Stop IT Incompetence masthead.
Stop IT Incompetence motto.

Expert News Article tab.

Colonial Pipeline facility photo, Colonial Pipeline logo on white flag, Southern Nuclear facility photo, Southern Nuclear logo on white flag, Russian President Vladimir Putin photo, hacker image, Russian flag, Bitcoin logo, Colonial Pipeline CIO Marie Mouchet photo, woman clown photo, FBI Cyber Division head Bryan Vorndran photo, masked clown photo, President of United States Joe Biden photo, invalid Captain Christopher Pike photo from original Star Trek series.

U.S. Surrenders in IT War, Starts Paying Tribute to Russia



By Duane Thresher, Ph.D.          May 31, 2021

On Memorial Day, in memory of those who actually fought and died to protect America.

Colonial Pipeline Company is a corporation headquartered near Atlanta Georgia, like also-hacked Equifax is. Like most large corporations, it is incorporated in Delaware, to take advantage of their corporate law and proximity to Washington DC. Colonial Pipeline Company's largest shareholder is Koch Industries, the private corporation owned by the Koch brothers, well-known conservative donors. The majority of Colonial Pipeline Company however, is owned by foreigners. Colonial Pipeline owns a critical pipeline, actually two, that runs from a refinery near Houston Texas (been there) up the East Coast to New York City (lived there), through major cities, including Atlanta, or with branches to them, including Richmond Virginia (been and go there) and Washington DC (been and go there). One pipeline carries gasoline, for cars at filling stations, and one pipeline carries diesel fuel, for trucks at filling stations, and jet fuel for airplanes, including directly to major airports along the way. If the flow of Colonial Pipeline is interrupted, transportation in the most densely populated part of the U.S. can be dangerously interrupted. Colonial Pipeline is thus a strategic military target.

In early May, Russian-backed hackers easily hacked into IT incompetent Colonial Pipeline's computer system, which controls the pipelines. The Russian hackers installed ransomware that prevented use of Colonial Pipeline's computer system until a $5 million ransom was paid via Bitcoin. For a week, East Coast filling stations and airports experienced transportation-interrupting fuel shortages. The IT incompetent FBI confirmed that the hackers were Russian-backed but was powerless to do anything about them. President Joe Biden, Commander-in-Chief of the U.S. military, was also powerless to do anything about the Russian-backed hackers and could only declare a state of emergency and make hollow threats. Finally, Colonial Pipeline just had to pay the ransom. Even after they did, their computer system ran slowly, indicating the ransomware is still there and the ransom will become a regular event, which is called a "tribute". The IT incompetent media understood none of the technical aspects nor the importance of this story and flitted on to some celebrity news, which is mostly what it covers. This allowed President Biden to do the same.

Besides being headquartered near Atlanta Georgia, Colonial Pipeline Company is like Equifax, whose hacking was also a national security disaster (see Equifax Dead: Hacked So Credit Reports Worthless), in that it is IT incompetent. Equifax's Chief Information Security Officer (CISO) during its data breach was Susan Mauldin, who has no IT education — see The Most Important IT Credential: An IT Education in Principles of IT Incompetence — only degrees in music composition from a Georgia college. Colonial Pipeline Company's Chief Information Officer (CIO) is, for the last 5 years, Marie Mouchet , who has no IT education either, only degrees in math education, for teaching elementary school, from a Georgia college. As Mouchet also makes clear on her LinkedIn page, her main interest is teaching STEAM (Science, Technology, Engineering, Art, Math; one more ridiculous step beyond STEM) and women in technology; see No IT Education: STEM and IT Hiring: Trading IT Competence for Diversity in Principles of IT Incompetence.

Even more frightening for national security, for the 13 years before Marie Mouchet became CIO of Colonial Pipeline, she was CIO for Southern Nuclear, which operates six nuclear power plants in Georgia and Alabama. She seems to have been replaced as CIO of Southern Nuclear 5 years ago by Martin Davis , who also has no IT education so is IT incompetent; he only has a bachelor's degree in business administration. Davis seems to have been hired only because he is an African-American and Southern's leadership is otherwise all white; see IT Hiring: Trading IT Competence for Diversity in Principles of IT Incompetence.

When hackers hack into nuclear power plants, which as shown they inevitably will — or already have, as explained in Handing Over America's Electrical Grid to the Russians — given all the IT incompetents like Marie Mouchet and Martin Davis doing IT security for them, many people will not just be greatly inconvenienced, they will be killed, as they were in the Chernobyl nuclear power plant disaster. The Russians are eager to prove that they are not the only country capable of such a disaster.

The FBI, who already knew about the hackers from similar earlier hackings and should have stopped them before they hacked Colonial Pipeline, could not because they too are IT incompetent. I have a long history with FBI IT incompetence. My family and I were the victims of not one but two health insurance company data breaches over the years and we demanded the FBI find, arrest, and prosecute the hackers, but they never did, or even tried; see FBI Hacking Investigation Negligence Lawsuit. I've thus researched FBI IT incompetence over the years. This turns out to be difficult because the FBI conveniently has legal protection against FOIA requests (see for example FOIA: That's Some Exemption, That Exemption 6), which is perfect cover for incompetents (FBI = Federal Bureau of Incompetents?).

The FBI does advertise that it has a Cyber Division, with an Assistant FBI Director as its head and whose task is explicitly to investigate hackings. However, even before researching the IT incompetence of the FBI Cyber Division's employees, its PR leads you to think they are not even trying against hackers:
"The FBI's cyber strategy is to impose risk and consequences on cyber adversaries. Our goal is to change the behavior of criminals and nation-states who believe they can compromise U.S. networks, steal financial and intellectual property, and put critical infrastructure at risk without facing risk themselves."
No mention of actually finding, arresting, and prosecuting hackers, just scaring them and changing their behavior — a Scared Straight program for hackers (Scared Straight programs have been proven to not only not work, but to actually create more criminals of the children in the program).

The only FBI Cyber Division employee I could find anything about is Bryan Vorndran , who was made the Assistant FBI Director head of the Cyber Division under President Joe Biden . Vorndran has no IT education; he is IT incompetent. He has as much chance of stopping the Colonial Pipeline hackers as Marie Mouchet did.

Although the FBI certainly didn't discover it itself, the FBI did confirm that the Colonial Pipeline hacking was done by the DarkSide hacking group. As indicated, DarkSide has been around for years and attacks strategic targets using ransomware to extort money ... but not from Russia or its allies, only from the U.S. and its allies. There is a lot of stupid speculation in the U.S. media and government about whether DarkSide is state-sponsored, i.e. paid by the Russian state — but it does not need to be paid by the Russian government because it makes so much money from extortion. Duh. Throughout history soldiers have been at least partly paid by the "spoils of war".

The fact of the matter is that DarkSide is an organization that attacks strategic targets of the U.S. and its allies with the backing of Russia and from the soil of Russia or its allies. Russia is waging IT war on the U.S.

How is ransomware used? First, hackers hack into a computer system just like they usually do. Then software is installed on the computer that encrypts important program and data files just like emails are encrypted, except the key is kept by the hackers. When the ransom is paid, the hackers may — or may not — provide the key to decrypt the files. If the hackers do provide the key in exchange for the ransom it is only to ensure that the victims will pay future ransoms.

Paying the ransom and getting the key does not mean that the encrypting software is gone and the computer system is now secure. In fact, the encrypting software is certainly not gone and the system is still hacked. That the computer system is running slowly after the ransom is paid and the decryption key is provided, as was the case for Colonial Pipeline, is an indication the encrypting software is still there, ready to re-encrypt with a new key, and the system is still hacked. (Colonial Pipeline says it reinstalled from backups, but if this solved anything they would not have had to pay the ransom.)

As I have written, for example in HealthCare.gov Hacked and Hackers Own The Federal Legal System, the goal of hackers is to permanently hack into computer systems, since doing so is at least somewhat of an effort, even with rampant IT incompetence, and they want to continue to make money from it. For ransomware this means periodically re-encrypting program and data files and demanding a new ransom. For Russian hackers attacking the U.S., this turns ransoms into "tribute", which is defined as "money regularly paid by one nation to another for peace or protection, in acknowledgment of submission".

Ransomware is paid via Bitcoin, the new "criminal cash", much like uncut heroin used to be, since it too is untraceable. (For another Bitcoin crime example, see Apscitu Warned of Twitter Hacking Two Years Ago.) Bank transfers, even to offshore accounts, are traceable, as are the serial numbers on U.S. currency. Bitcoin blockchains do keep a record of their transactions, but in general these are not traceable. The U.S. Government has allowed Bitcoin, and thus crime, to flourish. The new head of the Securities and Exchange Commission, Gary Gensler, even encourages Bitcoin use (he allows violation of securities laws — see Banned-For-Life Trader and Business Insider CEO Henry Blodget Using Fake News for Stock Price Manipulation? — so why not Bitcoin?).

My first experience with ransomware was in 2015 when the wife of one of my clients had her doctoral program laptop hacked into and her files encrypted, including her dissertation and photos. Even if she could have afforded the ransom, there was a good chance she would not have gotten the key since hackers can't count on the computers of individuals being available in the future for repeated ransoms, so why risk any further contact with them after the ransom is paid? I reformatted her hard disk and re-installed the operating system — directly from the OS manufacturer, not from backups, which may also have been hacked — and gave her advice on how to get her dissertation and photos from other places.

More recently (2020), in a variation of ransomware, hackers sent me a spear phishing email saying they had hacked into my Apscitu website and unless I paid $1500 to a Bitcoin address within 5 days, they would destroy my business. I program my own websites and run their host computers myself so I knew this was nonsense and didn't pay, but the hackers were preying on how common it has become for this to happen; see Websites: Simple is Smart, Secure, and Speedy. I checked the particular Bitcoin blockchain (the hackers might have used other bitcoins as well) and the hackers had already made several thousand dollars. I also reported this to the FBI, as they request you do, but they of course could and did do nothing about it.

Tribute, as defined above, one nation essentially surrendering to another but not being physically attacked in exchange for regular large payments, has been around since war has, including being mentioned numerous times in the Old Testament. A popular (e.g. Corsair by Clive Cussler and Jack Du Brul) example from early U.S. history is the Barbary States, which once lay along the coast of North Africa, now Libya, Algeria, Tunisia, and Morocco.

From 1795 to 1801, when Thomas Jefferson was elected U.S. President, the U.S. paid a tribute each year of, incredibly, almost one-tenth of all its tax revenues to the Barbary States so their pirate ships, "corsairs", would not attack U.S. ships. When Jefferson came to power he stopped this tribute and fought instead, including using the U.S.'s most powerful ship of the time, the USS Constitution ("Old Ironsides", which still exists and I've actually been on in Boston Harbor). After a long fight, to 1815, all the Barbary States were beaten by the U.S. and declined greatly in power after that.

Of course, Joe Biden is no Thomas Jefferson, nor Vladimir Putin , President of Russia. (Ever notice how much the photo I use of President Joe Biden looks like the complete invalid Captain Christopher Pike from the original Star Trek series?) So the U.S. will be paying tribute to Russia from now on, and any other of the U.S.'s enemies who are not so IT incompetent, which is all of them. Remember the Stop IT Incompetence motto: "IT's destroying US."