Pipeline Hackers Say They’re ‘Apolitical,’ Will Choose Targets More Carefully Next Time

“Our goal is to make money, and not creating problems for society,” the statement continues.
May 10, 2021, 2:09pm
Colonial Pipel
Image: Luke Sharrett/Bloomberg via Getty Images
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The criminal hacking group suspected of being behind the ransomware attack on the Colonial Pipeline, which was shut down as a precaution in response, has published a new statement on its dark web site saying it is "apolitical."

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives," the statement from the DarkSide ransomware group reads.

Advertisement

The statement did not explicitly point to the Colonial Pipeline incident, but it was titled "About the latest news." Various outlets have reported that U.S. officials and private industry say DarkSide is behind the ransomware event. Dmitry Smilyanets, a cyber threat intelligence expert from cybersecurity firm Recorded Future, tweeted a screenshot of the statement on Monday. Motherboard verified the statement is available on DarkSide's dark web site. 

"Our goal is to make money, and not creating problems for society," the statement continues.

Do you know anything else about this ransomware incident? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The statement also indicated that the group may be making changes to how it operates and chooses targets.

"From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future," it read.

darkside.png

A screenshot of the message from DarkSide. Image: Motherboard

On Friday, the Colonial Pipeline Company said in a statement it had temporarily shut down all of its pipeline operations in response to a hack. In an update on Saturday, the company confirmed the hack involved ransomware. The company shut down the pipeline as a precautionary measure; the ransomware itself did not directly cause the shutdown.

The pipeline is particularly important to the East Coast; it transports 45 percent of the region's fuel. The company added in an updated statement on Sunday that while its mainlines remain shut down, some smaller lines are now operational.

In response to the shutdown, the Department of Transportation's Federal Motor Carrier Safety Administration issued an emergency declaration for 17 states and Washington, D.C., to keep supply lines open.

Subscribe to our cybersecurity podcast, CYBER.