Washington (AFP)
President Joe Biden on Monday accused a criminal group based, he said, in Russia of carrying out the computer attack that crippled one of America's largest pipeline operators.
The network "Darkside is responsible for endangering the networks of Colonial Pipeline", first estimated the federal police in a statement.
"At this stage, our intelligence services have no proof of Russian involvement," then declared President Joe Biden, who is regularly kept informed of developments in the situation.
But "there is evidence that the actors and the ransomware are in Russia," he added.
"They have some responsibility."
Ransomware, or "ransomware", exploits security holes to encrypt computer systems and demands a ransom to unblock them.
One such attack targeted one of the largest fuel distributors in the United States, Colonial Pipeline, which transports gasoline and diesel from refineries in Texas to the New York area and has more than 8,800 kilometers of pipelines.
To protect its infrastructure, it had interrupted all its operations on Friday, posing a risk to the oil supply in the northeast of the country.
The situation remains "fluctuating", wrote on Monday the company, which reopens its network "by phase" with the aim of restoring the main part of its activities by the end of the week.
- "Apolitical" -
The Darkside group emerged last year and specializes in ransomware attacks against medium and large companies, claiming hundreds of thousands, if not millions of dollars, to unlock their systems.
It steals confidential data from its victims, especially based in Western countries, and threatens to make them public if the ransom is not paid.
The members of Darkside claim to have no political motivation, nor any link with a government.
"We are apolitical" and "we do not need to be tied to a defined government", "our aim is to make money not to create problems for society", according to a statement posted on the darknet.
But many experts suspect Darkside of being in cahoots with Russia.
"We believe it operates (and maybe is protected) by Russia," tweeted over the weekend Dmitri Alperovich, a computer security expert, founder of the Crowdstrike company.
Their software does not work on computers that have Russian or other Eastern European languages by default on their systems, also said the cybersecurity specialist Brett Callow of Emisoft on the NBC channel.
- "Line of defense" -
Without commenting on this subject, his cybersecurity adviser Anne Neuberger judged, during a press conference at the White House, that Darkside's method was "very disturbing": "it consists essentially in providing a service", their ransomware to hackers, and "the gains are shared," she described.
Even though these attacks primarily target the private sector, they pose a problem for national security, added Elizabeth Sherwood-Randall, the president's deputy security adviser.
"These events highlight the fact that our vital infrastructure is essentially operated by private sector providers," she said.
"When these companies are attacked, they are our first line of defense. We depend on their effectiveness."
In this case, "there is no shortage of supply," she said, however.
To prevent motorists from running out of gas, Colonial Pipeline, which transports nearly 45% of the fuels consumed on the US East Coast, monitors the level of petroleum products in reserve along its network and works with carriers to deliver the products. at the terminals.
Exemptions granted by the authorities to provide more flexibility in road transport of refined products "should help alleviate local supply disruptions," the company said.
© 2021 AFP