Ask HN: Were we cyber attacked today?

4 points by alansmitheebk ↗ HN
I hate to sound like a conspiracy wingnut, but it seems unlikely that there were major outages at NYSE, United Airlines, and the WSJ all on the same day and it's merely a coincidence.

The media are referring to this as "computer glitches." I mean what, three different guys at three different data centers each tripped over a cable and it took each of them several hours to figure out how to plug it back in?

Maybe three different companies each committed buggy code in the past 24 hours -- code so bad that took their systems completely offline-- and they all forgot how to use git revert?

8 comments

[ 5.0 ms ] story [ 21.8 ms ] thread
It is possible that the outages weren't unrelated but also weren't malicious. For example, all three companies use the same vendor who's services failed.

I do think it is still more likely that they were 3 unrelated problem's with their systems.

> It is possible that the outages weren't unrelated but also weren't malicious. For example, all three companies use the same vendor who's services failed.

That is my operating theory based on some throwaway "insider" in the NYSE thread who claimed (without supporting evidence) that "multiple US citizens in multiple US cities" worked together to fix the internal IT issue involving the NYSE issue. Cisco? Or network provider?

Perhaps there was a 0day discovered that affected UAL (or someone else) and the prioritization favored the airline and financial industries first. Hence the secrecy to let them get things in order before the larger market is informed.

Or, it could simply be that two industries that rely heavily on public trust around their network security have a standard operating procedure to pull the plug more readily when they get caught off guard with some kind of 0day or mundane attack. There was someone on here the other day talking about how banks never publicize small losses due to attack against them for similar PR reasons. But other systems are too big to fail.

Of course, with the emerging revelation that this was just an internal software/interface screwup during a pilot, I guess my speculation was wrong.

Not sure why the insider wouldn't have just said "it was a software upgrade issue" instead of saying "trust me, it's nothing", though.

Unlikely? Maybe, but is it more likely that some entity that could attack such important infrastructure would attempt to steal something, or just destroy?

The only way I could see this could make you money is if you hedged against the markets and wanted to take everything down to benefit you, and that is superman villain level stuff.

Perhaps Hanlon's razor applies here: "Never attribute to malice that which is adequately explained by stupidity."
> and they all forgot how to use git revert?

Implying they use any form of VCS at all...

The Knightmare fiasco might serve as a useful datapoint for re-calibrating your expectations:

http://dougseven.com/2014/04/17/knightmare-a-devops-cautiona...

> I hate to sound like a conspiracy wingnut, but it seems unlikely that there were major outages at NYSE, United Airlines, and the WSJ all on the same day and it's merely a coincidence.

My expectations are calibrated at roughly "this is noteworthy?" Taking the long view of things, it seems unlikely it's taken this long for there to be three major outages on the same day. Well, rather, there have been - one wee little "yet another OpenSSL security vulnerability" and half the internet catches on fire, it seems. Or Michael Jackson dies and the full internet catches on fire. (EDIT: Or an AWS region goes down and you make a drinking game out of what popular websites are down because of it.)

Or, even ignoring mass issues like that - I suspect it's likely there have been "three major outages on the same day" before - and we simply didn't notice. I wasn't aware of the United Airlines outage, for example. I didn't notice this. I had to have it called to my attention.

> and they all forgot how to use git revert?

This also ignores the fact that git revert is insufficient for something as simple as an SQL schema change if you don't want to lose data. Rolling back your blog's comments is one thing - they were mostly spam anyways. Rolling back financial transactions is entirely another (breach of contract? Fraud?)

It's entirely possible to generate rollback scripts which handle this, of course. These aren't necessarily faster to execute than it is to fix the actual problem, however, if you've got a sufficiently large database. Murphy's law means you'll hit some edge case, your rollback will fail, and now you're trying to untangle yet another layer of things gone wrong.

(EDIT: Hell, rereading about Knightmare, they tried to rollback. They succeeded, but that just made things worse in the process!)

> Were we cyber attacked today?

Nothing to suggest it was one so far, IMO. Although I'll certainly grant that a "computer glitches" hand-wave isn't a terribly strong indication it wasn't one, either. "Cyber attacks" (what does that term mean to you, exactly, I wonder?) are common enough I wouldn't find it too terribly surprising, though. I can predict my rough reaction: "I guess they were wrong about that."

Seen statistically, three "major players" still aren't all that much...

If the White House, Facebook, electricity companies and AT&T had gone down as well, then maybe we could start talking ;-)