Pipeline cyber attackers on U.S. pipeline say they're 'apolitical,' motive is money: reports

"If Putin did it, the Russians would make it as difficult as possible to trace it to a hacking incident," U.S. counterterrorism official says.

Published: May 10, 2021 4:08pm

Updated: May 11, 2021 9:54am

A Russia-based cyber criminal gang accused of shuttering a critical U.S. fuel pipeline issued a statement on Monday saying its goals are purely financial and nothing to do with "geopolitics."

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives," said the DarkSide cyber hacking group, according to reports. "Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

The statement comes as the targeted company, Colonial Pipeline, scrambles to restore its systems and avert a major disruption in the U.S. fuel supply along the country's East Coast.

Roughly 45% of the region's fuel comes through the pipeline that starts in Texas.

The ransomware attack occurred Thursday, according to the FBI, which on Monday confirmed DarkSide as the perpetrators.

"The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks," the FBI wrote in a Monday statement. The group is known to be based in Russia.

In a ransomware attack, hackers break into computer systems and obtain vital or proprietary information, and also encrypt the victim's data. The hackers hold the systems hostage, and offer to unlock the data in exchange for money.

The announcement Saturday of the attack resulted in immediate speculation about whether the Russian government was involved. Intelligence sources told Just the News that scenario is not probable.

"Anything along these lines that comes out of Russia you have to look into whether the Kremlin is involved," a U.S. intelligence official told Just the News. "It's tempting to say Putin did it, but that's not realistic." 

That view was shared by another U.S. government executive.

"If this were really a Putin retaliation operation, you would most likely be looking at actual physical disruption of the pipeline, to include oil spills and broken equipment," a senior U.S. government counterintelligence official said. "If Putin did it, the Russians would make it as difficult as possible to trace it to a hacking incident. They would play this out like it was an industrial accident."

President Biden said Monday afternoon that evidence so far does not point to the Kremlin.

The DarkSide group is a relatively new yet highly skilled operation that portrays itself as a cyber gang with a heart, allegedly claiming to leave hospitals, schools, and governments untouched while targeting wealthy major corporations.

A Romanian security firm in January offered a free decryption tool to allow DarkSide targets to recoup their stolen files without paying ransom. The tool is offered by Bytedefender, which gives instructions on how to decrypt locked files.

The pipeline company did not immediately respond to Just the News when asked whether it has used or plans to use the Bytedefender tool.

The Facts Inside Our Reporter's Notebook

Unlock unlimited access

  • No Ads Within Stories
  • No Autoplay Videos
  • VIP access to exclusive Just the News newsmaker events hosted by John Solomon and his team.
  • Support the investigative reporting and honest news presentation you've come to enjoy from Just the News.
  • Just the News Spotlight

    Support Just the News