Ask HN: Why is there so little debate about the attack on Vodafone Portugal?
Last week Vodafone Portugal saw a cyberattack bringing down its mobile network. It seems it took quite some effort to bring the network up again. There was next to no debate here on HN which is frankly quite surprising. Does anyone have more information what exactly happened? (https://www.vodafone.pt/press-releases/2022/2/vodafone-portugal-alvo-de-ciberataque.html)
41 comments
[ 2.9 ms ] story [ 81.8 ms ] threadIf English isn't your native language you can be excused for not knowing the precise meaning of similar words, but on the other hand Hacker News is under current assault from people who want to drive away discussion on anything other than "debates" about vaccination, cancel culture, the role of women in society and similar topics.
I think the OP wants to have a "discussion" and my contribution to that is that this is the first I heard there was any trouble with mobile phones in Portugal and the best way to build consciousness of this is not even to have a "discussion" (lots of people are just going to roll their eyes at this) but rather post an article about it, wait for the article to drop to the bottom of the "new" page, post another article, and probably one will hit.
(e.g. it doesn't help that Portugese is a somewhat obscure language but I had no trouble reading the press release that you linked to even though I am just a little bit self-taught in Spanish.)
Even with AWS - us-east-1 goes down and it's top of the HN, but if af-south-1 eats it it might not even register.
Then again, hello to Sinclair Media and Rupert Murdoch!
Articles on this, especially relating to the role of women in tech, get flagged off the front page in minutes.
Frequently the story is that a person received a relatively minor slight and then, in reacting to it, had something worse happen, fought more, had more trouble, fought more, etc. They don't come to the conclusion that they got caught in one of these
https://en.wikipedia.org/wiki/Chinese_finger_trap
or that "always having to have the last word" leads to a bad outcome but rather that the deck is stacked against them.
One story with this structure was that a women went to a tech conference on the west coast and encountered some stupid guy who made a boob joke right out of The Big Bang Theory. The woman tweeted about it and created a firestorm that resulted in both the man and woman getting fired.
Incel BS gets flagged too.
Just because it is critical infrastructure doesn't mean its a geopolitical thing.
[0] - https://www.nato.int/cps/en/natohq/declassified_137725.htm
Vodafone Portugal target of cyberattack
Vodafone was the target of a disruption in its network, which began on the night of February 7, 2022 due to a deliberate and malicious cyberattack in order to cause damage and disturbance. As soon as the first signal of a problem on the network was detected, Vodafone acted immediately to identify and contain the effects and restore the services.
This situation is affecting the provision of services based on data networks, namely 4G/5G network, fixed voice services, television, SMS and voice/digital service. We have already recovered mobile voice services and mobile data services are available exclusively on the 3G network almost throughout the country but, unfortunately, the size and severity of the criminal act to which we have been subjected implies for all other services a careful and prolonged recovery work involving multiple national, international teams and external partners. This recovery will happen progressively throughout Tuesday.
Although the in-depth investigation of the criminal act to which we have been subjected will last indefinitely and with the involvement of the competent authorities, we have no evidence to date that Customer data has been accessed and/or compromised. Vodafone remains absolutely determined to restore the normality of services in the shortest possible time and deeply regrets the inconvenience caused to our Customers.
We have at Vodafone Portugal and the Group an experienced team of cybersecurity professionals who, together with the competent authorities, are conducting an in-depth investigation to understand and overcome the situation. We will update information about the status of service as the situation progresses.
That’s a pretty darn good translation!
[inserts appropriate Jennings jeopardy quote]
Ars article: https://arstechnica.com/information-technology/2022/02/vodaf...
"Vaz said the company hadn't received any ransom demand that would indicate it was hit by a ransomware attack. The CEO also said he had no indications the attackers had accessed subscriber information or other sensitive data."
Yet at the same time - "The attack comes a month after the websites of two of Portugal's biggest news outlets—Impresa and later COFINA—were hacked by a ransomware group calling itself Lapsus$."
As to why there's been no discussion, it seems like there just isn't much information to discuss at the moment. Vodafone Portugal's in damage-control mode, they don't want to say more than they have to, and what's been said is in Portuguese.
OP - are you in Portugal? Desculpe if so! I imagine this is a big deal in-country.
For example, four or five years ago there were some ransomware attacks but it never reached the media.
What's more troublesome about Vodafone attack was that it affected some emergency services, and hospitals, that used Vodafone for communications -> this is what is being deemed as secondary to international news.
Was this just colateral damage from a random attack to Vodafone? Or was Vodafone attacked because they knew some emergency services were dependent on Vodafone?
Where is the line that separates an attack to emergency services/hospitals, which shouldn't be taken lightly, from a regular attack to a big company that happens to provide services to key operations in a country? Was it a criminal offense, or a terrorist attack?
All of this could be a coincidence of course, but due to the range and the damage of the attack, this must be investigated and it's a big deal to Portugal.
I don't think there were any deaths directly related to this attack, especially because those emergency services were quick to switch to other communication solutions, but the headlines could be flipped around:
Portuguese Emergency Services were disrupted after cyberattack to Vodafone Portugal.
Given the issues affected fixed voice, TV, and value added services like voicemail, I wonder if it was upstream of the EPC in the OSS/BSS environment like the customer database?
An issue in the EPC wouldn't usually take out fixed line voice and digital TV services. Maybe a single point of failure in their enabling IT?
One can hope that Vodafone will provide a decent external postmortem given the impact to Portuguese emergency services etc.
Might be some ransomware operators or malicious parties trying to extort them.
I agree that that sounds like a goal such an actor would have, but one would assume that they can also occasionally butterfinger something? I'm not saying that it was an APT, what I'm saying is that we can't conclude that it wasn't from the fact that the network went down.
Hate em or like em, there is no denying that Russia has some awesome cyber capabilities.
https://news.ycombinator.com/item?id=28223747
Is there a law in the U.S. requiring telecoms to collect such information? Yet there's no law requiring purge of old customer data, with affected people not having been customers in years.
In what way, other than the fact that it would be convenient to the US feds?
[0] - https://github.com/minimaxir/hacker-news-undocumented#green-...
https://news.ycombinator.com/item?id=30284055
Hopefully soon. Until there are fatalities for acts of war against a country's infrastructure, they will continue.