DarkSide Steps Into the Spotlight, and How Public Policy Is Likely To Change After the Pipeline Hack

DarkSide Steps Into the Spotlight, and How Public Policy Is Likely To Change After the Pipeline Hack

May 19, 2021 America replayed the entire 1970s last week with a huge inflation print (4.2% YoY), armed conflict in Israel, and the astonishing sight of cars lined up in response to a gasoline shortage. The latter was a result of a system compromised by the “ransomware as a service” group DarkSide, a group of hackers believed to be based in Russia or a former member of the Soviet Republic, who took hostage the business records of Colonial Pipeline.  The company shut down its pipeline operations out of an abundance of caution before eventually paying the 75 BTC ($5 million at the time) ransom and restarting the pipeline last Wednesday evening. 

There is a long history of cybersecurity incidents in industrial control systems (ICS), beginning in 1903 with the notorious hack of inventor Guglielmo Marconi’s demonstration of secret wireless transmissions. Before the demonstration, the brass projector lantern for Marconi’s slides began clicking in Morse code.  Sounding to the audience like a minor technical difficulty, the transcribed message was a obscene rhyming ditty accusing Marconi of misleading the public. British magician Nevil Maskelyne admitted to the hack in a letter to The Times a few days later.  The sense of cheek and self-aggrandizing public exposition of the hack became de rigeur in the hacking community, which has nonetheless professionalized a data ransom business model that appears quite effective. 

DarkSide and other ransomware groups have been around for years, but usually stop short of taking down critical infrastructure.  For example, DC’s Metropolitan Police are currently dealing with ransomed personnel files.  Reported exploits typically target under-funded and under-protected government entities (e.g., Richmond Community Schools, Pittsburgh Unified School District, City of Racine, etc.).  Commercial targets are not usually that splashy, and have included Travelex, Oman’s largest insurance company, and smaller firms down to individual medical practices. Many larger firms have likely quietly paid to avoid controversy (see this Brian Krebs piece, for example). 

There was an unusually swift consensus among both the “white hat” (ethical hackers operating within the boundaries of the law) and “black hat” (exactly the opposite) communities that DarkSide may have gone a step too far. For its part, DarkSide came to the same conclusion and posted a non-apology promising to better moderate their client requests before acting again, re-iterating their stance as an apolitical group saying, “our goal is to make money, and not creating problems for society.”  The press release was not sufficient to stave off swift consequences. As of Friday, the group had lost access to its own blog and payment server, and most of its funds (113.5 BTC or $5.6 million as of Friday) had been withdrawn to an unknown account. Responsibility for the shutdown has not yet been attributed, but most believe the U.S. government was the primary actor. 

We think the event is likely to serve as a catalyst for two long-simmering areas ripe for advances in public policy:

1. Cybersecurity:  In response to the hack, President Biden issued a sweeping executive order to reform federal contractors’ security practices.  The order removes contractual barriers to cyber incident reporting by government contractors, and then require reporting of incidents by those contractors. The order also creates a commission to investigate major hacks (the first of which will be SolarWinds), directs government cloud users to move towards Zero Trust Architecture, and directs the National Institute of Standards and Technology (NIST) to create additional cybersecurity standards for software supplied to the federal government and develop consumer cybersecurity information labels for software and Internet of Things (IoT) devices.  In addition to the order, federal cybersecurity legislation is under active discussion. Any such bill is likely to include mandatory reporting of cybersecurity incidents to the federal government. 

2. Cryptocurrencies: DarkSide and other online extortionists demand payment in bitcoin (BTC) or other cryptocurrencies.  Cryptocurrency is also used in “dark web” markets to sell illegal drugs, fake ids, and other illicit items.  Although the value of cryptocurrencies is volatile (e.g., BTC is down nearly 20% this week), they are useful for moving very large sums without any of the regulatory touchpoints available in the banking system. Treasury’s Financial Crimes Enforcement Network (FinCEN) has already proposed to lower the threshold for reportable transactions (i.e., the “Travel Rule”) to a level that would ensnare US crypto providers in difficult reporting requirements. We expect Congress and Treasury to make additional noise in the space in light of the Colonial hack. 

We believe real regulatory movement on both fronts are now within the “realm of the possible” given this week’s events and may have unanticipated consequences for technology and financial services companies. 

Capstone will be following these issues closely and helping investors understand the consequences. To keep up with our analysis, contact sales@capstonedc.com.

Connect with us

Our Latest Insights

Trade Policy’s Coming Bipartisan Moment

Trade Policy’s Coming Bipartisan Moment

By: Andrew Gier, Capstone Energy and Trade Analyst November 20, 2022 - For much of this year, congressional Democrats and staff worked furiously on a reconciliation package incorporating a long wish list of healthcare, climate, and tax provisions. The pressure to pass...

What a Republican-led House Would Mean for US Foreign Policy

What a Republican-led House Would Mean for US Foreign Policy

By: Daniel Silverberg, Head of Capstone's Corporate Practice and National Security Team November 13, 2022 - The surprising election result this past week could signal a repudiation of former President Trump’s influence in the Republican party, which would have a...

The Double-Edged Sword of Pandemic Mortgage Market Relief

The Double-Edged Sword of Pandemic Mortgage Market Relief

By: Makenzy Mohrman, Capstone Financial Services Analyst November 6, 2022 - Nothing in life is free, a lesson we expect the mortgage industry will learn following government intervention during the pandemic.  At the end of March 2020, Congress signed into law the...