One thing I'd guaranteed- it's not china. China is very well adept at paying newspapers and tv firms journalists as my friends from south asia tell me and that is a much cleaner approach.
We don't know that it's a nation state at all. Or that they were specifically targeting newspapers. So it seems a bit early to speculate on who it isn't.
I think it's more likely that some commonly-owned group of newspaper syndicate has been hit by a variety of cryptolocker taking out their windows XP/Vista/7/10 PCs, due to poor network security practices, than they've been maliciously attacked.
It sounded like they're making the assumption based on the type of malware used:
> “Ryuk” attacks are “highly targeted, well-resourced and
> planned,” according to an August advisory by the U.S.
> Department of Health and Human Services’ cybersecurity
> program. Victims are deliberately targeted and “only
> crucial assets and resources are infected in each targeted
> network.”
"well-resourced" I imagine shifts the probability towards the "state sponsored" direction, and they probably know more than they're sharing in the article.
I do agree that the headline seems inappropriately assertive of the attack being of foreign origin.
The NSA's logs will show exactly where it came from. I don't think they will let us know, as it could also be a False flag cyber attack to push a cyberwar against NK, Russia or Iran. A strategy that is so common these days.
> So common that there is not one reliably documented case of it ever happening.
Not exactly full of examples up to this very minute, but the history of false flag operations is long and well documented. I see no reason to think that it isn’t in the playbook for modern world powers.
But it's excessive to jump to that conclusion so early in situations like this without evidence that it's even a nation state or that it's not a foreign power if it is.
None of those are cyberattacks, which is what I was responding to. I'm not even a little interested in the debate about whether (for instance) Tonkin was a false flag.
> Why people continue to put such blind faith in government is beyond me.
This attitude seems really misanthropic to me. Government is people. Elected people here in the US. Yeah, there have been mistakes and there will continue to be mistakes, but this "burn it all down" response to that fact of reality isn't going to make anything better.
Just last week even the NYT [1] acknowledged a Russian false flag used for political purposes. In Roy Moore's election his opponent funded a campaign that did things such as create thousands of fake 'Russian linked' social media accounts, and then fed this 'Russian connection' to media sites, who dutifully then ran conspiracy stories against Moore. E.g. - this [2] Mother Jones article entitled, "Russian Propagandists Are Pushing for Roy Moore to Win". Roy Moore ended up losing by 2%.
And to be clear this post is in no way an advocacy for Roy Moore, but's just a great extremely recent example of an unfortunately common practice that was exposed.
The USA has a long history of using Russia as the bogyman for its own internal/national agenda. A good question to always ask is: "cui bono".
Regarding the many allegations that have been made against Russia over the years, there is a good chance that many of those have been falsified or even been made up. Particularly noteworthy is when these allegations against Russia were starting to excessively grow in number and severity. It was when Russia started to actively/openly oppose and counter the USA's plans in the Middle East, particularly in Syria. It was around the same time when American financial "advisers" and "businessmen", who have been at least instrumental in the "privatization" of Russia's state properties after the collapse of the USSR, were losing their influence (and profits) in Russia. This happened (in part) because many Russian oligarchs were given a choice by the Russian state (/Putin) to either cut their ties with their American associates and be left mostly untouched, or face persecution. Not long after this, the allegations against Russia started to snowball, with several of these American "businessmen" apparently playing key roles in them (but mostly hidden from public view).
Of course, none of that proves or disproved any of the allegations made against Russia. But the timing of it all remains a peculiar coincidence at best. In the absence of hard and verifiable evidence regarding most of the allegations, it is possible that the majority of these allegations are nothing but bogyman stories, serving only the foul play withing US politics itself. I do not claim that it is, just that it is very well possible.
Dismissing someone as a possible Russian agent has to be the laziest response to ever have become a meme online. Such paranoia prevents good-faith engagement over reconcilable differences of perspective while simultaneously allowing us to dismiss core ideological conflicts as being the result of deliberate misinformation campaigns.
We live in an adversarial information environment, and in order to develop a realistic understanding of the world around us, we must be willing to begin with an assumption of good-faith, while not being naive enough to take every claim on its face.
I believe they're tinfoiling.
Nevertheless, false-flag operations represent a valid strategy that does not necessarily have to be attached to apocalyptic stakes, the government, or even cartoonishly shadowy cabals.
Too many people too readily accuse inconvenient events or perspectives as malicious. I don't believe this was a false-flag attack.
False-flag ops do exist, though we don't know exactly how common they are. The NYT recently ran a piece on a false-flag operation that was ran recently.
This story is so bizarre. Despite the article being 20+ paragraphs, there are hardly any details. It lists a handful of newspapers spread across the country and just says they were delayed. Could it be any more vague? The most concrete detail provided is that the attack "disrupted a shared production platform" that apparently made it hard for the printing presses to work - but what does that mean? Disrupted how? What was the shared platform? Was it targeted at multiple newspapers, or was this an attack on a single platform that just happens to be used by all of these newspapers?
Then, in regards to the origin of the attack, the only detail provided is this single line:
> The source identified the attacker only as a “foreign entity.”
That's it. There is absolutely no other information given about the origin of the attack. And yet it's in the story headline? Talk about fear mongering.
They also either didn't report, or even more confusing, don't know if the attack was reported to the FBI.
And just to make it even more bizarre, this entire article is written by LA Times staff and posted on the LA Times website, and then talks about the LA Times (one of the affected newspapers) as if they have no idea how the LA Times was affected. Shouldn't they have a lot more information?
Overall, this article seems to be written by someone who has very little information about the incident(s), and very little knowledge about technology. It also reeks of knee-jerk "omfg hackers!1!". In reality, based on the few details that are available, it sounds to me like they just got hit by some boring ransomware virus. It likely wasn't even targeted.
I too, am leery of accepting this incident as a deliberate attack.
The Chicago Tribune wrote a less hyperbolic article, indicating that they were forced to print a stripped down version of their paper[0].
An NBC reporter reached out to Tribune for comment, which seems to shed more light on the nature of the problem. [1]
>The computer malware was detected Friday and “impacted some back-office systems which are primarily used to publish and produce newspapers across our properties,” said Marisa Kollias, Tribune communications vice president, in a statement.
At this point I don't see any reason to believe that a copy formatter (I don't know the industry term) didn't just happen to be looking at porn during their break, and accidentally clicked the wrong link.
The LATime's treatment of the event is lazy and, I suspect, quite misleading.
> The most concrete detail provided is that the attack "disrupted a shared production platform" that apparently made it hard for the printing presses to work - but what does that mean? Disrupted how? What was the shared platform? Was it targeted at multiple newspapers, or was this an attack on a single platform that just happens to be used by all of these newspapers?
A "production platform" in the context of a newspaper means the systems used to produce the newspaper. This can be anything from laying out pages and editing stories to making plates for the press.
(This is not a great thing to get pwned because it's not implausible for it to contain unpublished stories or confidential source material.)
> All papers within The Times’ former parent company, Tribune Publishing, experienced glitches with the production of papers. Tribune Publishing sold The Times and the San Diego Union-Tribune to Los Angeles businessman Dr. Patrick Soon-Shiong in June, but the companies continue to share various systems, including software.
So this sounds like an internal Tribune problem that also affected some of their former papers that still use their systems, including the LA Times.
> It also stymied distribution of the West Coast editions of the Wall Street Journal and New York Times, which are all printed at the Los Angeles Times’ Olympic printing plant in downtown Los Angeles.
Apparently the WSJ and NYT contract out some of their printing to the LA Times, and since the LA Times' (i.e. Tribune's) production system was down, they couldn't do the contract printing either.
This part is funny:
> “We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” said the source, who spoke on the condition of anonymity because he was not authorized to comment publicly.
It sounds like they asked one of their IT staff what happened (or maybe one at Tribune) and got an off-the-record answer because IT isn't allowed to "talk to the press" even when they work for a newspaper.
Then they published it before corporate PR finished deciding what to tell them because deadlines don't wait for PR departments.
What was the shared platform? Was it targeted at multiple newspapers, or was this an attack on a single platform that just happens to be used by all of these newspapers?
At one time all of these newspapers were owned by The Tribune Company in Chicago. Most still are. During the time they were one company, they operated off of a central publishing platform. When’s few of the newspapers were sold, they remained part of that platform.
“Platform” is a word used in a different sense than in the tech industry. At the production level, news organizations do not operate with Microsoft Word and Adobe Illustrator and other common software. They use specialized software that is tailor made for the industry, and sometimes for the individual organization. Companies from the AP to Sony and a bunch you’ve probably never heard of make these massive pieces of software that tie together news production computers with printing pressed, massive digital media archives, and dozens, if not hundreds, of different types of machines.
If you read the article more closely, you will see the specific type of ransomware that is believed to be used in this attack, and why this is believed to be the cause of the disruption.
As for all the secrecy, sadly that is par for the course in the media industry, and doubly so for what is now Tribune Publishing.
"Outside the US" is such a weird thing. I regularly VPN out through [insert random country] and then poke at "interesting" websites over Tor. Were am I coming from? It's almost impossible to tell, and for 99.999% of all orgs (including government ones), it basically is impossible.
Venn's diagram between people who can achieve this supposed attack and people dumb enough to use their own IP (or any IP from their own country) is blank.
38 comments
[ 3.8 ms ] story [ 77.6 ms ] threadLet's go in with Occam's Razor: RLY? No.
Theory: We don't have useful backups and suffered a IT meltdown. Soz.
I do agree that the headline seems inappropriately assertive of the attack being of foreign origin.
Not exactly full of examples up to this very minute, but the history of false flag operations is long and well documented. I see no reason to think that it isn’t in the playbook for modern world powers.
https://en.wikipedia.org/wiki/False_flag
> Hyperbolic statement to push a narrative
> "Please back that statement up"
> Silence, or "Not exactly full of examples up to this very minute"
https://en.m.wikipedia.org/wiki/Gulf_of_Tonkin_incident
https://en.m.wikipedia.org/wiki/Operation_Washtub_(Nicaragua...
Why people continue to put such blind faith in government is beyond me.
This attitude seems really misanthropic to me. Government is people. Elected people here in the US. Yeah, there have been mistakes and there will continue to be mistakes, but this "burn it all down" response to that fact of reality isn't going to make anything better.
And to be clear this post is in no way an advocacy for Roy Moore, but's just a great extremely recent example of an unfortunately common practice that was exposed.
[1] - https://www.nytimes.com/2018/12/19/us/alabama-senate-roy-jon...
[2] - https://www.motherjones.com/politics/2017/12/russian-propaga...
Regarding the many allegations that have been made against Russia over the years, there is a good chance that many of those have been falsified or even been made up. Particularly noteworthy is when these allegations against Russia were starting to excessively grow in number and severity. It was when Russia started to actively/openly oppose and counter the USA's plans in the Middle East, particularly in Syria. It was around the same time when American financial "advisers" and "businessmen", who have been at least instrumental in the "privatization" of Russia's state properties after the collapse of the USSR, were losing their influence (and profits) in Russia. This happened (in part) because many Russian oligarchs were given a choice by the Russian state (/Putin) to either cut their ties with their American associates and be left mostly untouched, or face persecution. Not long after this, the allegations against Russia started to snowball, with several of these American "businessmen" apparently playing key roles in them (but mostly hidden from public view).
Of course, none of that proves or disproved any of the allegations made against Russia. But the timing of it all remains a peculiar coincidence at best. In the absence of hard and verifiable evidence regarding most of the allegations, it is possible that the majority of these allegations are nothing but bogyman stories, serving only the foul play withing US politics itself. I do not claim that it is, just that it is very well possible.
Yes, just this last month there have been multiple false flags which led to cyberwars. /s
Are you a tinfoil, or a Russian?
We live in an adversarial information environment, and in order to develop a realistic understanding of the world around us, we must be willing to begin with an assumption of good-faith, while not being naive enough to take every claim on its face.
I believe they're tinfoiling.
Nevertheless, false-flag operations represent a valid strategy that does not necessarily have to be attached to apocalyptic stakes, the government, or even cartoonishly shadowy cabals.
Too many people too readily accuse inconvenient events or perspectives as malicious. I don't believe this was a false-flag attack.
False-flag ops do exist, though we don't know exactly how common they are. The NYT recently ran a piece on a false-flag operation that was ran recently.
https://www.nytimes.com/2018/12/19/us/alabama-senate-roy-jon...
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future.
https://news.ycombinator.com/newsguidelines.html.
Then, in regards to the origin of the attack, the only detail provided is this single line:
> The source identified the attacker only as a “foreign entity.”
That's it. There is absolutely no other information given about the origin of the attack. And yet it's in the story headline? Talk about fear mongering.
They also either didn't report, or even more confusing, don't know if the attack was reported to the FBI.
And just to make it even more bizarre, this entire article is written by LA Times staff and posted on the LA Times website, and then talks about the LA Times (one of the affected newspapers) as if they have no idea how the LA Times was affected. Shouldn't they have a lot more information?
Overall, this article seems to be written by someone who has very little information about the incident(s), and very little knowledge about technology. It also reeks of knee-jerk "omfg hackers!1!". In reality, based on the few details that are available, it sounds to me like they just got hit by some boring ransomware virus. It likely wasn't even targeted.
The Chicago Tribune wrote a less hyperbolic article, indicating that they were forced to print a stripped down version of their paper[0].
An NBC reporter reached out to Tribune for comment, which seems to shed more light on the nature of the problem. [1]
>The computer malware was detected Friday and “impacted some back-office systems which are primarily used to publish and produce newspapers across our properties,” said Marisa Kollias, Tribune communications vice president, in a statement.
At this point I don't see any reason to believe that a copy formatter (I don't know the industry term) didn't just happen to be looking at porn during their break, and accidentally clicked the wrong link.
The LATime's treatment of the event is lazy and, I suspect, quite misleading.
[0]https://www.chicagotribune.com/business/ct-biz-computer-viru...
[1]https://www.nbcnews.com/news/us-news/computer-virus-hits-sou...
A "production platform" in the context of a newspaper means the systems used to produce the newspaper. This can be anything from laying out pages and editing stories to making plates for the press.
(This is not a great thing to get pwned because it's not implausible for it to contain unpublished stories or confidential source material.)
> All papers within The Times’ former parent company, Tribune Publishing, experienced glitches with the production of papers. Tribune Publishing sold The Times and the San Diego Union-Tribune to Los Angeles businessman Dr. Patrick Soon-Shiong in June, but the companies continue to share various systems, including software.
So this sounds like an internal Tribune problem that also affected some of their former papers that still use their systems, including the LA Times.
> It also stymied distribution of the West Coast editions of the Wall Street Journal and New York Times, which are all printed at the Los Angeles Times’ Olympic printing plant in downtown Los Angeles.
Apparently the WSJ and NYT contract out some of their printing to the LA Times, and since the LA Times' (i.e. Tribune's) production system was down, they couldn't do the contract printing either.
This part is funny:
> “We believe the intention of the attack was to disable infrastructure, more specifically servers, as opposed to looking to steal information,” said the source, who spoke on the condition of anonymity because he was not authorized to comment publicly.
It sounds like they asked one of their IT staff what happened (or maybe one at Tribune) and got an off-the-record answer because IT isn't allowed to "talk to the press" even when they work for a newspaper.
Then they published it before corporate PR finished deciding what to tell them because deadlines don't wait for PR departments.
It is kind of funny to see this happen under one roof, though...
At one time all of these newspapers were owned by The Tribune Company in Chicago. Most still are. During the time they were one company, they operated off of a central publishing platform. When’s few of the newspapers were sold, they remained part of that platform.
“Platform” is a word used in a different sense than in the tech industry. At the production level, news organizations do not operate with Microsoft Word and Adobe Illustrator and other common software. They use specialized software that is tailor made for the industry, and sometimes for the individual organization. Companies from the AP to Sony and a bunch you’ve probably never heard of make these massive pieces of software that tie together news production computers with printing pressed, massive digital media archives, and dozens, if not hundreds, of different types of machines.
If you read the article more closely, you will see the specific type of ransomware that is believed to be used in this attack, and why this is believed to be the cause of the disruption.
As for all the secrecy, sadly that is par for the course in the media industry, and doubly so for what is now Tribune Publishing.