news organizations, it’s no exception.

We’ve covered everything thrown at us this past year and will continue to do so with your support. We’ve always understood the importance of calling out corruption, regardless of political affiliation.

We need your support in this difficult time. Every reader contribution, no matter the amount, makes a difference in allowing our newsroom to bring you the stories that matter, at a time when being informed is more important than ever. Invest with us.

Make a one-time contribution to Alternet All Access, or click here to become a subscriber. Thank you.

Click to donate by check.

DonateDonate by credit card
Donate by Paypal

Don't Sit on the Sidelines of History. Join Alternet All Access and Go Ad-Free. Support Honest Journalism.