The 'Evil Twin' Behind the Colonial Pipeline Cyberattack

A cyberattack hits the real world... Another threat to the economy... The reach of the Colonial Pipeline... The 'evil twin' behind the Colonial Pipeline cyberattack... The dirty underbelly of the dark web... How to add cybersecurity exposure to your portfolio...

As we write today, the clock is ticking on higher gas prices along the U.S. East Coast...

And it's not because of the typical supply and demand dynamics of oil or gas production... the inflation realities in a "reopening" U.S. economy... or freezing temperatures and power-grid mismanagement in Texas, like what happened just a few months ago.

No, the root cause of the scenario we're describing – tens of millions of innocent folks in states from Georgia to New York facing potentially higher energy prices, or even worse, an oil shortage – is something else that we've feared for a while...

We're talking about a cyberattack that has touched the "real world" in a big way.

It's an attack that could potentially disturb the everyday lives of millions of people and thousands of companies from all walks of life... and has already put cities, towns, and states in the crossfire of a seemingly unending and escalating global digital war that the U.S. is losing.

You've probably seen the news by now...

On Friday, Colonial Pipeline – a privately held company that operates more than 5,500 miles of oil and gas pipelines from Texas to New Jersey and delivers about 45% of the fuel for the East Coast – became the latest high-profile victim of a crippling, foreign cyberattack.

Hackers, reportedly either members of a Russian-based group called DarkSide or at least working in concert with the group, injected malicious "ransomware" code into Colonial's computer systems.

Below is a typical example of a DarkSide ransomware notice that appears on victims' computer screens. As you can see, the message demands money (a lot of bitcoin, in this case) in exchange for digital freedom – and it usually includes at least a little bit of broken English...

If this were to appear on anyone's computer screen, it would scare the heck out of you.

Now, imagine if you were an employee at a company that is a critical, "behind the scenes" player in our daily lives, like Colonial... On a regular day, it transports more than 100 million gallons of fuel (about 2.5 million barrels per day) – including gasoline, diesel, jet fuel, and home heating oil – from refineries along the Gulf Coast to destinations into the Northeast.

The fuel in Colonial's pipelines ends up in airplanes at major airports in Atlanta and here in Baltimore, for example.

The hackers appear to have gained access to Colonial's network via its cloud-computing software...

Regular Digest readers know we've talked a lot about the great business model known as Software as a Service ("SaaS"), in part for its ease of use and scalability via remote cloud-based software.

These often subscription-based programs let companies manage and grow their businesses. And in the meantime, the SaaS providers make recurring revenue.

It's a win-win relationship... But only if both sides are well-meaning.

In the wake of the Colonial attack, it has become crystal clear to many observers that an evil twin to the SaaS business model exists... It operates in the exact same way for nefarious purposes.

According to Boston-based cybersecurity firm Cybereason, DarkSide is a relatively new organized group of hackers that uses the Ransomware as a Service ("RaaS") business model to make money. (Yes, it seems there is an "as a Service" model for everything these days.)

This kind of software isn't just bought through the cloud... The hackers in this case entered Colonial's computer systems through a cloud-based system, too, which the company took offline on Saturday.

The dirty underbelly of the dark web...

DarkSide is a group of people that operates on the dark web, which most everyday people cannot see. The group develops ransomware tools and sells them to other potential criminals, who then can earn "affiliate" revenue from each successful ransom payment.

These criminals "encrypt" their victims' networks so they can't access them... and demand money in return to unlock their computer systems.

DarkSide operates like a business, even soliciting coverage from journalists when the group releases a new update. And it's apparently concerned about public relations spin, too...

Today, the group shared a confoundingly remorseful statement through the Cybereason firm, claiming that it would start "moderation" of who the software is sold to in the future.

In its message, the group said...

We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our (sic) motives. Our goal is to make money, and not creating a problem for society.

From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.

As if just stealing someone's money on the Internet is any better...

In the case of the Colonial attack, it doesn't appear that a ransom payment has been made. Of course, victims like Colonial usually pay a price anyway, with their information often posted on the dark web for bad actors to use however they wish. According to the Reuters news service...

DarkSide's site on the dark web hints at their hackers' past crimes, claims they previously made millions from extortion and... features a Hall of Shame-style gallery of leaked data from victims who haven't paid up, advertising stolen documents from more than 80 companies across the United States and Europe.

At the very least, breaching a network can lead to suspended business or "social consequences," as the attackers say.

That's the case here...

For the past several days, Colonial has been in damage control...

The company is working with cybersecurity companies such as FireEye (FEYE), as well as the U.S. government, to ensure that all of its networks – which, of course, are digitally connected these days – are safe.

But as we write this afternoon, Colonial isn't sure when the networks will be fully safe. That means most of the normal fuel supply to the East Coast is not flowing. On Sunday, Colonial said it had shut down its four main pipelines.

Today, the company said it only hopes to "substantially" restore service by the end of the week. And it sounds like it might take longer...

According to Stansberry Innovations Report editor John Engel, who covers cyberspace and other emerging industries closely, there is likely still major work to be done...

The Colonial pipeline systems were shut down purposefully to prevent continued penetration of its network infrastructure. The hackers are still lurking, likely hiding a portal into the system that Colonial is trying to track down before it can regain normal operations and fire the systems back up.

If this goes on a few days longer – and based on past incidents, we suspect it will – normal business will be disrupted even more. You see, according to Colonial, its deliveries routinely occur on a five-day schedule, so customers can plan their service and supply consumers.

Five days from last Friday would be this Wednesday – just two more days from now. So the stakeholders involved are scrambling against the clock to avoid supply shortages (and higher prices) in some of the most highly populated parts of the country.

Even in the best-case scenario, it's likely this 'real world' situation will not be resolved for a while...

When a gallon of gasoline is injected into Colonial's pipeline in Pasadena, Texas, for example, it takes about 18 to 21 days traveling at a rate of four miles per hour to reach Linden, New Jersey, the northern extent of its system.

Linden is right across a small river from New York City, an area dotted with smokestacks that we've driven through many, many times... as do many travelers up Interstate 95 at all hours of the day and night.

Last night, gasoline futures hit $2.216, their highest level since May 2018. They came down slightly today when Colonial said it planned to bring back at least some business by the end of the week... But of course, the jury is still out whether that proves to be true.

In any case, this fear of rising gas prices is far from what anyone wants to see when inflation is already a daily-debated threat to the U.S. economy.

And that's really the point here...

These cyberattacks – like the massive SolarWinds (SWI) software "supply chain" breach or the Equifax (EFX) disaster in 2017 – seem to be growing in frequency and reach. And being digital in nature, their impact on the economy really can't be imagined by most people until they happen and it's too late.

As we've written before, cyberattacks are almost the "same old story" at this point... And yet, people still aren't taking them seriously enough. As we wrote in the January 13 Digest about the SolarWinds plot...

We also know that the networks of more than 18,000 of SolarWinds' customers were breached... and SolarWinds' clients include U.S. government agencies like parts of the Pentagon, the departments of the Treasury and Homeland Security, and several corporations that control the country's power grid.

We hope it doesn't take something like the power grid being disrupted to really get people's attention...

SolarWinds is now scrambling to find out precisely what happened... how much the hackers got access to... for how long (it might be even longer than first thought)... and what they might be doing with the information now.

That sounds familiar, doesn't it?

We also talked about this when a water-treatment facility in Florida was breached in February, via a remote-work platform... and when the Baltimore County school system and dozens of others across the U.S. were hacked in 2020.

It's clear we have a problem, but what is the solution?

Prevention, of course, is the best thing. But that has proven to be easier said than done...

If we know anything about cybercriminals, it's that they never stop working. And they're constantly trying to stay ahead of the latest security measures.

We also know that it often takes less time to hack a system than it does to fix it. It has been that way since the first computers were developed decades ago.

So far, the U.S. has skated through the Internet era without experiencing a truly extensive and public cyberattack crisis (one that would become common knowledge like a terrorist attack). But in our opinion, those days are numbered...

This story should push the threat of cyberattacks and what's happening on the dark web up the list of risks discussed daily in government briefings a bit more than they were.

At least we hope.

In the meantime, American companies find themselves on the frontlines of a hot cyber war...

But of course, we also know that the U.S. government isn't exactly the place where innovation always comes first or happens overnight. Usually, it comes from the private sector... then the government catches up.

That's why we believe the private companies dedicated to the cybersecurity business are becoming more and more essential with each and every attack made on U.S. soil.

And that brings us to the best ways to add cybersecurity exposure to your portfolio...

As we wrote in the February 10 Digest, after the water-treatment plant breach...

In most cases, municipalities and private companies are literally left to their own devices to protect their systems from digital attacks... as if they could protect themselves from physical missiles shot across the ocean. That's a tall task.

Cyber defenses in the U.S. are a largely disorganized patchwork. And if the country is going to actually protect itself from an endless stream of foreign invaders moving forward, public-private partnerships will be crucial...

Or, as our colleague Dr. David "Doc" Eifrig put in the March 26 issue of his Retirement Trader advisory, if you want exposure to the cybersecurity space in your portfolio, it's a good bet to consider owning shares of the companies that do "the work the government doesn't know how to do."

Companies like FireEye, which is helping Colonial clean up the mess today, are good at retroactive analysis of cyberattacks. But according to John from our Innovations Report newsletter, there are companies better suited to preventing these attacks to begin with...

He has recommended one of them in the Innovations Report before – industry leader Palo Alto Networks (PANW). The stock is out of John's recommended "buy" range today, but folks who took his initial advice back in April 2020 are sitting on 80% gains right now.

In the SolarWinds hack, for example, Palo Alto's firewall technology blocked attacks where other software failed.

As John wrote in a special report for subscribers in February, Palo Alto's software even "learned" from the event and applied software updates to other customers' firewalls, which kept their networks from being breached.

Today, John told us in a private note...

Palo Alto is one of the best front-line defenses against hackers. That's not just my opinion, either... Gartner Research has named the company the most effective firewall technology every year for the past decade.

The company has relationships with federal and national governments all over the world.

Like we said, shares of Palo Alto are well above John's recommended buy price today, but if you haven't checked out our Innovations Report product and want to follow the cybersecurity story closer than we do in the Digest, we can't think of better people to follow than John and contributor Dave Lashmet.

In the Innovations Report, John and Dave cover cybersecurity extensively, along with other big trends in technology – like gene editing, robotics, artificial intelligence, 5G, cloud computing, video gaming, driverless cars, military and space technology, and digital payments... And with the help of Crypto Capital editor Eric Wade and his team, they also cover the latest in blockchain and crypto technologies, too.

In fact, it was in an e-mail from Dave over the weekend that we first learned about the scope of the Colonial attack.

Second and more important, John and Dave have an eye on another leading cybersecurity company, and a host of other companies in their "Innovators and Disruptors Model" that they would recommend if valuation were no object (which, of course, it is to us).

When these companies drop to an attractive price, that's when John and Dave like to pounce and buy names from this "wish list of the most innovative companies on the planet," as they say. And they'll send out buy instructions as soon as they feel it's the right time.

So, if you want to stay ahead of the trends in cybersecurity and many more areas of emerging technology, we don't think you'll find a better way to do it than with our Innovations Report.

If you don't already have a subscription, you can click here to get started. And existing subscribers can find John and Dave's latest issue right here. Their next issue is due out next Friday, May 21.

Is Dogecoin a 'Middle Finger' to the System?

Our colleague Daniela Cambone catches up with Todd "Bubba" Horwitz of bubbatrading.com for his take on Dogecoin's rapid rise and whether it's a revolt against the Federal Reserve...

Click here to watch this video right now. For more free video content, subscribe to our Stansberry Research YouTube channel... and don't forget to follow us on Facebook, Instagram, LinkedIn, and Twitter.

New 52-week highs (as of 5/7/21): ABB (ABB), American Financial (AFG), Altius Minerals (ALS.TO), American Homes 4 Rent (AMH), American Express (AXP), Axis Capital (AXS), Brunswick (BC), Bunge (BG), Berkshire Hathaway (BRK-B), Brown & Brown (BRO), CBRE Group (CBRE), Richemont (CFRUY), Comcast (CMCSA), CVS Health (CVS), Quest Diagnostics (DGX), Eagle Materials (EXP), Expeditors International of Washington (EXPD), SPDR EURO STOXX 50 Fund (FEZ), Comfort Systems USA (FIX), W.W. Grainger (GWW), Home Depot (HD), iShares U.S. Home Construction Fund (ITB), JPMorgan Chase (JPM), Nuveen Preferred Securities Income Fund (JPS), KB Home (KBH), Lennar (LEN), LGI Homes (LGIH), Cheniere Energy (LNG), Markel (MKL), 3M (MMM), Mosaic (MOS), Motorola Solutions (MSI), MasTec (MTZ), Annaly Capital Management (NLY), NVR (NVR), Oshkosh (OSK), Invesco S&P 500 BuyWrite Fund (PBP), Invesco High Yield Equity Dividend Achievers Fund (PEY), VanEck Vectors Russia Fund (RSX), Rayonier (RYN), Sprott (SII), ProShares Ultra S&P 500 Fund (SSO), Suncor Energy (SU), TFI International (TFII), Texas Pacific Land Trust (TPL), Travelers (TRV), Trane Technologies (TT), United States Commodity Index Fund (USCI), Valmont Industries (VMI), Vanguard S&P 500 Fund (VOO), W.R. Berkley (WRB), Health Care Select Sector SPDR Fund (XLV), and Alleghany (Y).

*** In today's mailbag, feedback on Dan's Friday Digest and Elon Musk's star turn as the host of Saturday Night Live. Do you have a comment or question? As always, e-mail us at feedback@stansberryresearch.com.

"Dan, you are by far my favorite [Stansberry] writer, it's because of you that I finally bought Bitcoin (at around 9k). But, to suggest that 100% of Peloton owners are going to send back their treadmills is just plain ludicrous. I don't even own a treadmill, but I know how much of a PITA it would be to try and send one back.

"There have been 72 incidents which equates to .06% (72/125k) which means the other 99.94% owners might absolutely love their treadmills and know how to use them properly without getting hurt. Do you honestly believe they are going to go through the trouble of sending back a treadmill that they love? Call me crazy, but I'm seriously sitting here just shaking my head at that suggestion.

"I would be amazed if more than 10% send back their treadmills, and wouldn't be surprised if less than 2% actually send them back. I believe this will be a blip on the radar that will long be forgotten in a year or two. And, no, I don't own or plan to own the stock. Just making an observation." – Paid-up subscriber Mike B.

"If the fact that Elon Musk hosting Saturday Night Live (and the associated Dogecoin madness) is not the ultimate sign of the final inning of the Bull Market, I don't know what is.

"And with the epic jobs miss, we can expect continued fiscal and monetary support from here. IMO, we are at the beginning of the biggest blow off top in history. Be long... .but be ready! Thank you Stansberry Research!" – Paid-up subscriber Will A.

Corey McLaughlin comment: Thanks for the note and observations, Will. The Dogecoin sell-off during and after Musk's TV appearance on Saturday night was pretty spectacular, we must say...

Dogecoin's price dropped 30% (from roughly $0.66 to $0.45) in the hours after Musk called it a "hustle" during his Weekend Update appearance as a fictional cryptocurrency expert, Lloyd Ostertag... The character repeatedly struggled to explain what Dogecoin actually was.

On a related note, we haven't watched Saturday Night Live in a looong time... But given our interest here, we watched most of the skits on replay over the weekend.

And we agree with Empire Financial Research founder Whitney Tilson's take on the show in his free daily e-letter today... The episode, as a whole, was mediocre. It made us long for the Chris Farley or Adam Sandler days of the show... but Musk was actually pretty funny.

In Musk's opening monologue, he said he was the first person with Asperger syndrome to host the show – "or at least the first to admit it." He also played a cowboy... Super Mario's archrival Wario... and the manager of a Mars space program, as he aspires to in real life, too.

All the best,

Corey McLaughlin
Baltimore, Maryland
May 10, 2021