Comment: Cyberattacks affect more than just big corporations

By Petula Dvorak / The Washington Post

Sunny Tran, a 36-year-old nail technician with tattooed biceps and a minivan, couldn’t blame his crummy Thursday-morning drive on the usual Maryland traffic.

No, he was traveling all over Prince George’s County looking for a station that still had gas, because some dudes who are thousands of miles away — most likely in Russia — hacked the computer system of the pipeline that delivers fuel to cities up and down the Eastern Seaboard.

When Colonial Pipeline announced the attack Friday, people rushed to panic-buy fuel, snowballing the problem. You could almost hear “My Sharona” playing on an eight-track in the background as the East Coast was transported back to the fuel crisis of 1979, when gas-station lines stretched for ages.

I whipped out my phone to check my GasBuddy app when I heard the news, and sure enough all the spots along my errand route in Prince George’s showed a gas pump crossed out.

DarkSide, the self-important cyber-bandits who claimed responsibility for the attack, sound as if they’ve watched “Money Heist” one too many times, borrowing from the wildly popular Spanish series’s premise; that you can steal without hurting people.

“We are apolitical, we do not participate in geopolitics,” read an online statement from DarkSide. “Our goal is to make money, and not creating problems for society.”

They issued a declaration of their ethics, saying they won’t launch their ransomware into the computer systems of medical institutions, funeral homes, educational institutions, nonprofit organizations or the government sector; they don’t want to hurt everyday people.

How sweet.

Except that’s never the case. Everyday people always get hurt.

Just a few days before the pipeline attack, the members of the House Homeland Security Committee were warned of the coming danger of ransomware attacks.

“Considered a low-dollar, online nuisance crime only a few short years ago, ransomware has exploded into a multibillion-dollar global racket that threatens the delivery of the very services so critical to helping us collectively get through the covid pandemic,” said Christopher Krebs, who formerly headed the Department of Homeland Security’s cybersecurity agency and testified before the House panel’s subcommittee on cybersecurity, infrastructure protection and innovation on May 5.

“To put it simply, we are on the cusp of a global pandemic of a different variety, driven by greed, an avoidably vulnerable digital ecosystem, and an ever-widening criminal enterprise,” Krebs said, according to his written testimony.

Just last year, more than 115,000 kids were slammed by a different group of cyber-bandits who thought that Baltimore County Public Schools would be a good target for some fast cash.

Way to go, evil geniuses. Thousands of kids were home without lessons for days — adding insult to the ongoing pandemic-induced injury to their educations — when ransomware froze the schools’ system.

Walter Augustus Tyler, a 54-year-old former boxer and retired Army veteran, has been trying hard to be the point man for his 10-year-old son’s education while his wife telecommutes in their Landover home.

But in November the lessons stopped, thanks to the ransomware attack. His son “missed days of school because of that,” Tyler said.

The 10-year-old was already struggling with online lessons and social isolation. “I’ve seen his whole personality change in this,” Tyler said. More disruption did little good.

It wasn’t just days of missed lessons at 174 schools. That hack ended up costing one of the nation’s 25 largest school districts at least $1.7 million.

How about the great irony of hooligans using ransomware called RobbinHood to cripple the entire city of Baltimore in 2019?

While robbing the poor to give to the evil — demanding just 13 bitcoin (around $100,000 at the time) — they cost the city $18 million and caused chaos in city departments. Because of the hack, people couldn’t even pay their water bills. And months later, when the attack was over, many Baltimoreans faced huge tabs from the backlog.

The city created payment plans and programs to help people avoid getting their water shut off. Even with those, households drowned in bills. A group that helps people with access to water, the Human Utility, paid nearly $25,000 in Baltimore utility fees to keep the spigots open.

This breed of hackers targets cities and organizations that have weak IT systems, which is often the case for municipalities and school districts without fat war chests. And while the hackers may puff their chests in moral superiority, everyday Americans become the collateral damage.

These reverse Robin Hoods are hobbling vulnerable people and the everyday places we live our lives.

William Wellington, 28, was feeling the pain this week. He makes a living as a delivery driver in Prince George’s and was using the final fumes in his gas tank to find a place to fill up for a busy workday.

I asked to talk to him about it. He hesitated a bit — worried he would run out of gas — and turned the engine off. I took a lesson from the hackers and offered him the location of the one station I found that still had gas if he talked to me. We both laughed. He knew I was joking — I would have told him the location either way — but the light moment earned me a few minutes of his time.

Wellington knew all about the hackers, and it’s part of why he’s studying to work in the IT field. After he saw his girlfriend’s bank card get hacked — twice — he thought IT security would be a growth industry he should aim for.

“There are lots of opportunities there,” Wellington said. “It’s a new world. The computer can be like a sword.”

Petula is a columnist for The Post’s local team who writes about homeless shelters, gun control, high heels, high school choirs, the politics of parenting, jails, abortion clinics, mayors, modern families, strip clubs and gas prices, among other things. Before coming to The Post, she covered social issues, crime and courts.