Colonial Pipeline, Russians, and Bitcoin (Oh, My!)
Posted June 08, 2021
“Today,” says Deputy Attorney General Lisa Monaco of the Department of Justice, “we turned the table on DarkSide.”
The DOJ and the FBI announced they’ve recovered 63.7 bitcoins from the Colonial Pipeline hack… valued at, upon writing, a little over $2 million.
In May, you’ll recall, Colonial Pipeline suffered a ransomware attack. To get the computers that maintained the pipeline back online, Colonial agreed to pay the 75 bitcoin ransom -- worth about $5 million. The feds recently recaptured 85% of those bitcoins.
The mainstream narrative, as of yesterday, rests largely on three things:
1.] The FBI “hacked” a bitcoin wallet and seized the funds.
2.] Russia is responsible for the Colonial Pipeline hack.
3.] Bitcoin is also to blame.
But the real story behind the Colonial Pipeline hack has nothing to do with any of these three things. All of these narratives only serve to obscure the 5,000 lb. elephant in the room.
(Perhaps not by accident.)
Let’s take a look…
The FBI “Hack”
An article in the NY Times about the hack reads:
“Colonial had paid a ransom worth roughly $4.4 million in bitcoin to the Russian hacking group DarkSide…”
“The seizure on Monday marked a first-of-its-kind effort by a new Justice Department task force to hijack a cybercriminal group’s profits through a hack of its bitcoin wallet.”
Here, the NY Times makes it seem as if the FBI can now “hack” into bitcoin wallets. Except that’s not what happened. There was no hack.
The DOJ warrant shows what happened.
First, they obtained a warrant on a bitcoin wallet hosted by servers in California. Meaning, the hackers responsible for the attack kept the bitcoins on a centralized exchange or a “hot wallet” (a wallet connected to online servers).
There are only three ways this could happen:
1.] The hackers wanted to get caught.
2.] The hackers had no clue what they were doing.
3.] The Feds figured out who did it and forced them to send the bitcoins to a wallet hosted on an exchange/wallet in California, easily accessed by the FBI.
Whatever the case, the feds didn’t “hack” into a bitcoin wallet.
Also, contrary to Monaco’s statement, it appears the feds seized bitcoins from an affiliate who used the ransomware software… not DarkSide itself.
The ransomware software was designed to charge a fee -- the affiliate gets the lion’s share, but DarkSide gets a cut. Notice that the FBI seized 63.7 bitcoins, 85% of the 75 bitcoin ransom. The other 15% went to DarkSide, who undoubtedly parked the bitcoin in a safe place.
The affiliate, on the other hand, didn’t.
(The question unanswered is… why?)
We were told by the mainstream press and even Biden himself that the Russians were somehow involved. This attack, they said, was proof that Russia poses a severe threat to our entire critical infrastructure.
Adam Schiff said on MSNBC that Russia bears “some responsibility” in the Colonial Pipeline attack “even if they’re not engaged in the conduct themselves.”
(Biden later clarified that he wasn’t blaming the Russian government, but that he believed the hackers hailed from Russia, and it was incumbent upon the government to do something about it. Which, by the looks of it, someone did. Due to “pressures from the U.S.,” DarkSide has shut down its affiliate program… signaling that an external affiliate was probably responsible for the attack. In all, this is a short-term “whack-a-mole” solution to a long-term million-mole problem.)
Bitcoin is also taking heat. Without bitcoin, the detractors say, there would be little incentive to carry out such attacks.
(But, according to the Russiagaters, Russia has plenty of incentive to carry out attacks on critical U.S. infrastructure, and none of them have to do with extracting bitcoin. So…)
Consider what the pipeline hackers actually did. Hackers simply exploit the exploitable. If critical infrastructure is exploitable, sure, we can blame the hackers… but whose fault is it, really?
Truth is, the Colonial Pipeline hack could’ve been much worse if the intent was actually to do major harm to critical infrastructure. Clearly, it wasn’t.
As independent journalist Jordan Schachtel put it:
“Similar to the notorious DNC emails hack (with the same claimed Russian government culprits), where John Podesta’s password was literally the word password, the hackers succeeded because Colonial had no measures in place to protect themselves. Everything else in the timeline going back to early May seems blown way out of proportion. Despite the claims made by some powerful people in D.C., there is no compelling evidence that this incident was some kind of Kremlin-directed operation to decimate America’s critical infrastructure.
We were told this much-hyped hacking group of alleged Russians posed a serious threat to our entire critical infrastructure, yet in the same breath, happened to have committed a laughably amateurish bitcoin custody faux pas that allowed for the feds to easily take back possession of the ransom funds.”
But the real story here has nothing to do with Russia… bitcoin… or even ransomware.
According to Jacob Silverman at The New Republic, the solution is obvious: “Ban bitcoin and other cryptocurrencies.”
Sure, by banning crypto you might scare a lot of people out of a major technological innovation and cause the biggest brain drain the U.S. has ever seen. But banning crypto is going to do precisely nothing to stop ransomware. (In fact, it’ll likely only accelerate the technology for privacy coins like Monero and Piratechain.)
If you really want to stop ransomware, you embrace systems that make it obsolete.
That’s why the real story here isn’t bitcoin, Russia, or even ransomware. The real story is how fragile and insecure our critical systems are in an age when the vast majority of the planet is now online and threats can come from any corner of the globe. The story untold is Colonial’s lack of basic security measures. And the deeper story is the inherent fragility of centralized systems -- and the necessity of secure decentralized systems as technological complexity continues its ascent.
Yes, ransomware sucks. And, for the time being, it’s going to be a constant threat. Which is why, in tomorrow’s episode, I’ll show you how to defend yourself if you ever fall victim.
Because there’s one thing that sucks even worse than ransomware…
Managing editor, Laissez Faire Today
P.S. Got something to say? Say it! Email us here.