Is the ransomware takedown of Colonial Pipeline’s “largest refined products pipeline” in the United States by a cyber-criminal gang called “DarkSide” a political hit by Donald Trump’s allies in the transnational criminal underworld? Considering that things were going pretty well for President Biden on the Covid-19 front, the steady restoration of the U.S. economy, and job favorability (63 percent) and taking into account that Trump is stewing in his own misery over Biden’s success, the steep rise in the price of fuel and reports of motorist gas station lines in certain parts of the country has thrown a spanner into Biden’s “Build Back Better” program.
The way the ransomware attack on the pipeline company is being described by U.S. government officials is peculiar when compared against past hacking attacks linked to the Russian government. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, described the takedown of Colonial Pipeline as a “ransomware as a service” attack by a combination of “criminal affiliates” and ransomware developers. Other government sources described DarkSide in almost glowing terms, emphasizing that the group was like “Robin Hood” in that it stole from corporations to give to charities. Neuberger revealed that DarkSide had only been on the FBI’s radar screen since October 2020, a few weeks before the U.S. election.
It is also noteworthy that many of the details about the organization of DarkSide are coming from “former” Israeli intelligence officers who appear to be quite familiar with what is being described as a “professional” apolitical group that is only out “to make money” for itself.
These are not the usual descriptions used by governments to describe international computer hackers. In the past, groups said to be based in Russia and other former Soviet republics have been referred to as cyber-terrorists and intelligence agency cyber-spies.
The attack on America’s fuel pipeline infrastructure appears to have caught the Biden White House off guard. There are an increasing number of reports of long gasoline lines at the pumps, gas station closures, and price gouging—all the sorts of developments that can send a president’s poll numbers into a downward spiral.
The possibility that the pipeline attack was meant to cause Biden a political problem cannot be underestimated when it comes to the Republican Party. In the past, Republican presidential campaigns have helped exacerbate foreign-based “surprises” to politically hurt Hubert Humphrey with the Vietnam peace talks in 1968; Jimmy Carter with the U.S. hostages in Iran in 1980, and Barack Obama with the Benghazi U.S. mission attack in 2012. Trump-connected foreign criminal networks have been part-and-parcel of his administration and campaigns and there is a strong possibility that DarkSide may be well within the extended Trump criminal orbit. The DarkSide cyber-hackers are averse to attacking systems within the former Soviet sphere of influence, an area dominated by what the FBI officially calls the “Eurasian mafia” and unofficially refers to as the “Red Mafiya” and “Kosher Nostra.”
DarkSide refuses to attack any system or network where it detects the following languages in either Cyrillic, local, or Latin text: Russian, Ukrainian, Belarusian, Tajik, Armenian, Azeri, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Moldovan, Syrian Arabic, or Romanian.
The DarkSide attack on Colonial Pipeline came as the U.S. Department of Justice announced guilty pleas by four Eastern Europeans whose hacking of U.S. companies, including banks, between 2009 and 2015 cost millions of dollars. The four used malware, including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit to cripple U.S. firms. The four who were convicted were Russians Aleksandr Grichishkin and Andrei Skvortsov, Estonian Pavel Stassi and Lithuanian Aleksandr Skorodumov. Eurasian hackers who use malware and ransomware attacks often require payment in crypto-currencies. Last month, the Justice Department announced a guilty plea of Tal Prihar, an Israeli resident of Brazil, who was charged with running DeepDotWeb, a portal to the dark web sites of AlphaBay, Agora, Abraxas, Dream, and Valhalla, where malware, ransomware, and hacking tools, as well as stolen financial data, are available in exchange for payments in crypto-currency. Also named in the federal indictment of Prihar is Michael Phan, an Israeli national.
The Trump political movement is desperate, having engaged the services of a little known Florida firm, Cyber Ninjas, which has been responsible for compromising the integrity and privacy of over 1 million ballots in Maricopa County, Arizona. Trump and his loyalists are capable of anything, including encouraging an attack on a key U.S. energy pipeline that is invoking memories of the gas shortages of the 1970s that brought on the media-hyped “malaise” that sunk Carter’s re-election chances in 1980.
Wayne Madsen is a Washington, DC-based investigative journalist and nationally-distributed columnist. He is the editor and publisher of the Wayne Madsen Report (subscription required).
RSS
Is DarkSide ransomware attack a pro-Trump political hit?
Posted on May 13, 2021 by Wayne Madsen
Is the ransomware takedown of Colonial Pipeline’s “largest refined products pipeline” in the United States by a cyber-criminal gang called “DarkSide” a political hit by Donald Trump’s allies in the transnational criminal underworld? Considering that things were going pretty well for President Biden on the Covid-19 front, the steady restoration of the U.S. economy, and job favorability (63 percent) and taking into account that Trump is stewing in his own misery over Biden’s success, the steep rise in the price of fuel and reports of motorist gas station lines in certain parts of the country has thrown a spanner into Biden’s “Build Back Better” program.
The way the ransomware attack on the pipeline company is being described by U.S. government officials is peculiar when compared against past hacking attacks linked to the Russian government. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, described the takedown of Colonial Pipeline as a “ransomware as a service” attack by a combination of “criminal affiliates” and ransomware developers. Other government sources described DarkSide in almost glowing terms, emphasizing that the group was like “Robin Hood” in that it stole from corporations to give to charities. Neuberger revealed that DarkSide had only been on the FBI’s radar screen since October 2020, a few weeks before the U.S. election.
It is also noteworthy that many of the details about the organization of DarkSide are coming from “former” Israeli intelligence officers who appear to be quite familiar with what is being described as a “professional” apolitical group that is only out “to make money” for itself.
These are not the usual descriptions used by governments to describe international computer hackers. In the past, groups said to be based in Russia and other former Soviet republics have been referred to as cyber-terrorists and intelligence agency cyber-spies.
The attack on America’s fuel pipeline infrastructure appears to have caught the Biden White House off guard. There are an increasing number of reports of long gasoline lines at the pumps, gas station closures, and price gouging—all the sorts of developments that can send a president’s poll numbers into a downward spiral.
The possibility that the pipeline attack was meant to cause Biden a political problem cannot be underestimated when it comes to the Republican Party. In the past, Republican presidential campaigns have helped exacerbate foreign-based “surprises” to politically hurt Hubert Humphrey with the Vietnam peace talks in 1968; Jimmy Carter with the U.S. hostages in Iran in 1980, and Barack Obama with the Benghazi U.S. mission attack in 2012. Trump-connected foreign criminal networks have been part-and-parcel of his administration and campaigns and there is a strong possibility that DarkSide may be well within the extended Trump criminal orbit. The DarkSide cyber-hackers are averse to attacking systems within the former Soviet sphere of influence, an area dominated by what the FBI officially calls the “Eurasian mafia” and unofficially refers to as the “Red Mafiya” and “Kosher Nostra.”
DarkSide refuses to attack any system or network where it detects the following languages in either Cyrillic, local, or Latin text: Russian, Ukrainian, Belarusian, Tajik, Armenian, Azeri, Georgian, Kazakh, Kyrgyz, Turkmen, Uzbek, Tatar, Moldovan, Syrian Arabic, or Romanian.
The DarkSide attack on Colonial Pipeline came as the U.S. Department of Justice announced guilty pleas by four Eastern Europeans whose hacking of U.S. companies, including banks, between 2009 and 2015 cost millions of dollars. The four used malware, including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit to cripple U.S. firms. The four who were convicted were Russians Aleksandr Grichishkin and Andrei Skvortsov, Estonian Pavel Stassi and Lithuanian Aleksandr Skorodumov. Eurasian hackers who use malware and ransomware attacks often require payment in crypto-currencies. Last month, the Justice Department announced a guilty plea of Tal Prihar, an Israeli resident of Brazil, who was charged with running DeepDotWeb, a portal to the dark web sites of AlphaBay, Agora, Abraxas, Dream, and Valhalla, where malware, ransomware, and hacking tools, as well as stolen financial data, are available in exchange for payments in crypto-currency. Also named in the federal indictment of Prihar is Michael Phan, an Israeli national.
The Trump political movement is desperate, having engaged the services of a little known Florida firm, Cyber Ninjas, which has been responsible for compromising the integrity and privacy of over 1 million ballots in Maricopa County, Arizona. Trump and his loyalists are capable of anything, including encouraging an attack on a key U.S. energy pipeline that is invoking memories of the gas shortages of the 1970s that brought on the media-hyped “malaise” that sunk Carter’s re-election chances in 1980.
Previously published in the Wayne Madsen Report.
Copyright © 2021 WayneMadenReport.com
Wayne Madsen is a Washington, DC-based investigative journalist and nationally-distributed columnist. He is the editor and publisher of the Wayne Madsen Report (subscription required).