From May 7th through the evening of May 12th, America's largest supply network for gasoline, diesel, heating oil, and jet fuel was shut down.
As of Thursday morning it is back online, though it will take a while for the typical rate of delivery to resume.
Under normal circumstances, the Colonial gas pipeline network is responsible for moving more than 100 million gallons of fuel every day, transporting it from refineries in Texas all the way up to New York, with offshoots all along the eastern seaboard. That's around 45% of the fuel supply for the east coast.
But last week that network was shut down thanks to a ransomware attack from a group known as DarkSide. And, as a result, gas prices have been spiking, with the national average topping $3 a gallon for the first time in years.
Predictably, a sense of panic has gripped the populace, particularly in some Southern states, where long lines have been forming for the pumps. More than a thousand gas stations were fully tapped, and many others started placing limits on how much their customers could buy.
If the hackers' purpose was to cause as much chaos as possible, this would all be a rousing success. But was that really their motivation, or are they after something else entirely?
Who Is DarkSide?
The more you look into them, the less they sound like a criminal gang. Rather, the data thieves at DarkSide give off the vibes of a tech startup, with promotional materials that talk about clients, affiliates, tech support, financial evaluations, and their sterling (criminal) reputation.
The organization is based somewhere in Eastern Europe, with roots in a Russian-language hacker forum, but early rumors that they have ties to Vladimir Putin and the Kremlin seem to be baseless. They claim to be independent of political ties, and that certainly matches their tactics.
According to their public statements, they always assess their target companies carefully — making sure they'll be able to afford a steep ransom payment — before striking. They also claim to have a principled stance against targeting companies in the fields of medicine, funeral services, or education, as well as non-profits and government entities.
Whether this ethics code is truly based on a sense of morality, or if it's just a matter of avoiding the added scrutiny and bad press that would come with attacking a hospital is unclear, but it all comes across as very professional and corporate. They even "guarantee" the reliability of their service.
Since launching in August of 2020, they have advertised their services to other hackers and have grown quickly thanks to the systematized efficiency they provide. The only real difference between DarkSide and any rapidly emerging "disruptor" in the tech world is the specific service they provide.
Namely, once an "affiliate" (hacker) gains access to a company's data, DarkSide steals it, locks the company out with high-level encryption, and holds that information hostage until the company pays out. If their target is unwilling to pay a steep ransom, DarkSide starts leaking their data to a dedicated website, with notifications sent to the media, business partners, and customers.
It's a very businesslike approach that reflects a very businesslike set of priorities. As DarkSide themselves recently put it, "Our goal is to make money and not creating [sic] problems for society." They even promise to provide their target companies with information about how they were compromised, so they can patch holes in their security.
But if they're only after money, why did they target such an essential piece of America's energy infrastructure? If they don't want to create problems for society, uh...why did they?
Unforeseen Consequences
The short answer is that it was a mistake. For all the care they claim to put into their work, they overlooked certain details this time around and have caused bigger problems and invited more negative attention than they ever intended.
As any good corporation would in these circumstances, they have promised to do better in the future. They insist that, going forward, they will "introduce moderation, and check each company that our partners want to encrypt to avoid social consequences."
The longer answer is that America's energy infrastructure is particularly vulnerable. If DarkSide was only looking at Colonial Pipeline Company's financial bona fides, they may have missed how crucial that pipeline has become and how hacking one company's data — without even interfering with the pipeline directly — could cause so much chaos.
That wasn't always the case. Once upon a time the northeast did a lot of its own refining of oil shipped in from overseas, but the decades-long push to make America "energy-independent" has shifted consumption to local supplies of oil, and more than half of the northeast's refining capacity has been shut down.
As a result, we've been facing gas shortages just like those in the 1970s under Jimmy Carter...if you don't care to look past the surface. Even The New York Times has been throwing around "crisis in confidence" callbacks; but in truth, the similarities are practically non-existent.
Unlike the 1970s, when OPEC was deliberately strangling the oil supply, there really is no shortage of oil or even of gasoline. Oil is still being slurped up and refined into gasoline. Even the mechanics of the pipeline hadn't been affected directly by DarkSide's attack.
The only problem interfering with the pipeline — until it was resolved on Wednesday night — was that Colonial Pipeline Company's billing system had been knocked out. They couldn't get paid, so they stopped delivering to their customers.
It could still be delivered by truck, and the Biden administration even declared a state of emergency in order to relax regulations around that method of transport. And even if tanker trucks hadn't been an option — admittedly, there weren't enough drivers to meet demand — this was always understood to be a temporary situation.
Because of the professionalism of the criminals involved, there was never a question of getting the pipeline — or the company's accounting system — up and running. It was just a question of whether it would take a few days or something in excess of a week.
It turned out that it took about five days to get the system back online, and it's expected to take several more to get it back up to 100%. In other words, a full tank of gas would probably have lasted most people through this "gas crisis" without sending gas prices skyrocketing. So what happened?
The Viral Gas Hoarders
People freaked out. Like the toilet paper debacle of 2020, what should have been a minor issue of supply chains adjusting to a new normal became a serious problem thanks to the selfish overreactions of the worst among us.
As soon as the news hit that there could be some minor shortages and a temporary price increase, the panic started. Images and videos of people filling car trunks and truck beds with plastic gas cans were outdone by the people filling plastic buckets, storage bins, and massive tote tanks.
Never mind the fact that many plastics will warp or dissolve in the presence of gasoline. These people weren't going to let a temporary shortage pass them by without panic-buying.
While perhaps the most iconic example — a video of a woman filling plastic bags with gasoline — turned out to actually be from 2019, the panic was real. And it was viral in more ways than one.
Let's say one person decides to fill an extra 20 gallons of standard gasoline containers at the pump. They take about twice as long as they usually would, and a small line of cars starts to form. Someone driving by sees that line and decides that this gas crisis thing must be real, and figures — even though they have more than half a tank — they should fill up now, before things get worse.
Next thing you know, that line of cars is spilling into the street, the gas station is starting to run low, and people are calling and texting friends and loved ones, sharing images of the gridlock on social media, encouraging others to take this "gas shortage" seriously and fill up any vehicles and containers they have. And so the virus of gas panic spreads…
A Long-Term Solution?
But now that there's light at the end of the tunnel for this temporary panic, how do we ensure that this kind of thing doesn't happen again? After all, if DarkSide had approached this with more malicious intent, it could likely have been much worse.
So how do we secure our critical energy infrastructure to prevent this kind of issue in the future? If we take it for granted that we probably can't change human nature enough to stop people from panicking and hoarding at the first sign of an issue, there are still a number of options.
For a start, we could mandate comprehensive cybersecurity for companies that provide critical services, preventing this kind of ransomware attack from happening in the first place. Or we could even nationalize pipelines so a profit motive and disrupted billing don't get in the way of delivering what people need.
But there will always be vulnerabilities in a system that relies on centralized infrastructure like pipelines. The most important solution is to wean ourselves off of fossil fuels altogether. If electric vehicles charged by decentralized power sources — e.g. home solar panels — were the norm in the U.S., a gas shortage would be nearly meaningless, and there would be no central energy hub vulnerable to attack.
Renewables should be at the center of any push for energy security. Even the issues with the Texas power grid during February's freezing weather — though falsely attributed to wind power by many on the Right — were mostly due to issues with fossil fuels and private greed. Widespread adoption of small-scale solar power could actually have buffered the grid against the worst outcomes.
This would also be a great way to avoid the environmental and societal damage of pipeline leaks and spills, like the 2020 instance of more than a million gallons of gasoline spilling out of the Colonial Pipeline in a North Carolina town. While that's perhaps the worst pipeline incident in America's history, there's no shortage of competition, with significant damage to natural habitats and crucial water supplies.
And, as long as we're on the topic of pollution, it's worth pointing out that, if we don't make a dramatic shift off of fossil fuels, climate change is going to get so much worse. They are the single greatest source pumping greenhouse gases into the atmosphere, adding energy to complex weather systems, and making freak incidents like February's polar vortex far more common and devastating.
So if you hate gas crises almost as much as you hate the gradual collapse of civilization as a shifting climate brings on natural disasters, disrupting food production and displacing communities around the world, then the obvious way forward is to treat fossil fuels as the evil that they are and to shift away from them as quickly as we possibly can.
Or we can embrace our Mad Max future, let the hoarding virus take us, and start lining up to fill our buckets with guzzoline...