The energy company’s CEO testified the ransom he paid to hackers to get gas flowing again was in the best interest of the country.
WASHINGTON (CN) — The chief executive of the pipeline company whose network was taken hostage by an Eastern European hacking group last month told senators Tuesday the exploited system only had a one-factor security code.
“In the case of this particular legacy VPN, it did only have single-factor authentication,” said Joseph Blount, president and CEO of the Colonial Pipeline Company. “It was a complicated password, so I want to be clear on that. It was not a ‘Colonial123’ type password.”
It’s been one month since the cyberattack on the 5,500-mile refined fuel line that services a large swath of the East Coast with jet fuel and petroleum products. Americans throughout the pipeline’s serviced areas waited at fuel pumps only to find lines dry and gas suppliers without a reserve.
It was initially unclear how Colonial resumed the flow of gas after being held hostage by DarkSide, an Eastern European group believed to be coordinating attacks from Russia, but the company confirmed in late May that it paid a $4.4 million ransom to get the nation’s largest fuel pipeline back online.
Blount said Tuesday during a Senate Homeland Security Committee hearing that while it only took five days for the company to turn the gas back on, the nation panicked in the meantime at the prospect of widespread gas shortages.
“It took us from Friday all the way from Wednesday afternoon the following [week] and we already started to see pandemonium going on in the markets,” he said. “People doing unsafe things like filling garbage bags full of gasoline or people fist-fighting in line at the fuel pump. The concern would be, what would happen if it was stretched beyond that amount of time, right?”
Blount testified it was his decision to pay DarkSide hackers their ransom and keep the information about the payment “as confidential as possible.” He said handing over the $4.4 million was in the best interest of the country because of its reliance on Colonial’s system.
The ransom was partially recovered Monday by the Justice Department, which seized some $2.3 million in the form of 63.7 Bitcoins. Deputy Attorney General Lisa Monaco called ransom payments “the fuel that propels the digital extortion engine.”
Senators were particularly interested Tuesday in who authorized the ransom payment, when that order was given and which federal agencies Colonial was working with. Blount testified the company contacted the FBI the morning of the attack, and said it would include the Cybersecurity and Infrastructure Security Agency, or CISA, in further consultations.
Senator Rob Portman, an Ohio Republican, asked Blount when the money was officially sent to hackers. Blount responded that the payment was made the day after the cyberattack, but he said he was unclear on what the federal government’s advice on the matter was, saying he wasn’t personally in contact with FBI agents.
“So, their official position is you shouldn’t pay ransoms and yet they didn’t communicate that to you as far as you know?” Portman asked.
“I was not in that conversation, I can’t confirm or deny that,” Blount said. “But I do agree that their position is they don’t encourage the payment of ransom. It is a company decision to make.”
Tuesday’s hearing comes on the heels of several cyberattacks on U.S. critical infrastructure and businesses. JBS, the largest meat supplier in the world, fell victim to a ransomware attack last week, while iConstituent, a communications company that services elected officials, was revealed to have been infiltrated by hackers this week.
Senator Gary Peters, a Michigan Democrat, emphasized the national security threat these cyberattacks present.
“While the objectives of these attacks differ, they all demonstrate that bad actors, whether criminal organizations or foreign governments, are always looking to exploit the weakest link, infiltrate networks, steal information and disrupt American life,” Peters said.