[Cryptography] In the latest unexpected ransomware twist ...

Phillip Hallam-Baker phill at hallambaker.com
Sat Jun 12 10:50:14 EDT 2021


On Fri, Jun 11, 2021 at 11:31 PM Mark Seiden <mis at seiden.com> wrote:

>
>
> It was reported that what was compromised was Colonial’s billing system,
> not the operational pipeline.
> These are almost certainly separate systems with some loose coupling
> (probably file-based.)
>
> But they decided to shut down everything, rather than continue delivering
> fuel and metering what they delivered
> to whom and deferring the billing.
>
> Interesting business decision, if correctly reported.
>
> Does anyone know more detail?
>

I spent some time on the colonial site. They send multiple types of fuel
down their pipes in batch. Different fractions. So the unleaded and leaded
and aviation fuel all go down the same pipes under turbulent flow so they
don't mix. The interfaces between the fractions are diverted for
reprocessing

So mess up and stick the wrong fraction into the wrong tank and the whole
tank is contaminated, useless. Could cause an air crash.

Where is the information about which tank has which fraction? Probably not
in the process system, it is not a process issue. I would guess it would be
in billing.

Understanding where the boundary of a critical system lies can be
difficult. I suspect they didn't understand that their billing system was
critical.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210612/14e2c3b5/attachment.htm>


More information about the cryptography mailing list