We've been operating in a mode for probably the last 15 years where cyberattacks are simply not treated as acts of war - more like nuisances.
North Korea has been behind a ton of crypto hacks and thefts, and they're simply ignored. The Russians attacked Colonial Pipeline, and they're simply ignored. There's a list as long as my arm. For whatever reason we've decided cyberattacks are not war.
I agree it seems weird. I see two things diluting response:
1. A malicious actor is abusing the scenario, but everyone thinks "If it was set up properly in the first place that wouldn't have been possible." Victim blaming in a sense.
There was very little international reaction at the time, which probably emboldened the Russian takeover of eastern Ukraine. But now Dutch artillery is being shipped to the Ukranian army.
Treating cyberattacks as an act of war, would make it WAY too easy to set up war between two countries you don't like. Attribution can sometimes be very difficult. Thus, and probably this if for the best, we don't see cyberattacks treated as acts of war.
If they did enough damage in the physical world, it's possible they would be. But, since we had to read about these "hacks" in a news article about hacks rather than in, say, a news article about widespread blackouts in Germany, it does not appear that these did all that much damage. Problematic, for sure, but mostly at the nuisance level compared to, say, lobbing missiles or shooting people.
When I say I don't want my taxes going to send weapons to the Ukraine here, I am called an FSB stooge or what have you. Yet people pile in all day and talk about how it doesn't make sense to quickly switch to wind, solar, nuclear, hydro and other renewables, which in Europe and elsewhere means gas from Russia, and somehow no one raises the FSB flag. Maybe renewable supporters just don't have that idiotic knee-jerk reaction as much.
The funding coming on my back out of my labor and my taxes.
Is this the democracy which started when it forcibly overthrew the elected government, banned a number of political parties right after that, and which just banned the second largest political party recently? Some democracy.
>Is this the democracy which started when it forcibly overthrew the elected government
The "elected government" which restricted rights of speech and protests, ordered police to open fire on protesters killing more than 50 people, and then fled to Russia.
>and which just banned the second largest political party recently
The head of that political party is Victor Medvechuk, a close associate of Putin who proudly claimed that Putin is his daughter's godfather, who was charged with treason and put on house arrest a year ago for funneling money to the DPR / LPR whomst Ukraine has been at war with for 8 years, and was recently captured while attempting to flee the country in a stolen Ukrainian military uniform after escaping his house arrest.
And the point of it, for those that don't know, is to remove the last shreds of legitimacy from any BS referendums Russia might try to hold in occupied territor, in which a minor pro-Russian politician whose party had low-single-digit support in previous elections is suddenly "elected".
Not your taxes. Your compatriot’s tax money, collectively. I’m not aware of any Western country where the majority is against supporting Ukraine. You are the minority.
> Is this the democracy which started when it forcibly overthrew the elected government
Not intending to be inflammatory, but how would you feel about your taxes going to funding the invasion of Ukraine?
I'm not a big fan of my country's military spending, and it's probably trivial even in terms of percentage of GDP, in comparison to that of the US, Russia or China.
In terms of regime change "approach", if the US did manufacture the overthrow of the previous Ukraine government, it has the appearance of a much lower cost of human life than the approach Putin is taking. And I'm no fan of the US' "manifest destiny" ego trip but I don't want to get too far into whataboutism.
For years I've wondered why renewable energy hasn't been considered under the auspices of national security. I think the primary reason is that the fossil fuel lobby outranks national security on any topic too complicated for the majority of the general voting populace to understand (ie. anything less subtle than big boom-boom bad makes).
It's politically interesting (cringe), the line between assisting Ukraine's defense by sending weapons and funding as opposed to actively committing troops and implementing a no-fly-zone etc. Interesting that Russia is now accusing NATO of effectively conducting a proxy war against Russia - it seems that Russia wants to have war declared upon it in order to post-justify their invasion as "see, this is what was going to happen anyway" - it doesn't have to make sense to anyone other than the Russian leadership in order for them to be assured of the righteousness of their own cause.
> For years I've wondered why renewable energy hasn't been considered under the auspices of national security.
Energy independence used to come up more often in US elections until prices collapsed in 2014ish and the US became a net exporter of refined petroleum products. The whole “Nuclear Renaissance” that began under W. was derailed by insanely cheap natural gas production, so it just kinda fell off everyone’s radar since people in the US considered the problem solved for the time being.
My context is Australia which is 100% dependent upon imported petroleum whilst also having abundant wide open spaces and sunshine. In combination with a government that frequently dog whistles national security.
I think it's just that politicians always knew that any real push would be expensive and raise energy prices. Everyone wants to go green, but if that involves doubling energy costs, then how many people are still going to say yes? That would not be popular with their constitutes, so bye bye political career.
Nobody could make the hard choice and they hoped that technology would solve the issue eventually - which to be fair, it did look like that was going to happen.
On the other hand, we have this situation. In my country natural gas prices have risen 40% in the last month and some items in supermarkets are close to double what they were a year ago.
In reality it's probably my increasing interest in and exposure to politics as opposed to any cultural change, but it feels like "we" are increasingly sacrificing big in the future for small in the present.
It's probably always been like this in politics though.
That is the probably with politics and the wall street quarterly cycle - you always sacrifice the long term for your short term gains. There have been some moves away from this but largely the system rewards/punishes people who don't operate on the short term.
Switch to renewables is such a huge win for everyone (less oil producing nations). Cheaper, cleaner electricity (unlocking new manufacturing capabilities on price), lower social unrest impacts from climate change, better water quality, less reliance on foreign oil, etc. Costs are now starting to hit the point where it's far cheaper to go renewable - if we could get some political will power to push us further we could get continued wide spread adoption and massive scale up.
Russia seems less like a state and more like a mafia. “Nice wind farm you got there. Would be a shame if something were to happen to it. Maybe you better buy some more oil.”
The West is effectively at war with Russia. I wouldn't be surprised if the US was actually the one behind the recent explosions and fires inside Russia and not Ukranian agents/military. When you're at war, cyber-warfare is to be expected(and hopefully prepared for).
Decades of fighting guerrillas has left us loose with words. Tanks rolling past Kyiv should remind us of the bright line between annoying and engaging an enemy.
Indeed - you'd know if we were at war with Russia because things would go incredibly well for America for a few days then incredibly poorly for everyone. America is best described as a belligerent in a proxy war. [1]
[A proxy war relationship] usually takes the form of funding, military training, arms, or other forms of material assistance which assist a belligerent party in sustaining its war effort.
Has been forever in proxy wars with Russia. Proximity to Europe is the large difference in this one. OP is unfamiliar with the different gradients of war which I think is why everyone is jumping on them for since the US isn't "effectively at war" with Russia.
Yeah—when you're shipping weapons for free to one side in a war, plus providing a ton of intel to them from military assets you're operating expressly because of the war, also for free, you're a legitimate target, especially anything related to industrial production (so, including your energy infrastructure). Just because Russia's not decided to shoot at us over it (not because they're nice, but because it would surely make their situation even worse) doesn't mean we're not, effectively, war participants.
I'm not complaining about that, mind, but it's not like it's surprising or unfair that they'd try to hit us in limited ways, if they can.
Day one of the invasion I double checked our backups (ahead of schedule) and security. And the company I'm with isn't at all involved with anything military, nor do we have any particular interest (business-wise) in Ukraine—some kind of mass automated attack still seemed likely enough to be worth a little of my time. I assume CISOs with infrastructure and military orgs were on a war footing before the shooting started. At least, I hope they were.
> when you're shipping weapons for free to one side in a war, plus providing a ton of intel to them from military assets you're operating expressly because of the war, also for free, you're a legitimate target, especially anything related to industrial production (so, including your energy infrastructure)
Proportionality. Weapons are being shipped to Ukraine for use on Ukrainian territory. Not Russia. I don't know if explicit red lines have been drawn. But the Moskva was sunk by Ukranian missiles [1]. And I believe the cross-border raids were done with Mi-8s, not the Mi-17s Kyiv’s been provided by the West [2].
If Russia wants to open its territory to retaliation, that's its choice. But it would be one more blunder in a series of idiot moves. (To be clear, this story looks like Russian criminals being Russian criminals more than anything state directed. If we didn't have the backdrop of the war, the headline would probably mention Bitcoin.)
None of that makes the US (or any other Ukrainian supplier) a legitimate target in terms of international law. Especially as they're nearly all defensive systems being used inside Ukrainian territory.
We've established this precedent over decades in earlier proxy wars like Vietnam and Afghanistan where the US and USSR armed each others opponents. It certainly doesn't make the supplier an 'effective war participant' as you stated.
This was even true when the US and USSR sent actual personnel in as 'advisors' or combat pilots, even though that is direct involvement. It's not a casus belli.
On the other hand, basic infrastructure being so unprotected, that a random guy from a random country, possibly even half a planet away, can stop electricity production, is kinda sad.
Yes yes, russia, current year, politics, government actors,... but again... why is it connected to the internet in the first place?
Um renewable assets don't run on an information island. Weather forecasting is part of the equation as well as being able to keep up to date diagnostics for operations.
"why is it connected to the internet in the first place?" Really?
I'll give you points on security concerns but your other comment is borderline ridiculous.
If the weather forecasting for the windmills is as inaccurate as my daily local forecast, then I could see the systems just shutting down from inaccurate information! Seems like a centralized system looking at forecasts to predict energy needs that could then privately connect to the remote generating stations would be better than having them be internet connected.
Also, wind mills are for milling grains using wind power. And weather forecasting has many different levels of quality to it. I can't speak to your local capabilities but there different services that you can ascribe to.
In terms of internet needs - there are many reasons that renewable assets need internet connectivity not strictly forecasting and it isn't unreasonable to be able to get secure connections.
> a random guy from a random country, possibly even half a planet away, can stop electricity production
Did they though? From what I read they only lost remote control and the wind turbines continued to operate in "auto mode".
Given stormy conditions you maybe could break some wind turbines remotely by somehow disabling their brakes/turning them into the wind, but if you only brick some electronics on a normal day, that's an easy fix. They're not complicated technology and replacement electronics/expertise are readily available.
I'm all for wind energy and Ukraine but the connection to Russia seems flimsy. The article mentions the timing of the attacks (right after the war began) as proof of Russia's involvement. Just in December 2021 Uptime Wind Energy Podcast was talking about [1] a cyber attack on Vestas. So it's not like it was unprecedented before the war. I get that 1 of the attacks was by a group that publicly supports Russia. And I get that Russia has huge vested interests against wind energy.
20 years ago, the blame would fall on "big oil", then it was north korea, now russia...
...and in reality, it might have been an angry former employee who just happens to know all the default passwords set everywhere.
Russia basically gains nothing by doing this, except even worse relations with the germans (it's not like the germans will say "oh, the russians hacked us, we better buy their gas now")
Now I'm trying to creatively imagine a disaster caused by wind energy? Near human extinction from all of the cancer the windmills create? World wild exitinction from birds from all of them being killed by the windmills? Near worldwide deafness in all humans from the humming they generate? I'm just running through all of the right wing consipriacies I've heard about. I'm not creative enough to come up with that nonsense.
The California Condor is the key to ending the 2073 pandemic. Their extinction due to wind farms in 2065 is about to lead to extinction of the human race. They discover a time travel mechanism that only works for energy, not matter. They can't travel back in time and just grab some condors or open a time portal underneath an unsuspecting condor, since the portals don't work with matter. They open a time portal for radio waves and use a 5G modem to sabotage wind farms in 2022.
It turns out that all of the hysteria against 5G was an attempt by a psychopathic dictator in the future to end humanity by taking down all of the 5G towers to prevent the sabotage of the wind farms.
Although you're joking, it's important to note that the angle of birds being killed by wind farms is a tactic used by people who want to see wind projects fail or not happen but want to dress this up in environmentalist sounding language. It's not that birds are never killed by wind turbines, it's that this is scrutiny only applied to wind turbines by the fake-environmentalists when they'll happily accept the environmental destruction of other methods of power generation.
Close to heart because I know of a major wind project cancelled in my area due to the government commissioning an 'environmental review' which concluded the whole project had to be canned because it'd endanger a parrot. Meanwhile, the logging continued unabated...
> It's not that birds are never killed by wind turbines, it's that this is scrutiny only applied to wind turbines by the fake-environmentalists when they'll happily accept the environmental destruction of other methods of power generation.
I fully stand by the statement that it's basically only fake environmentalists who care. Yes, some real environmentalists do too, but seriously: the wholesale destruction of the entire biosphere due to the rampant use of fossil fuels, the destruction of entire ecosystems like the Amazon rainforest, and some people only focus on how we shouldn't build wind farms because of the birds. Colour me cynical about most people who bring up wind farms and birds.
Again, I know of projects where that entire angle was just a political one used to cancel wind projects in favour of staying reliant on coal. I liked that parrot too; it's probably doomed anyway due to the fact that destruction of native forests is rampant. How will the raptors do in global warming?
Raptors will probably go extinct first because nutty activists imagine criticism of misguided environmental priorities may be safely ignored because of who brought it up...thus committing a tragic error.
My personal feeling is giant HAWT technology should be banned due to the potential for environmental damage.
I live about 15km from a moderately-sized airport, and I can hear the deep rumble when planes take off during the quieter hours of the day. Airports aren't getting banned anytime soon, and don't seem to have caused any measurable health problems to the surrounding population.
Same thing for surf beach communities. First time I stayed a few days near a surf beach I was surprised by the penetrating deep rumble of every single set of waves that crashed on the beach.
I think the health issues caused by living near a wind farm would be similar to those experienced by living near anything that the individual has some kind of righteous moral opposition to (read: lack of understanding of).
Imagine a future where airports can only be located 50km from any other civilisation due to the health effects that wind farms are accused of causing. Combine that with 4G being the upper limit of mobile connectivity because 5G was found to be both a Chinese conspiracy for world domination and a radiation health risk.
In 2100, aliens arrive. It turns out that Earth is just perfectly temperate for them. The only way to avoid their conquest of the planet is to make it a couple degrees hotter than we're already on track for (they are very picky).
They have a habit of doing it(for years/decades) and it would really help them if people couldn't rely on other sources of energy than what they're selling.
So, who else?Who has a motive and the capabilities to do this?
I mean.. what does russia gain? Even worse political relations? Germany will fix it system in a day or two, and then what? Does anyone actually expect them to ditch wind power and buy russian gas after russia hacking them?
Realistically... by stirring the shit up in europe, the country that gains the most is.. well.. USA. Do something, blame russia, make EU economy worse, worsen the relations, make european countries stop production due to energy crisis, sell them american products, and if things get even worse, sell weapons, maybe even to both sides if things get desparate enough, watch europe destroyed again while their own economy gets a great boost.
Looking at who has most to gain from an action is an excellent starting point. What should we do, just assume everyone is equally likely until proof appears?
I mean.. what does russia gain? Even worse political relations? Germany will fix it system in a day or two, and then what? Does anyone actually expect them to ditch wind power and buy russian gas after russia hacking them?
Realistically... by stirring the shit up in europe, the country that gains the most is.. well.. USA. Do something, blame russia, make EU economy worse, worsen the relations, make european countries stop production due to energy crisis, sell them american products, and if things get even worse, sell weapons, maybe even to both sides if things get desparate enough, watch europe destroyed again while their own economy gets a great boost.
The US is currently better off with a weakened Russia.
EU <-> Russia relations are about as bad as they can get short of open war, trying to make them worse is somewhere between meaningless and self-destructive for the US. If the US wanted to escalate they have easier ways.
Russia is better off when the alternatives to their energy are poorly performing or nonexistant.
Don't make it more complicated than it is. You can go round-and-round all day with: it looks like A did it, but oh that's what they _want_ me to think, or maybe _that's_ what they want me to think. Really 9 times out of 10 it's the obvious.
The relations are not as bad as the media portrays them, and stuff like this would actually make them worse.
It also looked like iraq had weapons of mass destruction and iraqi soldiers were killing babies... but a few years later, it looked a bit different.
This war is just one of the many in the last decades, and the west only cares, because it's the russians doing it and not americans/nato. The world that didn't care about a 20 year long occupation of afghanistan (... and iraq, syria, libya, etc.), because the media didn't tell them to care... now they care, again, because of the media. So yeah... an attack, where russia literally gains nothing and the result is only worse relations seems iffy to me.
It's not that complicated. The US has is fairly open about how much they hate Germany's friendly relationship with Russia for years and has been on a near constant campaign to shame Germany into doing more to oppose them.
This hack attack "attacks" Germany without actually doing any meaningful damage. It serves US interests more than Russian.
>Really 9 times out of 10 it's the obvious.
9 out of 10 hack attacks are attributed on the basis of little more than an IP address and the politically convenient culprit is blamed. It'd be an easy thing to get away with.
> This hack attack "attacks" Germany without actually doing any meaningful damage. It serves US interests more than Russian.
The US has little to gain, Germany<->Russia relations are already in the trash. Why bother trying to achieve what Russia already did for you?
The US has a _lot_ to lose and extremely little to gain. If they were shown to be at fault it would be a huge PR win for Russia and would basically tank the goodwill that intra-NATO has gained.
To be fair, we blamed Russia before we blamed North Korea for a long time. Russia just fell out of favor as the whipping boy, but what was old is new again. Remember when Russia was our "friend"? With friends like these, who needs enemies?
> A hacker who manages to infect the industrial equipment that controls wind turbines could manipulate the machines’ brakes to stop power production, said Trond Solbert, managing director for cybersecurity at Norwegian risk-management company DNV GL.
Do that to a couple thousand wind turbines and yes, "better buy their gas now". Even better if you do it the other direction - take the brakes off in a storm, and you get https://www.youtube.com/watch?v=l3tqjuvy7i0.
Yeah... not buying it. If russia did that, it would make them even less likely to buy russian gas again... they'd probably just buy overly expensive electricity from neighboring countries and fix their wind production.
The worst thing russia can do to get them to buy more gas, is to directly attack them. Do you really expect them to even talk to russia, if russia did that? Just the outrage (fueled by the media) would make people forgive the government the highly inflated prices of imported electricity, while they fixed the wind production. Russia literally has nothing to gain by doing this, and a lot to lose...
There seems to be a correlation between the political demographic in Germany that hates wind turbines and the one that supports Putin. Maybe someone thinks creating more wind turbine haters will increase support for Russia.
Being guilty of a lot of things doesn't necessarily mean they are guilty of all the things. Are they guilty of all of things they are accussed, or just accepted as the culprit because they're the Russians? If I was wanting to attack US tech, I'd be sure to make it look Russian.
I'm not Tucker Carlson trying to get you to think Russia isn't all bad, but I'm also saying that when it comes to hacking, there could be others involved.
Big Oil, North Korea (under the Kim regimes), and Russia (under Putin) are all bad actors with a history of near-total disregard for human life. I'm not sure you're making the point you think you're making.
Russia gets to rattle their cyber sabre is what this lets them do. Why do they rattle their sabre? because it has been literally the only thing they are doing in response to this war.
Since day one all Russia has done is sabre rattle about the war.
> "oh, the russians hacked us, we better buy their gas now"
Unless, as they know, the Russians know, and everybody knows, they don't have any choice in the matter. They can't replace Russian gas imports, and without them their economy would be severely crippled ( as argued by many unions, trade body representatives, etc.).
I'm not sure about when the Vestas happened, but Russia likely took more than a year to plan an invasion of this size. After some sanctions following the 2014 Crimea invasion, Russia built up its foreign currency reserves to ride out sanctions, apparently Gazprom reduced natural gas holdings in Germany right before this invasion, and Russia made other preparations to stave off sanctions and/or reduce their impact. It's not unthinkable that Russia did some preliminary attacks on renewables in preparation/practice runs in the year leading up to the invasion.
Based on the level of success they've had, I'd say Putin was drunk and scribbled invasion on a napkin with an arrow headed south from Russia into Ukraine.
It looks like it, but it's due to incompetence, corruption, low morale, and terrible planing, not lack of planning per se. You can plan all you want, but if you do so based on wrong assumptions, and the people who you rely on to get information for the plans, and to execute the plans, are mostly incompetent stooges chosen for loyalty, it will turn out bad.
It's perfectly possible that it is Russia but hack attribution is and has always been a complete and total shitshow.
If I were executing any kind of hack attacks these days I'd consider masquerading as a state actor to be standard opsec.
It is way too tempting to blame state actors for a variety of reasons:
* Public/shareholders will be more forgiving.
* Insurance (as is the case with Sony).
* Makes you seem more competent if you "know" who did it straight away.
To add to that, once youve picked your culprit you kind of have to double down on it which means embarrassing evidence to the contrary uncovered later will be swept under the carpet for fear of humiliating everybody who said it was [ state ] when it was [ script kiddies in a basement ].
Thus masquerading as a state actor offers a decent amount of protection for a non state attacker coz once attribution is locked in the motivation to track you down evaporates.
> Serious cyberattacks on industrial equipment aren’t common and take significant knowledge to prepare, according to security experts.
Nonsense. All it takes is "caring enough to put in a bit of effort to figure out how to do it."
The reason we haven't seen them, historically (and IMO...) is that nobody in the "evil hacker space" has generally been willing to attack actual physical targets directly. Over the past decade or so, we've seen a shift from "Only large, well funded actors attack physical infrastructure" (Stuxnet) to "More and more attacks on things increasingly close to physical infrastructure" (various pipeline attacks, the assorted industrial control system malware toolkits, etc). It's only a matter of time until the actual physical stuff is attacked, and this may or may not qualify - it sounds like the administrative side was attacked, but (perhaps?) not the actual turbines. Yet.
The reality of control systems is just like that of anything else "digital" and "microchip" and "connected to a network" - they're not secure against a wide range of attackers, and the only saving grace is that most of them haven't been targeted by a sufficiently motivated adversary.
We, as a general software ecosystem across a range of disciplines, add complexity faster (in hardware and software) faster than we understand and fix bugs. Shipping new things gets people promoted, "fixing weird old bugs in some poorly understood subsystem" doesn't - even if that archaic subsystem is useful to display (poorly encoded and often wrong) Xerox scans. See one of Apple's recent 0days...
If you want a "secure" system for industrial control, it can't be network connected anymore. Yes, it's convenient, and the tradeoff is that someone can and will hack it, some day. Does it matter? Up to you and your company.
But "air gaps" don't work, "Well, we'll use antivirus..." doesn't seem to matter, and "network connected computers" just suck at anything involving security.
> All it takes is "caring enough to put in a bit of effort to figure out how to do it."
Which points to the statement "Serious cyberattacks on industrial equipment aren’t common and take significant knowledge to prepare" being true.
The primary reason probably being that there are more profitable and more easily exploitable targets out there. Why go for the anything but the low-hanging fruit first?
Conflict situations (invasion, war, pandemic) change priorities pretty significantly.
Actually there are some network based scanner trying to handle this using AI to spot usual and unusual traffic. Seems good but not well known (and I guess given the attention the vendor is more office system not industrial system oriented). The problem as said is management. Those on top of these might not have the mindset to handle this angle. After all they are more engineer firm and organisation. And some may still have the security by obscurity and isolation-alone (then someone to mgt it via home use an open dial up …). It is the mentality and the market absence which is the key barrier of entry.
Antivirus btw is useless even in office IT. Baseline yes. But useful no. Any decent professional hacker know the big few and test against them down to try to test whether it is in such env and react differently. Still think network based scanner etc is the better approach. Of course one worry about service denial by fake attack … still …
This is like a vaccination, a small challenge to a system that should both harden it and sensitize it to later challenges so they are detected and squashed quicker. Long-run improvement in the cyberwar space.
This is somewhat of an answer to why cyberattacks on industrial equipment aren't common: They want to keep them up their sleeve. Since-Crimea-annexation years to probe and penetrate with a view to mapping out the network in order to be able to actually strike it at the most opportune time.
"As soon as you can" is very rarely the best timing. Preparation is key.
This is where the NSA's of the world have the dual purposes of securing internal infrastructure and finding insecurities in any and all non-internal infrastructure. For the internal stuff, there is tension on disclosure if the same security holes are present externally as well.
Whether this adversarial attack is what's happened in this case, who knows. The timing is certainly interesting, but you also can't rule out false flag operations to justify other countries 'entering the conflict'.
How do we ensure cars are safe? How do we prevent whole fleets going 90° to the left at 0545?
I'm glad Tesla seems to leverage an experienced team like canonical for their basic software, I'm deeply concerned about the whole yocto derivatives world. It's random luck if your car software has regular security patches or not.
Which vendors other than Tesla have the capability to roll security updates quickly? From detection via test out to the fleet? Which have security know how on par with, say, Russian hackers?
103 comments
[ 0.30 ms ] story [ 19.0 ms ] threadNorth Korea has been behind a ton of crypto hacks and thefts, and they're simply ignored. The Russians attacked Colonial Pipeline, and they're simply ignored. There's a list as long as my arm. For whatever reason we've decided cyberattacks are not war.
1. A malicious actor is abusing the scenario, but everyone thinks "If it was set up properly in the first place that wouldn't have been possible." Victim blaming in a sense.
2. Attribution is hard.
There is likely more.
I think as long as people are not killed it's not war.
There was very little international reaction at the time, which probably emboldened the Russian takeover of eastern Ukraine. But now Dutch artillery is being shipped to the Ukranian army.
If they did enough damage in the physical world, it's possible they would be. But, since we had to read about these "hacks" in a news article about hacks rather than in, say, a news article about widespread blackouts in Germany, it does not appear that these did all that much damage. Problematic, for sure, but mostly at the nuisance level compared to, say, lobbing missiles or shooting people.
The funding coming on my back out of my labor and my taxes.
Is this the democracy which started when it forcibly overthrew the elected government, banned a number of political parties right after that, and which just banned the second largest political party recently? Some democracy.
The "elected government" which restricted rights of speech and protests, ordered police to open fire on protesters killing more than 50 people, and then fled to Russia.
>and which just banned the second largest political party recently
The head of that political party is Victor Medvechuk, a close associate of Putin who proudly claimed that Putin is his daughter's godfather, who was charged with treason and put on house arrest a year ago for funneling money to the DPR / LPR whomst Ukraine has been at war with for 8 years, and was recently captured while attempting to flee the country in a stolen Ukrainian military uniform after escaping his house arrest.
And the point of it, for those that don't know, is to remove the last shreds of legitimacy from any BS referendums Russia might try to hold in occupied territor, in which a minor pro-Russian politician whose party had low-single-digit support in previous elections is suddenly "elected".
> Is this the democracy which started when it forcibly overthrew the elected government
You just parrot a blatant lie by Russia
I'm not a big fan of my country's military spending, and it's probably trivial even in terms of percentage of GDP, in comparison to that of the US, Russia or China.
In terms of regime change "approach", if the US did manufacture the overthrow of the previous Ukraine government, it has the appearance of a much lower cost of human life than the approach Putin is taking. And I'm no fan of the US' "manifest destiny" ego trip but I don't want to get too far into whataboutism.
It's politically interesting (cringe), the line between assisting Ukraine's defense by sending weapons and funding as opposed to actively committing troops and implementing a no-fly-zone etc. Interesting that Russia is now accusing NATO of effectively conducting a proxy war against Russia - it seems that Russia wants to have war declared upon it in order to post-justify their invasion as "see, this is what was going to happen anyway" - it doesn't have to make sense to anyone other than the Russian leadership in order for them to be assured of the righteousness of their own cause.
Energy independence used to come up more often in US elections until prices collapsed in 2014ish and the US became a net exporter of refined petroleum products. The whole “Nuclear Renaissance” that began under W. was derailed by insanely cheap natural gas production, so it just kinda fell off everyone’s radar since people in the US considered the problem solved for the time being.
Nobody could make the hard choice and they hoped that technology would solve the issue eventually - which to be fair, it did look like that was going to happen.
On the other hand, we have this situation. In my country natural gas prices have risen 40% in the last month and some items in supermarkets are close to double what they were a year ago.
It's probably always been like this in politics though.
Switch to renewables is such a huge win for everyone (less oil producing nations). Cheaper, cleaner electricity (unlocking new manufacturing capabilities on price), lower social unrest impacts from climate change, better water quality, less reliance on foreign oil, etc. Costs are now starting to hit the point where it's far cheaper to go renewable - if we could get some political will power to push us further we could get continued wide spread adoption and massive scale up.
(The German nuclear shutdown looks extremely bad in hindsight, though)
In a contest. Not at war.
Decades of fighting guerrillas has left us loose with words. Tanks rolling past Kyiv should remind us of the bright line between annoying and engaging an enemy.
I'm not complaining about that, mind, but it's not like it's surprising or unfair that they'd try to hit us in limited ways, if they can.
Day one of the invasion I double checked our backups (ahead of schedule) and security. And the company I'm with isn't at all involved with anything military, nor do we have any particular interest (business-wise) in Ukraine—some kind of mass automated attack still seemed likely enough to be worth a little of my time. I assume CISOs with infrastructure and military orgs were on a war footing before the shooting started. At least, I hope they were.
Proportionality. Weapons are being shipped to Ukraine for use on Ukrainian territory. Not Russia. I don't know if explicit red lines have been drawn. But the Moskva was sunk by Ukranian missiles [1]. And I believe the cross-border raids were done with Mi-8s, not the Mi-17s Kyiv’s been provided by the West [2].
If Russia wants to open its territory to retaliation, that's its choice. But it would be one more blunder in a series of idiot moves. (To be clear, this story looks like Russian criminals being Russian criminals more than anything state directed. If we didn't have the backdrop of the war, the headline would probably mention Bitcoin.)
[1] https://en.wikipedia.org/wiki/R-360_Neptune
[2] https://www.washingtonpost.com/national-security/2022/04/20/...
We've established this precedent over decades in earlier proxy wars like Vietnam and Afghanistan where the US and USSR armed each others opponents. It certainly doesn't make the supplier an 'effective war participant' as you stated.
This was even true when the US and USSR sent actual personnel in as 'advisors' or combat pilots, even though that is direct involvement. It's not a casus belli.
Yes yes, russia, current year, politics, government actors,... but again... why is it connected to the internet in the first place?
I'll give you points on security concerns but your other comment is borderline ridiculous.
In terms of internet needs - there are many reasons that renewable assets need internet connectivity not strictly forecasting and it isn't unreasonable to be able to get secure connections.
Did they though? From what I read they only lost remote control and the wind turbines continued to operate in "auto mode".
Given stormy conditions you maybe could break some wind turbines remotely by somehow disabling their brakes/turning them into the wind, but if you only brick some electronics on a normal day, that's an easy fix. They're not complicated technology and replacement electronics/expertise are readily available.
“Machines displayed codes that looked like hieroglyphs, Mr. Brandt said, indicating servers had been encrypted with malware.”
Nice rabbit hole...
https://en.wikipedia.org/wiki/Template:List_of_hieroglyphs
[1] https://weatherguardwind.com/cyber-resilience-byron-martin/
20 years ago, the blame would fall on "big oil", then it was north korea, now russia...
...and in reality, it might have been an angry former employee who just happens to know all the default passwords set everywhere.
Russia basically gains nothing by doing this, except even worse relations with the germans (it's not like the germans will say "oh, the russians hacked us, we better buy their gas now")
It turns out that all of the hysteria against 5G was an attempt by a psychopathic dictator in the future to end humanity by taking down all of the 5G towers to prevent the sabotage of the wind farms.
Close to heart because I know of a major wind project cancelled in my area due to the government commissioning an 'environmental review' which concluded the whole project had to be canned because it'd endanger a parrot. Meanwhile, the logging continued unabated...
Meanwhile the raptors are still shredded...
Again, I know of projects where that entire angle was just a political one used to cancel wind projects in favour of staying reliant on coal. I liked that parrot too; it's probably doomed anyway due to the fact that destruction of native forests is rampant. How will the raptors do in global warming?
Raptors will probably go extinct first because nutty activists imagine criticism of misguided environmental priorities may be safely ignored because of who brought it up...thus committing a tragic error.
My personal feeling is giant HAWT technology should be banned due to the potential for environmental damage.
The big threats to smaller birds are glass buildings and domestic cats, but they don't get as much discourse.
Same thing for surf beach communities. First time I stayed a few days near a surf beach I was surprised by the penetrating deep rumble of every single set of waves that crashed on the beach.
I think the health issues caused by living near a wind farm would be similar to those experienced by living near anything that the individual has some kind of righteous moral opposition to (read: lack of understanding of).
Imagine a future where airports can only be located 50km from any other civilisation due to the health effects that wind farms are accused of causing. Combine that with 4G being the upper limit of mobile connectivity because 5G was found to be both a Chinese conspiracy for world domination and a radiation health risk.
I'm just saying that it's convenient to just blame russia for everything without any proof.
So, who else?Who has a motive and the capabilities to do this?
Realistically... by stirring the shit up in europe, the country that gains the most is.. well.. USA. Do something, blame russia, make EU economy worse, worsen the relations, make european countries stop production due to energy crisis, sell them american products, and if things get even worse, sell weapons, maybe even to both sides if things get desparate enough, watch europe destroyed again while their own economy gets a great boost.
It seems more of a response/warning to the sending of weapons that has a tiny bit of teeth but not enough to escalate further.
If they consider themselves at war with NATO this attack does make sense.
Realistically... by stirring the shit up in europe, the country that gains the most is.. well.. USA. Do something, blame russia, make EU economy worse, worsen the relations, make european countries stop production due to energy crisis, sell them american products, and if things get even worse, sell weapons, maybe even to both sides if things get desparate enough, watch europe destroyed again while their own economy gets a great boost.
EU <-> Russia relations are about as bad as they can get short of open war, trying to make them worse is somewhere between meaningless and self-destructive for the US. If the US wanted to escalate they have easier ways.
Russia is better off when the alternatives to their energy are poorly performing or nonexistant.
Don't make it more complicated than it is. You can go round-and-round all day with: it looks like A did it, but oh that's what they _want_ me to think, or maybe _that's_ what they want me to think. Really 9 times out of 10 it's the obvious.
It also looked like iraq had weapons of mass destruction and iraqi soldiers were killing babies... but a few years later, it looked a bit different.
This war is just one of the many in the last decades, and the west only cares, because it's the russians doing it and not americans/nato. The world that didn't care about a 20 year long occupation of afghanistan (... and iraq, syria, libya, etc.), because the media didn't tell them to care... now they care, again, because of the media. So yeah... an attack, where russia literally gains nothing and the result is only worse relations seems iffy to me.
They're two hairs away from direct war. You've lost the plot.
This hack attack "attacks" Germany without actually doing any meaningful damage. It serves US interests more than Russian.
>Really 9 times out of 10 it's the obvious.
9 out of 10 hack attacks are attributed on the basis of little more than an IP address and the politically convenient culprit is blamed. It'd be an easy thing to get away with.
The US has little to gain, Germany<->Russia relations are already in the trash. Why bother trying to achieve what Russia already did for you?
The US has a _lot_ to lose and extremely little to gain. If they were shown to be at fault it would be a huge PR win for Russia and would basically tank the goodwill that intra-NATO has gained.
A whipping boy is innocent. Russia is largely not.
> Remember when Russia was our "friend"?
No.
Do that to a couple thousand wind turbines and yes, "better buy their gas now". Even better if you do it the other direction - take the brakes off in a storm, and you get https://www.youtube.com/watch?v=l3tqjuvy7i0.
There's a lot of interest in this sort of thing. https://www.wired.com/story/how-30-lines-of-code-blew-up-27-...
They're _currently_ buying Russian gas.
And they'd be able to prove that how?
The worst thing russia can do to get them to buy more gas, is to directly attack them. Do you really expect them to even talk to russia, if russia did that? Just the outrage (fueled by the media) would make people forgive the government the highly inflated prices of imported electricity, while they fixed the wind production. Russia literally has nothing to gain by doing this, and a lot to lose...
I'm not Tucker Carlson trying to get you to think Russia isn't all bad, but I'm also saying that when it comes to hacking, there could be others involved.
Since day one all Russia has done is sabre rattle about the war.
Unless, as they know, the Russians know, and everybody knows, they don't have any choice in the matter. They can't replace Russian gas imports, and without them their economy would be severely crippled ( as argued by many unions, trade body representatives, etc.).
If I were executing any kind of hack attacks these days I'd consider masquerading as a state actor to be standard opsec.
It is way too tempting to blame state actors for a variety of reasons:
* Public/shareholders will be more forgiving.
* Insurance (as is the case with Sony).
* Makes you seem more competent if you "know" who did it straight away.
To add to that, once youve picked your culprit you kind of have to double down on it which means embarrassing evidence to the contrary uncovered later will be swept under the carpet for fear of humiliating everybody who said it was [ state ] when it was [ script kiddies in a basement ].
Thus masquerading as a state actor offers a decent amount of protection for a non state attacker coz once attribution is locked in the motivation to track you down evaporates.
War is not a pre condition.
Who attacks wind farms for fun anyway?
It is clear that the attack is politically linked and economically motivated.
Nonsense. All it takes is "caring enough to put in a bit of effort to figure out how to do it."
The reason we haven't seen them, historically (and IMO...) is that nobody in the "evil hacker space" has generally been willing to attack actual physical targets directly. Over the past decade or so, we've seen a shift from "Only large, well funded actors attack physical infrastructure" (Stuxnet) to "More and more attacks on things increasingly close to physical infrastructure" (various pipeline attacks, the assorted industrial control system malware toolkits, etc). It's only a matter of time until the actual physical stuff is attacked, and this may or may not qualify - it sounds like the administrative side was attacked, but (perhaps?) not the actual turbines. Yet.
The reality of control systems is just like that of anything else "digital" and "microchip" and "connected to a network" - they're not secure against a wide range of attackers, and the only saving grace is that most of them haven't been targeted by a sufficiently motivated adversary.
We, as a general software ecosystem across a range of disciplines, add complexity faster (in hardware and software) faster than we understand and fix bugs. Shipping new things gets people promoted, "fixing weird old bugs in some poorly understood subsystem" doesn't - even if that archaic subsystem is useful to display (poorly encoded and often wrong) Xerox scans. See one of Apple's recent 0days...
If you want a "secure" system for industrial control, it can't be network connected anymore. Yes, it's convenient, and the tradeoff is that someone can and will hack it, some day. Does it matter? Up to you and your company.
But "air gaps" don't work, "Well, we'll use antivirus..." doesn't seem to matter, and "network connected computers" just suck at anything involving security.
Which points to the statement "Serious cyberattacks on industrial equipment aren’t common and take significant knowledge to prepare" being true.
The primary reason probably being that there are more profitable and more easily exploitable targets out there. Why go for the anything but the low-hanging fruit first?
Conflict situations (invasion, war, pandemic) change priorities pretty significantly.
Antivirus btw is useless even in office IT. Baseline yes. But useful no. Any decent professional hacker know the big few and test against them down to try to test whether it is in such env and react differently. Still think network based scanner etc is the better approach. Of course one worry about service denial by fake attack … still …
"As soon as you can" is very rarely the best timing. Preparation is key.
This is where the NSA's of the world have the dual purposes of securing internal infrastructure and finding insecurities in any and all non-internal infrastructure. For the internal stuff, there is tension on disclosure if the same security holes are present externally as well.
Whether this adversarial attack is what's happened in this case, who knows. The timing is certainly interesting, but you also can't rule out false flag operations to justify other countries 'entering the conflict'.
I'm glad Tesla seems to leverage an experienced team like canonical for their basic software, I'm deeply concerned about the whole yocto derivatives world. It's random luck if your car software has regular security patches or not.
Which vendors other than Tesla have the capability to roll security updates quickly? From detection via test out to the fleet? Which have security know how on par with, say, Russian hackers?