Solar Winds Data Breach

[glenn239]

5 hours ago, Stuart Galbraith said:

Yes, but nobody ever used the argument that if a house fell from being bombed, it should have been better built. The prime responsiblity is upon the attacker, not the victim.

Bombing Russia in an air attack in response to a cyber attack is not an option because that'll go pear shaped in about a day.  You understand that, but you're just yanking everyone's chain.   

Quote

 I just have an unhappy feeling there is no such thing as a perfectly secure system. 

The UK wants to sail around the world like it's 1899.  You have to expect hard consequences for that.

[Nobu]

21 hours ago, glenn239 said:

But bombing Russia?  That's World War 3 because the counterattack will be right into Washington and the continental US, and then it's on.

Sending a few 2000lb bombs through the window of a particular embassy building in Belgrade seemed to get the message across to China and Chinese quite well.

[Mistral]

6 minutes ago, Nobu said:

Sending a few 2000lb bombs through the window of a particular embassy building in Belgrade seemed to get the message across to China and Chinese quite well.

And the fact that it sounds so absurd NOW shows you who is on the up and who is on a downward spiral.

Might makes right and the Chinese seem to have learned that lesson well, most recently in Belgrade as you said.  As for the Russians they have known it since the begining of time.

[Stuart Galbraith]

 

[glenn239]

1 hour ago, Nobu said:

Sending a few 2000lb bombs through the window of a particular embassy building in Belgrade seemed to get the message across to China and Chinese quite well.

Three problems with the idea.  First, the Chinese embassy in Belgrade did not have the world's best integrated air defense network on the planet.  Moscow does.

Second, as the war against ISIS showed, actually targeting specific people in air attacks in hostile territory is something that doesn't happen often.  You just don't snap your fingers and get that kind of actionable intelligence in the 10 minute window you need it in.

Third, the 2,000lbs bombs you are talking about would be returned to sender in equal or slightly heavier proportion.  Since you are adept at messaging, you would understand what that message would be and why it was sent.  What the specific targets would be, that would be anyone's guess. 

Edited July 6, 2021 by glenn239

[sunday]

4 hours ago, Nobu said:

Sending a few 2000lb bombs through the window of a particular embassy building in Belgrade seemed to get the message across to China and Chinese quite well.

That reminds me of something...

 

[Roman Alymov]

https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/

“Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures.”

So we see not only that attempts to link Russia to SolarWind breach were baseless (nothing new actually – as it was demonstrated in many cases from MH17 to Skripals miracle etc.,  no need for evidence to cry out Russia is guilty)  but that security agencies, despite of USD billions invested in them every year, are unable to find real perpetrators in time for political decision taken  - in other words, are incompetent. And incompetent organizations running countries with nuclear arsenals are quite worrying, taking into account their politicians are also hardly competent but always quick for action

. https://thehackernews.com/2021/04/us-sanctions-russia-and-expels-10.html

[Adam Peter]

Not that military, but still: Pegasus surveillance scandal: Hungarian ministers point fingers at each other

To counter the wiretap news, our religious, right-wing, nationalist, anti-LGBT+ people will start the long awaited Peace March from the US Embassy, because everyone know, who the real wiretappers are 😁

[rmgill]

A proportional response would be a DDoS attack against Russian infrastructure. Perhaps an infection and electronically caused malfunction of power plant or manufacturing facility software. Or simply black holing portions of the Russian internet. 

[Stuart Galbraith]

The problem is, as others have pointed out, the Russian economy is not nearly as digital as ours. So there is a real question if a cyber conflict occurred, whether they do or do not have escalation dominance. Its far easier to hurt us than it is them.

Which is why I think kinetic attacks have to be seriously considered in those circumstances. If they killed 200 people in hospitals through a widespread cyber attack,  it strikes me as fairly immature to claim that smart bombing key targets in return is a great escalation. Just because their method of attack was relatively ephemeral, it wouldnt mean the results are.

Or maybe Joe Biden pointed this out to them and they are all quaking in their boots about doing such a thing. Or alternatively, not.

[rmgill]

Except I've seen no indications that deaths resulted directly from cyber attacks. So it's down to causing monetary injury. 

[Stuart Galbraith]

11 hours ago, rmgill said:

Except I've seen no indications that deaths resulted directly from cyber attacks. So it's down to causing monetary injury. 

Not yet, no, which is probably a prime reason why we arent bombing anyone in retaliation.

If somebody figures out a way to hack traffic control systems or power grid systems, its probably only a matter of time. I do know NATO troops in a military cyber exercise were demonstrating an effort to defend train management systems against cyber attack. Which somebody sees them potentially at threat, certainly in Europe.

 

Edited August 17, 2021 by Stuart Galbraith

[Ssnake]

14 minutes ago, Stuart Galbraith said:

Not yet, no

The warnings about death from Cyber Attacks on "critical infrastructure" goes back at least 30 years. If at all, it's been very indirect when a hospital was attacked by ransomware. Really critical infrastructure is isolated from the internet (and if not, I'd say the operator is to blame, really). You don't install remote maintenance access in a nuclear power plant, period.

If the electricity grid was highly vulnerable (and in principle, it is) I have no doubt that we would have seen major outages to cyber attacks already. But we haven't. Where there were attacks, they couldn't be sustained for more than a few days. DDOS is a nuisance. Ransomware and espionage, especially through the software vendors themselves, are the biggest threats. The first at least can be countered with proper backups.

Yes, eventually someone might be successful in doing some real damage like on a hydroelectric power plant if you fully open and close the water influx in the right rythm to break the turbines below. But there's been ample warning for all responsible persons, and while you'll always find some idiot, I don't think that we'll see more than isolated incidents.

The cyber threat has been oversold. That doesn't mean it's not real, but it's mostly about espionage and extortion, and creating monetary damage. Furthermore, a sustained all-out cyber attack on a country or region doesn't appear very promising.

[Stuart Galbraith]

Well there was this, where someone hacked into a water treatment plant computer and altered the ratio of Sodium Hydroxide to dangerous levels. In high doses that can be fatal. The only reason it was stopped in time, is because a tech was watching it in real time and able to fix it.

https://www-cshub-com.cdn.ampproject.org/c/s/www.cshub.com/attacks/articles/iotw-a-thwarted-poisoning-attempt-in-a-small-florida-county-serves-as-a-warning-to-municipalities-across-the-country/amp

Another site noted it was a small company, unable to afford the elaborate IT systems that could have protected them.

I guess when it comes, it wont be a thing like air traffic control centres, it will probably be something that we hadnt seriously considered before, or even thought could be hacked, such as altering the ratio of drugs in a vaccine factory (I do idly wonder how seriously India takes it IT security, and they are big producers for us). Even if its not harmful, the lack of a working drug probably isnt.

The more and more we put important systems online, its inevitable at some point there is going to be substantial loss of life at some point, whether its at the hands of nation state or terrorists. Yes, randsomware is far more likely currently. But to my mind, its kind of like comparing the small scale raids on London in 1915 by Zeppelin to Dresden. It shows potential, whether its latent or not, whether its immediately exploited or not.

How sustainable is an attack like that? Well you and Ryan would know better, I would guess its probably a one shot deal. But America only needed to Atom bomb Japan twice, so it all comes down to what strategic effects you are trying to achieve.

[bojan]

1 hour ago, Stuart Galbraith said:

Another site noted it was a small company, unable to afford the elaborate IT systems that could have protected them.

Everyone can afford control computers disconnected from network. They just don't want it because "greed is good".

Edited August 17, 2021 by bojan

[Stuart Galbraith]

Probably cheaper to have decentralized IT specialists on speed dial I guess.

[rmgill]

Phone switching is more dependent upon computer systems than ever. One of the things I keep having to thump people about at work is a POTS line for our call center for technical issues. If our PBX takes a dump, the call center will be unable to be reached. Sure the staff have cell phones but we all don't know the cell number of the random staffer who happens to be on line. Having a go to hell phone number is useful. 

Naturally I called it the Bat Phone.
 

 

Edited August 17, 2021 by rmgill

[Stuart Galbraith]