It's not a matter of IT systems but a matter of CURRENT IT systems, who happen to be connected on public network even when there are not much reasons to do so, who happen to be full of proprietary crapware developed in awful ways nobody knows really how anything works etc.
Let's play a game: how many time we will need to see ALL cars of a certain brand bricked by a bad OTA upgrade or a deliberate attack? It's a matter of IT/cracking OR a matter of current commercial-drive bad IT evolution?
Try to read a bit about recent famous aqueduct sabotages like
and so on. It's really a matter of hacking and cracking? Honestly my own personal answer is no. It's a matter of widespread ignorance and business practice.
Compared with some of the pre-war predictions, the visible effects of Russian cyber-campaigns have been somewhat underwhelming. E.g. the Ukrainian power grid remained largely online until the Russians started to launch physical attacks on the infrastructure. Perhaps they've already squandered their best assets (e.g. zero-days) or are keeping them for later / other enemies.
They likely have used their good cyber weapons already and are now less useful than suicide drones and cruise missiles.
Knock out a grid with cyber, ok the enemy is prepared and can do a hard reset. Power loss of a few minutes, hours at most. Then that attack vector is gone as cyber defenses are put in place.
Blow up a substation, you have bigger problems. Power loss for several hours or days.
Russia can still do “low tech” cyber attacks like DDoS, but this war is making a case for cyber weapons being more useful during pseudo-peacetime clandestine espionage than a consistently equivalent tool to bullets and bombs.
Yes, exactly. The Ukrainian energy grid has already experienced Russian cyber attacks (e.g. in 2015) so will have had time to prepare. Cyber defence is a standard element in energy company training, alongside Carrington events and other 'fun' scenarios.
IIRC Ukraine suffered pretty badly from notpetya as they were the primary target. It is possible that event caused the country to take steps to protect against similar attacks.
I worked triage ops for a private bug bounty platform when the war kicked off. We immediately embargoed all of our Russian researchers. Most of them were doing really excellent work for us and were very talented, top contributors to a number of programs. I suppose the look of "paying Russians" was just too unpalatable for our leadership.
Said researchers are active on Twitter and have since turned to openly posting about cybercrime. Sad turn of events all done in the name of "Ukraine good".
One of the more interesting take-home lessons is that low-tech systems are a good passive defense against high-tech cyberattacks (aka, 'going autistic'). From the linked Nov 30 Economist article, "Lessons From Russia's Cyber-War in Ukraine":
> "Ukrainian resilience was helped, paradoxically, by the primitive nature of many of its industrial-control systems—inherited from Soviet days and not yet upgraded. When, for example, Industroyer hit electrical substations in Kyiv in 2016, engineers were able to reset systems with manual overrides within a few hours."
However, that article also makes an unsubstantiated claim:
> "The sabotage of the Nord Stream 1 and 2 pipelines in September, and missile attacks on Ukraine’s power grid, suggest that the Kremlin’s appetite for risk is growing."
It seems fairly obvious that Russia had little to gain from blowing up its own gas pipelines to Europe, while Britain and the USA viewed that as 'a great opportunity' (Blinken) for replacing Russian pipeline gas with tanker LNG. The Swedish/Danish investigation is apparently ongoing, Germany has classified everything, but the goals of the overall economic battle should be obvious: it's all about who gets access to the European energy market.
Incidentally, the terms 'black, grey, white' are also used to describe propaganda tactics as used in psychological warfare operations:
> "White propaganda: The information is truthful and only moderately biased. The source of the information is cited."
> "Grey propaganda: The information is mostly truthful and contains no information that can be disproven. However, no sources are cited."
> "Black propaganda: Literally “fake news,” the information is false or deceitful and is attributed to sources not responsible for its creation."
Almost all of the news we see today, on essentially all important topics, falls into one of the above categories (with social media posts having the most actual 'fake news' content).
Russia has an interest in sowing energy chaos amongst European countries. When dealing with a personalist dictatorship one has to take into account the state of mind and beliefs of one person and such a thing can be erratic and irrational. One should also take into account rogue elements within the regime. Perhaps oligarchs are vying for power by sabotaging other oligarchs who are also vying for power.
>Russia has an interest in sowing energy chaos amongst European countries.
There was as much energy chaos before as there was after.
The presence of a stopped pipeline simply meant that there was an off switch on the energy chaos in Germany that could be flipped - presumably a switch that comes with Russian strings attached.
Somebody was pretty desperate to remove that off switch from Germany's hands.
It's also a switch that, if flipped, would render a multibillion dollar investment in LNG port capacity instantaneously worthless.
I don’t know all the nuances of the deal between Germany and Russia and I suspect neither do you. Is it plausible that a NATO country wanted to blow it up? Yes. It is also plausible that Putin or some faction within his government wanted it blown up. We who are not in the intelligence services don’t have enough information.
"It seems fairly obvious that Russia had little to gain from blowing up its own gas pipelines to Europe"
The best argument I heard is, that russia has a long term legal binding contract with germany to deliver cheap gas. Not delivering means more economical damage in the shape as absurd as this whole charade sounds.
So blowing it up means not being legally responsible for not fulfilling the contract.
Did they do it?
I don't know. What I do know, is that so far the investigation is not really transparent and I have not seen clear proof of anything, except that it was a really big explosive.
“It seems fairly obvious that Russia had little to gain from blowing up its own gas pipelines to Europe, ”
This isn’t a great argument because they have little to gain from the war at all (outside of a few of the elites). Ergo, from a distance it appears Russia is irrational unless you consider that Putin et al. only care about surviving and being extremely wealthy.
In the latter case, there is therefore a possibility that Putin would want to destroy Nord Stream to prevent possible opponents from having an out to help Europe were they to get support to overthrow Putin internally.
It's a Ghost In The Shell reference... a characteristic of autistic behavior is disconnection from other people, not paying attention and so on, so if you disconnect a power plant's control system from Internet, it's not vulnerable to being attacked over the Internet (which raises other problems, like how do you ramp power production up or down to meet varying demand, etc.).
My immediate thought is that "going autistic" could also be seen as insulating yourself from common social engineering attacks.
A straight male is fairly easily exploited by an attractive female fluttering her eyelashes at him. Autistic mode could be seen as a defense against this kind of attack, by being oblivious to the flirting and missing the sexual signalling completely.
One could even argue that social values like enforced monogamy and the taboo of adultery simulate this "autistic" behavior in neurotypical individuals. These moral values could have been naturally selected for in cultural evolution to protect social groups from infiltration from malicious outsiders.
https://archive.ph/1QeZ7
It's not a matter of IT systems but a matter of CURRENT IT systems, who happen to be connected on public network even when there are not much reasons to do so, who happen to be full of proprietary crapware developed in awful ways nobody knows really how anything works etc.
Let's play a game: how many time we will need to see ALL cars of a certain brand bricked by a bad OTA upgrade or a deliberate attack? It's a matter of IT/cracking OR a matter of current commercial-drive bad IT evolution?
Try to read a bit about recent famous aqueduct sabotages like
https://www.bleepingcomputer.com/news/security/us-government...
https://www.bleepingcomputer.com/news/security/hackers-undet...
https://arstechnica.com/?p=1765767
and so on. It's really a matter of hacking and cracking? Honestly my own personal answer is no. It's a matter of widespread ignorance and business practice.
Compared with some of the pre-war predictions, the visible effects of Russian cyber-campaigns have been somewhat underwhelming. E.g. the Ukrainian power grid remained largely online until the Russians started to launch physical attacks on the infrastructure. Perhaps they've already squandered their best assets (e.g. zero-days) or are keeping them for later / other enemies.
They likely have used their good cyber weapons already and are now less useful than suicide drones and cruise missiles.
Knock out a grid with cyber, ok the enemy is prepared and can do a hard reset. Power loss of a few minutes, hours at most. Then that attack vector is gone as cyber defenses are put in place.
Blow up a substation, you have bigger problems. Power loss for several hours or days.
Russia can still do “low tech” cyber attacks like DDoS, but this war is making a case for cyber weapons being more useful during pseudo-peacetime clandestine espionage than a consistently equivalent tool to bullets and bombs.
Yes, exactly. The Ukrainian energy grid has already experienced Russian cyber attacks (e.g. in 2015) so will have had time to prepare. Cyber defence is a standard element in energy company training, alongside Carrington events and other 'fun' scenarios.
IIRC Ukraine suffered pretty badly from notpetya as they were the primary target. It is possible that event caused the country to take steps to protect against similar attacks.
I worked triage ops for a private bug bounty platform when the war kicked off. We immediately embargoed all of our Russian researchers. Most of them were doing really excellent work for us and were very talented, top contributors to a number of programs. I suppose the look of "paying Russians" was just too unpalatable for our leadership.
Said researchers are active on Twitter and have since turned to openly posting about cybercrime. Sad turn of events all done in the name of "Ukraine good".
>all done in the name of "Ukraine good"
It's more "Russia bad" than "Ukraine good", and that seems fair.
One of the more interesting take-home lessons is that low-tech systems are a good passive defense against high-tech cyberattacks (aka, 'going autistic'). From the linked Nov 30 Economist article, "Lessons From Russia's Cyber-War in Ukraine":
https://archive.ph/MJP0J
> "Ukrainian resilience was helped, paradoxically, by the primitive nature of many of its industrial-control systems—inherited from Soviet days and not yet upgraded. When, for example, Industroyer hit electrical substations in Kyiv in 2016, engineers were able to reset systems with manual overrides within a few hours."
However, that article also makes an unsubstantiated claim:
> "The sabotage of the Nord Stream 1 and 2 pipelines in September, and missile attacks on Ukraine’s power grid, suggest that the Kremlin’s appetite for risk is growing."
It seems fairly obvious that Russia had little to gain from blowing up its own gas pipelines to Europe, while Britain and the USA viewed that as 'a great opportunity' (Blinken) for replacing Russian pipeline gas with tanker LNG. The Swedish/Danish investigation is apparently ongoing, Germany has classified everything, but the goals of the overall economic battle should be obvious: it's all about who gets access to the European energy market.
Incidentally, the terms 'black, grey, white' are also used to describe propaganda tactics as used in psychological warfare operations:
> "White propaganda: The information is truthful and only moderately biased. The source of the information is cited."
> "Grey propaganda: The information is mostly truthful and contains no information that can be disproven. However, no sources are cited."
> "Black propaganda: Literally “fake news,” the information is false or deceitful and is attributed to sources not responsible for its creation."
https://www.thoughtco.com/psychological-warfare-definition-4...
Almost all of the news we see today, on essentially all important topics, falls into one of the above categories (with social media posts having the most actual 'fake news' content).
Russia has an interest in sowing energy chaos amongst European countries. When dealing with a personalist dictatorship one has to take into account the state of mind and beliefs of one person and such a thing can be erratic and irrational. One should also take into account rogue elements within the regime. Perhaps oligarchs are vying for power by sabotaging other oligarchs who are also vying for power.
>Russia has an interest in sowing energy chaos amongst European countries.
There was as much energy chaos before as there was after.
The presence of a stopped pipeline simply meant that there was an off switch on the energy chaos in Germany that could be flipped - presumably a switch that comes with Russian strings attached.
Somebody was pretty desperate to remove that off switch from Germany's hands.
It's also a switch that, if flipped, would render a multibillion dollar investment in LNG port capacity instantaneously worthless.
I don’t know all the nuances of the deal between Germany and Russia and I suspect neither do you. Is it plausible that a NATO country wanted to blow it up? Yes. It is also plausible that Putin or some faction within his government wanted it blown up. We who are not in the intelligence services don’t have enough information.
It is not plausible.
You lack in imagination then.
"It seems fairly obvious that Russia had little to gain from blowing up its own gas pipelines to Europe"
The best argument I heard is, that russia has a long term legal binding contract with germany to deliver cheap gas. Not delivering means more economical damage in the shape as absurd as this whole charade sounds.
So blowing it up means not being legally responsible for not fulfilling the contract.
Did they do it?
I don't know. What I do know, is that so far the investigation is not really transparent and I have not seen clear proof of anything, except that it was a really big explosive.
They already had and were using a legal pretext for not delivering the gas.
Yes, that they had to repair something broken. Or was there something else?
“It seems fairly obvious that Russia had little to gain from blowing up its own gas pipelines to Europe, ”
This isn’t a great argument because they have little to gain from the war at all (outside of a few of the elites). Ergo, from a distance it appears Russia is irrational unless you consider that Putin et al. only care about surviving and being extremely wealthy.
In the latter case, there is therefore a possibility that Putin would want to destroy Nord Stream to prevent possible opponents from having an out to help Europe were they to get support to overthrow Putin internally.
What do you mean by 'going autistic'?
It's a Ghost In The Shell reference... a characteristic of autistic behavior is disconnection from other people, not paying attention and so on, so if you disconnect a power plant's control system from Internet, it's not vulnerable to being attacked over the Internet (which raises other problems, like how do you ramp power production up or down to meet varying demand, etc.).
My immediate thought is that "going autistic" could also be seen as insulating yourself from common social engineering attacks.
A straight male is fairly easily exploited by an attractive female fluttering her eyelashes at him. Autistic mode could be seen as a defense against this kind of attack, by being oblivious to the flirting and missing the sexual signalling completely.
One could even argue that social values like enforced monogamy and the taboo of adultery simulate this "autistic" behavior in neurotypical individuals. These moral values could have been naturally selected for in cultural evolution to protect social groups from infiltration from malicious outsiders.
It made me think of the show Ghost in the Shell: SOC, with the "autistic" firewall hacker orphans.
i assume they mean something along the lines of https://ghostintheshell.fandom.com/wiki/Autistic_mode
Black Hats: Free software developers & Dissidents. Grey Hats: Ordinary people. White Hats: State actors & Mercenaries.
What?
Let's call it the 2022 definition for redpilled people. :+)
How cybercriminals have been affected by the war in Ukraine
https://www.economist.com/science-and-technology/2022/11/30/...
TL;DR: Black hats are concentrating more on destruction instead of ransoming data, on both Ukrainian and Russian sides.
Nothing about white hats, grey hats is in the article. Single example of black hat weaponization (Conti), without external reference.
(ChatGPT?)
The submitted title was "Black hats, white hats, grey hats" - we've changed it to the article title now.
Submitters: "Please use the original title, unless it is misleading or linkbait; don't editorialize." https://news.ycombinator.com/newsguidelines.html
(Sometimes the publications change their own titles, in which case of course the submitter is not at fault.)