Ask HN: Why is there so little debate about the attack on Vodafone Portugal?

140 points by oger ↗ HN
Last week Vodafone Portugal saw a cyberattack bringing down its mobile network. It seems it took quite some effort to bring the network up again. There was next to no debate here on HN which is frankly quite surprising. Does anyone have more information what exactly happened? (https://www.vodafone.pt/press-releases/2022/2/vodafone-portugal-alvo-de-ciberataque.html)

41 comments

[ 2.9 ms ] story [ 81.8 ms ] thread
(comment deleted)
What do you want to debate?
I think "debate" is a poisoned word because it suggests there is a battle between two different positions.

If English isn't your native language you can be excused for not knowing the precise meaning of similar words, but on the other hand Hacker News is under current assault from people who want to drive away discussion on anything other than "debates" about vaccination, cancel culture, the role of women in society and similar topics.

I think the OP wants to have a "discussion" and my contribution to that is that this is the first I heard there was any trouble with mobile phones in Portugal and the best way to build consciousness of this is not even to have a "discussion" (lots of people are just going to roll their eyes at this) but rather post an article about it, wait for the article to drop to the bottom of the "new" page, post another article, and probably one will hit.

(e.g. it doesn't help that Portugese is a somewhat obscure language but I had no trouble reading the press release that you linked to even though I am just a little bit self-taught in Spanish.)

Yeah, discussion is the word they're looking for, and the reality is that since HN is an English website, it's unlikely to notice something happening in a non-English country unless it's really explosive or gets reported in English somewhere.

Even with AWS - us-east-1 goes down and it's top of the HN, but if af-south-1 eats it it might not even register.

OP's question smells like "Why isn't mainstream media talking about this" and whenever someone asks that, I always wonder if they ask that question because they think "MSM is being controlled by the elite and is censoring discussion!", which makes me wary of engaging any discussion with them.

Then again, hello to Sinclair Media and Rupert Murdoch!

> the role of women in society

Articles on this, especially relating to the role of women in tech, get flagged off the front page in minutes.

I see the issue in the articles that get flagged is a confusion between the personal and the political.

Frequently the story is that a person received a relatively minor slight and then, in reacting to it, had something worse happen, fought more, had more trouble, fought more, etc. They don't come to the conclusion that they got caught in one of these

https://en.wikipedia.org/wiki/Chinese_finger_trap

or that "always having to have the last word" leads to a bad outcome but rather that the deck is stacked against them.

One story with this structure was that a women went to a tech conference on the west coast and encountered some stupid guy who made a boob joke right out of The Big Bang Theory. The woman tweeted about it and created a firestorm that resulted in both the man and woman getting fired.

Incel BS gets flagged too.

I guess it’s unclear why Portugal is being targeted. Ukraine, that one is clear. But Portugal?
Probably to challenge the country's dominance in dessert wine.
French hackers you say?
It's just an internet exposed network, people target those all the time anywhere.

Just because it is critical infrastructure doesn't mean its a geopolitical thing.

How much of the discussion happened in languages other than Portuguese? This definitely seems like an interesting event but this is the first time I've heard of it. I would definitely encourage sharing more details if anyone has them.
Content translated to English by a robot:

Vodafone Portugal target of cyberattack

Vodafone was the target of a disruption in its network, which began on the night of February 7, 2022 due to a deliberate and malicious cyberattack in order to cause damage and disturbance. As soon as the first signal of a problem on the network was detected, Vodafone acted immediately to identify and contain the effects and restore the services.

This situation is affecting the provision of services based on data networks, namely 4G/5G network, fixed voice services, television, SMS and voice/digital service. We have already recovered mobile voice services and mobile data services are available exclusively on the 3G network almost throughout the country but, unfortunately, the size and severity of the criminal act to which we have been subjected implies for all other services a careful and prolonged recovery work involving multiple national, international teams and external partners. This recovery will happen progressively throughout Tuesday.

Although the in-depth investigation of the criminal act to which we have been subjected will last indefinitely and with the involvement of the competent authorities, we have no evidence to date that Customer data has been accessed and/or compromised. Vodafone remains absolutely determined to restore the normality of services in the shortest possible time and deeply regrets the inconvenience caused to our Customers.

We have at Vodafone Portugal and the Group an experienced team of cybersecurity professionals who, together with the competent authorities, are conducting an in-depth investigation to understand and overcome the situation. We will update information about the status of service as the situation progresses.

> Content translated to English by a robot

That’s a pretty darn good translation!

[inserts appropriate Jennings jeopardy quote]

Sounds like their EPC/packet core was compromised pretty seriously.

Ars article: https://arstechnica.com/information-technology/2022/02/vodaf...

"Vaz said the company hadn't received any ransom demand that would indicate it was hit by a ransomware attack. The CEO also said he had no indications the attackers had accessed subscriber information or other sensitive data."

Yet at the same time - "The attack comes a month after the websites of two of Portugal's biggest news outlets—Impresa and later COFINA—were hacked by a ransomware group calling itself Lapsus$."

As to why there's been no discussion, it seems like there just isn't much information to discuss at the moment. Vodafone Portugal's in damage-control mode, they don't want to say more than they have to, and what's been said is in Portuguese.

OP - are you in Portugal? Desculpe if so! I imagine this is a big deal in-country.

I'm portuguese, and this subject was in the news for some days. It was followed by the news outlets like you've said, but still, both events are quite rare to be mentioned in the media.

For example, four or five years ago there were some ransomware attacks but it never reached the media.

What's more troublesome about Vodafone attack was that it affected some emergency services, and hospitals, that used Vodafone for communications -> this is what is being deemed as secondary to international news.

Was this just colateral damage from a random attack to Vodafone? Or was Vodafone attacked because they knew some emergency services were dependent on Vodafone?

Where is the line that separates an attack to emergency services/hospitals, which shouldn't be taken lightly, from a regular attack to a big company that happens to provide services to key operations in a country? Was it a criminal offense, or a terrorist attack?

All of this could be a coincidence of course, but due to the range and the damage of the attack, this must be investigated and it's a big deal to Portugal.

I don't think there were any deaths directly related to this attack, especially because those emergency services were quick to switch to other communication solutions, but the headlines could be flipped around:

Portuguese Emergency Services were disrupted after cyberattack to Vodafone Portugal.

Ransomware attacks are often hushed up. I understand why this is done but the danger here is that they're a lot more common than the public is aware of and nothing much is done about it because there isn't enough political pressure.
> Sounds like their EPC/packet core was compromised pretty seriously.

Given the issues affected fixed voice, TV, and value added services like voicemail, I wonder if it was upstream of the EPC in the OSS/BSS environment like the customer database?

An issue in the EPC wouldn't usually take out fixed line voice and digital TV services. Maybe a single point of failure in their enabling IT?

Oh, I missed the TV etc. impact - risk of idle speculation, I suppose. Yeah, OSS/BSS or enabling IT seems more likely, though I'm struggling to understand how a fallback to 3G would fix that. Supposedly customer information wasn't compromised.

One can hope that Vodafone will provide a decent external postmortem given the impact to Portuguese emergency services etc.

Doesn't seem like it'd be a nation-state. They usually try to stay quiet and out of the news so they wouldn't disrupt services.

Might be some ransomware operators or malicious parties trying to extort them.

> Doesn't seem like it'd be a nation-state. They usually try to stay quiet and out of the news so they wouldn't disrupt services.

I agree that that sounds like a goal such an actor would have, but one would assume that they can also occasionally butterfinger something? I'm not saying that it was an APT, what I'm saying is that we can't conclude that it wasn't from the fact that the network went down.

Do they? What about Ukraine outages?
In the case of Ukraine/Russia, they certainly set out with the goal of disruption.

Hate em or like em, there is no denying that Russia has some awesome cyber capabilities.

(comment deleted)
Practice round for bigger targets?
I wonder if we're desensitized too. The TMobile breach in 2021 was upwards of 100 million. Full SSN, date of birth, driver's licenses. It was discussed here but really not much outcry considering the size and quality of the data that was pilfered.

https://news.ycombinator.com/item?id=28223747

Is there a law in the U.S. requiring telecoms to collect such information? Yet there's no law requiring purge of old customer data, with affected people not having been customers in years.

Consumer-grade telecoms and ISPs are primarily marketing operations. They care more about “engagement” than actually making money selling their service at a profit.
For some reason, every comment that suggests that this is a Russian hack has a green glow.
A kid got arrested in Croatia on suspicious related claims.
A kid got arrested in Croatia on fishy related claims.
Maybe its Russia doing a warmup -- getting ready to take down essential services in Ukraine?
Let me guess, Vodafone outsourced network management to a cheaper location with underpaid and overworked staff? At the same time blames 'state actor'?
'Debate'? Maybe because nobody around here knows about it. Instead of a weird Ask HN -- you should share the news url to open up the discussion!
Because they shall take cybersecurity seriously. You can always make IT a cost center. But when your data is for sale on darknet is a bit late to wake up. Sorry, i forgot. It is not _your data_. It is your customer's data. And you don't care.