More Exact Colonial Pipeline Hack Details

It is prudent to review several sources for the real evidence and details and most often non-government companies are the ‘go-to’ places for that. Government spins stuff but private cyber experts offer up great context and such is the case below.

FBI Confirms Darkside Behind Colonial Pipeline Ransomware ... source

As a primer, CISA is a government agency launched by the Trump administration for all the right reasons.

Alert (AA20-049A)

Ransomware Impacting Pipeline Operations

But read on.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an Alert that offers a set of best practices to protect against ransomware-induced business disruptions. The Alert was prompted by the attack against Colonial Pipeline, and it includes in its introductory section the preliminary conclusion that DarkSide ransomware affected Colonial’s IT systems only, and had no direct effect on the company’s OT networks. The best practices CISA advocates are familiar. The Alert closes with a statement strongly discouraging any victim from paying the ransom their attackers demand: “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”

FireEye yesterday published a report on DarkSide that emphasizes the group’s ransomware-as-a-service model. It’s a selective operation (criminal applicants for affiliate status are, for example, interviewed before being given access to DarkSide’s control panel) but it’s also not a monolithic one. FireEye’s Mandiant unit currently tracks five “clusters” of DarkSide threat activity. The affiliate model DarkSide uses shares criminal profits: “Affiliates retain a percentage of the ransom fee from each victim. Based on forum advertisements, this percentage starts at 25 percent for ransom fees less than $500,000 USD and decreases to 10 percent for ransom fees greater than $5M USD.”

Colonial Pipeline’s website came back online late yesterday, newly armored with a reCAPTCHA landing page. The company published an update in which it reported progress toward resumption of refined petroleum deliveries, with some 967,000 barrels delivered to Atlanta, Belton and Spartanburg in South Carolina, Charlotte and Greensboro in North Carolina, Baltimore, and Woodbury and Linden (close to the Port of New York and New Jersey). Some lines have been operated under manual control since Monday, at least, and have been moving existing inventory. As the company prepares to restart deliveries, they’ve taken delivery of an additional two million barrels, which they’ll ship once service is restored.

The company appears also to be addressing some concerns about its pipelines’ physical security, having “increased aerial patrols of our pipeline right of way and deployed more than 50 personnel to walk and drive ~ 5,000 miles of pipeline each day.” (hat tip to CyberWire)

Related reading:

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report
Pipeline operators were warned about potential attacks in 2020

“Energy Sector…developed the 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity…sector’s vision that “by 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber-incident while sustaining critical functions…”

 

A Chinese Freeze Dried Virus Part of Warfare?

“The PLA is engaging in irregular warfare today,” the West Point paper asserts. “China is employing lawfare to achieve strategic aims. The maritime militia is enforcing China’s sovereignty claims in the East and South China Seas against US partners and allies.”

And it has already weaponised international information flows and channels of influence, along with cyber, economic – and psychological – tactics. Source

Primer: Chinese scientists have been preparing for a Third World War fought with biological and genetic weapons including coronavirus for the last six years, according to a document obtained by US investigators.

The bombshell paper, accessed by the US State Department, insists they will be ‘the core weapon for victory’ in such a conflict, even outlining the perfect conditions to release a bioweapon, and documenting the impact it would have on ‘the enemy’s medical system’.

This latest evidence that Beijing considered the military potential of SARS coronaviruses from as early as 2015 has also raised fresh fears over the cause of Covid-19, with some officials still believing the virus could have escaped from a Chinese lab.

***

Before Covid-19, did we actually know who Anthony Fauci was and what he is about? Since 1984, he has been the Director of NIAID. His portfolio says is complete with prevention, diagnosis and treatment(s) of infectious diseases. Remember the Ebola crisis? Did we hear his name back then and did the Obama administration hire Fauci for guidance on the Ebola outbreak? Nah. What about Zika? Remember that one? Still we did not hear from Dr. Fauci. According to his professional profile, Fauci advised and served seven presidents. Really? Did Dr. Fauci even advise presidents on all things pandemic, virus or risks from Wuhan? If so….where is the evidence?

According to the National Institute of Health website going back to 2018, there is a profound ‘Serological Evidence of Bat SARS-Related Coronavirus Infections in Humans, China dissertation complete with references and footnotes.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Notice this is a partial screen shot in case it gets deleted by NIH. But note the dates in the summary. Further in the summary –> We conducted a virus neutralization test for the six positive samples targeting two SARSr-CoVs, WIV1 and WIV16 (Ge et al. ; Yang et al. ). None of them were able to neutralize either virus. These sera also failed to react by Western blot with any of the recombinant RBD proteins from SARS-CoV or the three bat SARSr-CoVs Rp3, WIV1, and SHC014. We also performed viral nucleic acid detection in oral and fecal swabs and blood cells, and none of these were positive.

Further in the study is this notation:

Acknowledgements

This study was jointly funded by the National Natural Science Foundation of China Grant (81290341) to ZLS; the National Institute of Allergy and Infectious Diseases of the National Institutes of Health (Award Number R01AI110964) to PD and ZLS, United States Agency for International Development (USAID) Emerging Pandemic Threats PREDICT project Grant (Cooperative Agreement No. AID-OAA-A-14-00102) to PD; and Singapore NRF-CRP Grant (NRF2012NRF-CRP001–056) and CD-PHRG Grant (CDPHRG/0006/2014) to LFW.

We have some harder questions to ask of Dr. Fauci and a few other U.S. agencies…right? YES.

So, back to the paper originally released by the Australian and the DailyMail:

The authors of the document insist that a third world war ‘will be biological’, unlike the first two wars which were described as chemical and nuclear respectively.

Referencing research which suggested the two atomic bombs dropped on Japan forced them to surrender, and bringing about the end of WWII, they claim bioweapons will be ‘the core weapon for victory’ in a third world war.

The document also outlines the ideal conditions to release a bioweapon and cause maximum damage.

The scientists say such attacks should not be carried out in the middle of a clear day, as intense sunlight can damage the pathogens, while rain or snow can affect the aerosol particles.

Instead, it should be released at night, or at dawn, dusk, or under cloudy weather, with ‘a stable wind direction…so that the aerosol can float into the target area’.

Meanwhile, the research also notes that such an attack would result in a surge of patients requiring hospital treatment, which then ‘could cause the enemy’s medical system to collapse’.

Other concerns include China’s ‘Gain of Function’ research at the Wuhan Institute of Virology – near where the first Covid outbreak was discovered – at which virologists are creating new viruses said to be more transmissible and more lethal.

MP Tom Tugendhat, chairman of the foreign affairs committee, said: ‘This document raises major concerns about the ambitions of some of those who advise the top party leadership. Even under the tightest controls these weapons are dangerous.’

Chemical weapons expert Hamish de Bretton-Gordon said: ‘China has thwarted all attempts to regulate and police its laboratories where such experimentation may have taken place.’

The revelation from the book What Really Happened in Wuhan was reported yesterday.

The document, New Species of Man-Made Viruses as Genetic Bioweapons, says: ‘Following developments in other scientific fields, there have been major advances in the delivery of biological agents.

‘For example, the new-found ability to freeze-dry micro-organisms has made it possible to store biological agents and aerosolise them during attacks.’

It has 18 authors who were working at ‘high-risk’ labs, analysts say.

Australian Strategic Policy ­Institute executive director Peter Jennings also raised concerns over China’s biological research into coronaviruses potentially being weaponised in future.

Additionally in the article :

Only this week, Brazil President Jair Bolsonaro appeared to strongly criticise China by accusing it of creating Covid to spark a chemical ‘warfare.’

The comments were made during a press conference on Wednesday as the hardline leader sought to further distance himself from the growing attacks over his domestic handling of a pandemic that has produced the second-highest death toll in the world.

‘It’s a new virus. Nobody knows whether it was born in a laboratory or because a human ate some animal they shouldn’t have,’ Bolsonaro said.

‘But it is there. The military knows what chemical, bacteriological and radiological warfare. Are we not facing a new war? Which country has grown its GDP the most? I will not tell you.’

Since we can no longer get reliable information from our current government officials, perhaps we should ask Brazil or Australia, right?

Scientists studying bat diseases at China‘s maximum-security laboratory in Wuhan were engaged in a massive project to investigate animal viruses alongside leading military officials – despite their denials of any such links.

Documents obtained by The Mail on Sunday reveal that a nationwide scheme, directed by a leading state body, was launched nine years ago to discover new viruses and detect the ‘dark matter’ of biology involved in spreading diseases.

One leading Chinese scientist, who published the first genetic sequence of the Covid-19 virus in January last year, found 143 new diseases in the first three years of the project alone.

The fact that such a virus-detection project is led by both civilian and military scientists appears to confirm incendiary claims from the United States alleging collaboration between the Wuhan Institute of Virology (WIV) and the country’s 2.1 million-strong armed forces. Continue reading in full here.

What does Canada know?

National Microbiology Lab in Winnipeg gets $5M to expand ...

In part:

In July 2019, a rare event occurred in Canada, whereby a group of Chinese virologists were forcibly dispatched from the Canadian National Microbiology Laboratory (NML) in Winnipeg, a facility they worked in, running parts of the Special Pathogen Programme of Canada’s Public Health Agency.1 Experimental infections – including aerogenic ones – of monkeys with the most lethal viruses found on Planet Earth comprise nearly a routine therein. Four months earlier, a shipment of two exceptionally virulent viruses dealt with in the NML – Ebola and Nipah viruses – was on its way from NML, ended in China, and has thereafter been traced and regarded to be improper, specifically put as “possible policy breaches”, or rather but an “administrative issue”, ostensibly.2

Yet the scope of this incident is much wider, in actuality. The main culprit seems to be Dr. Xiangguo Qiu, an outstanding Chinese scientist, born in Tianjin. Heading until recently the Vaccine Development and Antiviral Therapies section of the Special Pathogens Programme, she primarily received her medical doctor degree from Hebei Medical University in China in 1985 and came to Canada for graduate studies in 1996.3 Later on, she was affiliated with the Institute of Cell Biology and the Department of Pediatrics and Child Health of the University of Manitoba, Winnipeg, not engaged with studying pathogens.4 But a shift took place, somehow. Since 2006,5 she has been studying powerful viruses, Ebola virus foremost, in the NML. The two viruses shipped from the NML to China – Ebola and Nipah – were studied by her in 2014, for instance (together with the viruses Machupo, Junin, Rift Valley Fever, Crimean-Congo Hemorrhagic Fever and Hendra).6 Yet utmost attention has been paid to Ebola, with the highly legitimate aim of developing effective prophylaxis and treatment for infected people. Inevitably, her works included a variety of Ebola wild strains – among them the most virulent one, with 80% lethality rate – and much relied on experimental infections of monkeys, including via the airways.7 Remarkable achievements were attained, indeed, and Dr. Qiu accepted the Governor General’s Innovation Award in 2018. More here.

Even media in India is asking for the same transparency on the Canadian component:

Source: China has been a signatory to the Biological Weapons Convention since 1984, and has repeatedly insisted it is abiding by the treaty that bans developing bio-weapons.

But suspicions have persisted, with the U.S. State Department and other agencies stating publicly as recently as 2009 that they believe China has offensive biological agents.

Though no details have appeared in the open literature, China is “commonly considered to have an active biological warfare program,” says the Federation of American Scientists. An official with the U.S. Army Medical Research Institute of Chemical Defence charged last month China is the world leader in toxin “threats.”

In a 2015 academic paper, Shoham – of Bar-Ilan’s Begin-Sadat Center for Strategic Studies – asserts that more than 40 Chinese facilities are involved in bio-weapon production.

China’s Academy of Military Medical Sciences actually developed an Ebola drug – called JK-05 — but little has been divulged about it or the defence facility’s possession of the virus, prompting speculation its Ebola cells are part of China’s bio-warfare arsenal, Shoham told the National Post.

The Harbinger of the Colonial Pipeline Ransomware

The harbinger is what protections against hacks and ransomware are underway? Stopping oil and gas flow and delivery is how to stop life and economies. Apply some critical thinking here…it goes way beyond cost as supply is crucial. If the FBI was well aware of the DarkSide in 2020….we need to rethink the Bureau completely.

PC Magazine provides this update in part:

The FBI today confirmed that the cyberattack that forced Colonial Pipeline to take its network offline over the weekend is due to ransomware known as DarkSide.

“The FBI confirms that the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks,” the agency says. “We continue to work with the company and our government partners on the investigation.”

During a Monday White House press briefing, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, said the FBI has been investigating the DarkSide variant since October 2020, and has determined that it’s a ransomware-as-a-service attack, meaning “criminal affiliates conduct attacks and then share the proceeds with ransomware developers,” she said.

Though news reports have tied DarkSide to Russian operatives, President Biden said Monday that “so far, there’s no evidence…from our intelligence people that Russia is involved, although there is evidence that the actors [behind the ransomware are] in Russia, [so] they have some responsibility to deal with this.”

Colonial Pipeline cyberattack shuts down pipeline that ...

The Chicago Tribune along with other media sources post the notion that this should not last long:

The operator of a major U.S. pipeline hit by a cyberattack said Monday it hopes to have service mostly restored by the end of the week.

Colonial Pipeline offered the update after revealing that it had halted operations because of a ransomware attack the FBI has linked to a criminal gang.

The ransomware attack on the pipeline, which the company says delivers roughly 45% of fuel consumed on the U.S. East Coast, raised concerns that supplies of gasoline, jet fuel and diesel could be disrupted in parts of the region if the disruption continues.

At the moment, though, officials said there is no fuel shortage.

The Colonial Pipeline transports gasoline and other fuel through 10 states between Texas and New Jersey, according to the company.

Colonial is in the process of restarting portions of its network. It said Sunday that its main pipeline remained offline, but that some smaller lines were operational. The company has not said when it would completely restart the pipeline.

“The time of the outage is now approaching critical levels and if it continues to remain down we do expect an increase in East Coast gasoline and diesel prices,” said Debnil Chowdhury, IHS Markit Executive Director. The last time there was an outage of this magnitude was in 2016, he said, when gas prices rose 15 to 20 cents per gallon. But the Northeast had significantly more local refining capacity at that time, potentially intensifying any impact.

The FBI and others got the attribution right on this one and did so very quickly.

The group behind the ransomware that took down Colonial Pipeline late last week has apologized for the “social consequences,” claiming that its goal is to make money, not cause societal problems.

According to Vice, the group’s apology was posted to its dark web site. It reads:

We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.

Our goal is to make money and not creating problems for society.

From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.

According to NYT cybersecurity reporter Nicole Perlroth, DarkSide isn’t necessarily associated with a specific nationstate, but it does tend to avoid holding victims for ransom if their systems are running in certain Russian and Eastern European languages (see embedded tweet below). Bloomberg reports that the group is known to speak Russian.

Source:

Imagine the other worldwide pipeline systems and their respective responses such as all of Europe.

Natural gas pipelines of Europe and surrounding regions ...

 

Audio Proves John Kerry is a Traitor

Mohammad Javad Zarif, the Iranian Foreign Minister and long time friend of John Kerry, had an interview recording with an economist Saeed Leylaz in March. The call was recorded and leaked to a London based Persian news outlet called Iran International.

Inside the call, Zarif revealed that the Iranian Revolutionary Guard Corps actually runs the country and often is at odds with Zarif. Additionally admitted was the death of Qassim Suleimani, the commander of the Guard’s elite force known as the Quds Force has damaged the country. Suleimani exploited his power in the nuclear deal, the war plans in Syria as well as ground operations.

US senator tells John Kerry to resign from Biden ...

Based on how the New York Times twists the facts and alters the full truth, there are some details spelled out that are interesting, found here.

There are already calls in Washington DC for John Kerry to resign and there is justification for that however not before there is a full hearing in the Senate. Why you ask? Also included in the Zarif interview was the admission that John Kerry often spoke to Zarif and in a particular case shared the highly classified fact(s) that Israel was behind at least 200 airstrikes in Syria. Zarif says he was shocked that Kerry would reveal such protected information and betray Israel.

 


It cannot be understated that John Kerry has split loyalties and his advocacy for Iran continues to be extraordinary. Kerry does in fact maintain security clearance and does sit on the Biden National Security Council as the climate czar. Frankly that position is likely to be just an official cover to continue his foreign policy work with U.S. adversaries including China and Russia.

It is hardly as surprise that the Biden White House refuses to comment, stating they do not respond to leaked tape(s) or the authenticity. Well, hey Biden people, you opened communications channels with Iran to restart the nuclear deal talks, so pick up the phone and call Zarif to gain authenticity. Yeesh.

It should be noted that when one has security clearance, a signature is required that includes a major stipulation that the candidate is subject to Federal prosecution if classified material is divulged and not approved for release. Perhaps it is time to use the FISA court for a real intended purpose and issue subpoenas for John Kerry’s communication(s) records including enlisting the NSA for the validation of emails, phone calls, encrypted text messages or written documents. John Kerry should be suspended from all official government positions and activity until a full hearing is performed.

The next question is what will Israel do in this case? It is interesting that Israel did send an envoy to the U.S. just a few days ago including those from the Mossad for discussion at the Department of Defense. It should also be noted that Secretary of Defense Lloyd Austin visited Israel on April 12/13th for discussions regarding the mysterious Natanz explosion where enriching uranium was advancing as a faster pace. There were likely many other items discussed during this confab, quite possibly the Zarif interview, John Kerry and sanctions.

This is a brewing scandal and the Biden White House needs to come clean.

Meet David Chipman, Biden’s New ATF Director

Biden announced his gun czar at a presser on April 8, 2021. Who is he?
Well, this cat wrote an opinion piece a few weeks ago. In part noted by Newsweek:

(…) declaring that the Constitution’s Second Amendment envisions firearms as being “well regulated.”

Chipman’s article, printed in The Roanoke Times, criticized local governments in Virginia that responded to state legislative firearm reform efforts by declaring themselves as “Second Amendment sanctuary” counties. These counties’ sheriffs and local officials claimed that the Constitution allowed them to block any laws that violated gun owners’ freedoms. “The Second Amendment envisions firearms as being ‘well regulated,’ and individual sheriffs aren’t entitled to decide whether a particular regulation is constitutional—that’s the job of the courts,” Chipman wrote. He also accused local sheriffs and officials of stoking fears, spreading lies and valuing “unregulated access to guns above the lives of their neighbors.”

Chipman studied justice as an American University undergraduate and studied management as a Johns Hopkins University master’s student.

A year after graduating from American University, he began a nearly 23-year career at the ATF. During that time, he worked as a special agent in charge of ATF’s firearms programs and also as a member of the ATF division bearing similarity to special weapons and tactics (SWAT) teams in police departments. He also reportedly disrupted a Virginia firearms trafficking operation that supplied illegal guns to New York City while working at the ATF.

Former ATF Special Agent David Chipman delivers remarks ...

After leaving the agency, he worked for a year and a month as a senior advisor for the municipal firearm reform advocacy group Everytown for Gun Safety. He also worked nearly three years as senior vice president of public safety solutions for ShotSpotter, a gunshot detection system.

***

Chipman, an ATF veteran, works also for the former Rep. Gabby Giffords team on gun control issues.

Reforms, rules and regulations, otherwise called initiatives include:

 

Beware…more to come.