As for damage, Maersk container terminals worldwide are still shut down on the truck side, not accepting containers for shipment. Maersk is so down that their web sites with status info aren't being updated to show that they're down.[1] Their Twitter feed has general statements.[2] The only good info seems to come from the Port Authority of New York and New Jersey, which is telling truckers not to come to Maersk's terminal today, Wednesday.[3]
Understand what this means. The biggest container ports in the US and Europe have been down for two days. There's no announced re-opening date yet.
Nobody else seems to have been visibly hit as hard as Maersk, other than the Kiev subway fare collection system.
Hopefully this will lead to less complacency, and an increased interest in and more funding for security. In the long run, hopefully infrastructure like this will become more hardened and less susceptible to such attacks.
The article provides no evidence for the claim made in the title. Even if it were to do so, the article leaves the dangling question of why bother to include the ransom component at all.
You need to do something destructive to study the scale of real world disruption resulting from such offensive and to motivate victims to report infections. They could probably go with the old-school format c:, but ransomware seems to be all the rage nowadays.
The West and particularly the US should be very worried about this. The sanctions against Russia are dictating its policy and they have shown a willingness to escalate beyond what's been considered "appropriate" in the past.
I'll say it again here, a country will be made to surrender its policy due to crippling cyber-attacks. As has been shown in the past a western country will only fight a war as long as the citizens support it. When people are harmed and dying due to hospital shut downs, inaccessible banks, power companies offline, airplanes grounded and food shipping stalled - politicians will feel their arms have been twisted horribly but will concede. How well would Washington, DC function for weeks or longer without electrical power?
What Russia is preparing for is the equivalent of bombing cities until surrender (not the direct death, but the punish the population to cause surrender method). As far as I know, there are no international laws around it.
Best case is all sides escalate cyber-weapon "strength" to unthinkable levels and we enter a new cold-war standoff. But again, the nuke mutually assured destruction only could happen after nukes had been proven to be crippling...
The West needs to take this threat very seriously, or we'll soon find ourselves at the wrong end of the barrel of a new weapon.
I'm surprised to see even people on this site downplaying how worrisome these attacks are.
The ability to shut down an enemy's computer systems remotely is an awesome power, and will only become more impactful as we rely more and more on computer systems in our everyday lives.
Forget space: the internet is the next frontier. A group of enemy soldiers shutting down a hospital would be met with outrage and military backlash. A group of hackers shutting down fifty hospitals is met with jokes about outdated operating systems and derision towards IT directors.
At what point do we stop treating these like annoyances of a strange new world and start treating them like what they are: targeted, military-grade attacks. The whole world can see how woefully unprepared the West is for attacks of this nature and the attackers are only going to grow more bold.
The more intertwined tech is with the military, the more powerful the cyber-warfare paradigm becomes.
Accusations without evidence are irresponsible; incorrect attribution erodes trust and justifies resentment that lasts far longer than the current situation.
The article discusses evidence suggesting that Ukraine was the target, but that's only circumstantially suggests that Russia may be responsible. Proper attribution of anything on the internet is already incredibly difficult. The history of false flags and other deception-based motives makes the problem even harder.
> Best case is all sides escalate cyber-weapon "strength" to unthinkable levels and we enter a new cold-war standoff.
No, the best case is for software authors to be held liable for the safety problems in the infrastructure they create. MAD isn't going to stop other parties - even script kiddies - from exploiting the same bugs. Yes, it will cost a lot of time and money, but we've known how to build secure systems for a long time[1].
Escalating another conflict between the two largest nuclear powers is a plan that has a very good chance of getting a lot of people killed.
From the article:
>> The Kremlin spokesman Dmitry Peskov said: “[The attack] again proves the Russian thesis that such a threat requires cooperation on the global level.”
I have a lot of issues with the current administration of Russia, but this is how we will survive the brave new technological world. MAD relies on the fear of retaliation; a far more reliable method of deterring hostilities is to create the situation where each side no longer wants a conflict, which can be accomplished with economic interdependencies. You don't bomb - conventionally, atomically, or with a weaponized computer virus - the business partners you rely on.
This seems alarmist to me. In principle we can make computers much more secure and in practice some groups actually do.
If we get some decent information out there and stop enabling people with the mentality that computer security is an add-on product I think we can make it pretty far. I doubt google or microsoft will be significantly harmed by a "cyber-weapon", and I don't think most end-user devices with automatic updates enabled will either.
> The West needs to take this threat very seriously, or we'll soon find ourselves at the wrong end of the barrel of a new weapon.
Our geopolitical opponents should be cautious as well - Public knowledge of weapons technology is often decades behind the reality and I doubt the US and it's allies are unable to defend and respond to any large scale attack.
You would think that in such dire times, the Five Eyes would want adopt a stronger policy towards security and less towards leaving every PC and smartphone vulnerable to attacks to make surveillance easier. Instead, they're now getting ready to discuss how to backdoor devices and encryption at the upcoming Five Eyes and G20 meetings.
There are lots of reasons to not (fully) trust the NSA (and related agencies). They've done (and likely still do) some things I don't approve of -- I think most of us could write a lengthy post about the details.
At the same time though, we need to collaborate with things like the Information Assurance Directorate (IAD)[0] to secure national systems. There are dangerous weaknesses in the US computer systems, and while a lot of the research on securing systems is done by private groups, government agencies are really the only ones that can sustain the funding and act as coordinators between private and public interests (eg, it's costly to secure the electrical grid, but there's a public interest in having one secure against attack).
So hopefully the past few years have scared the NSA on to a
saner course of supporting national defense instead of undermining it. And hopefully we can meaningfully collaborate with them on defense while fighting them on issues of privacy.
Does anyone else find it foreboding that attacks like these are still being primarily framed within the terminology of a legacy 50+ year old threat model?
"World War III is a guerrilla information war with no division between military and civilian participation."
Citizens are more likely to support a war if the affects are felt at home. Every child that dies in a hospital that is under attack will be a rallying cry for the masses.
Maybe this was retaliation for Wannacry which exploit (EternalBlue) was developed by the west and causing havoc through a ransomware. It would follow a tit-for-tat escalation strategy in cold-war style. The NSA did not intended to have wannacry but I can easily see if an other nation do not care about the distinction.
International laws would be nice. Few'er hospitals would be crippled by tax supported malware development. Focus could be spent on improving security and patching fault rather than hording and exploiting.
The single point of failure was the posteo.de[1] account. Surely doing business over this kind of channel was doomed to fail. Infosec Twitter is alight with conspiracy theories that receiving money was the least of the attacker's concerns. I too believe that they just wanted to cause damage and piss people off in Ukraine, using the ransom functionality of the software as a front. BTW: Instead of using email, what should they be using to offer support and arrange payment? Some sort of encrypted instant messenger system?
[+] [-] Animats|8 years ago|reply
As for damage, Maersk container terminals worldwide are still shut down on the truck side, not accepting containers for shipment. Maersk is so down that their web sites with status info aren't being updated to show that they're down.[1] Their Twitter feed has general statements.[2] The only good info seems to come from the Port Authority of New York and New Jersey, which is telling truckers not to come to Maersk's terminal today, Wednesday.[3]
Understand what this means. The biggest container ports in the US and Europe have been down for two days. There's no announced re-opening date yet.
Nobody else seems to have been visibly hit as hard as Maersk, other than the Kiev subway fare collection system.
[1] http://www.apmterminals.com/en/operations/north-america/port... [2] https://twitter.com/Maersk [3] http://btt.paalerts.com/recentmessages.aspx
[+] [-] pmoriarty|8 years ago|reply
[+] [-] INTPenis|8 years ago|reply
But how many average users read tech sites?
I wouldn't discount monetary motives just because their method of handling payments is dodgy. As long as that bitcoin ID is up it will be used.
It's not exactly in their interest to be honest here.
https://blockchain.info/address/1Mz7153HMuxXTuR2R1t78mGSdzaA...
[+] [-] swiley|8 years ago|reply
[+] [-] apo|8 years ago|reply
[+] [-] qb45|8 years ago|reply
[+] [-] BoiledCabbage|8 years ago|reply
Russia is "range testing" its weapons in Ukraine.
The West and particularly the US should be very worried about this. The sanctions against Russia are dictating its policy and they have shown a willingness to escalate beyond what's been considered "appropriate" in the past.
I'll say it again here, a country will be made to surrender its policy due to crippling cyber-attacks. As has been shown in the past a western country will only fight a war as long as the citizens support it. When people are harmed and dying due to hospital shut downs, inaccessible banks, power companies offline, airplanes grounded and food shipping stalled - politicians will feel their arms have been twisted horribly but will concede. How well would Washington, DC function for weeks or longer without electrical power?
What Russia is preparing for is the equivalent of bombing cities until surrender (not the direct death, but the punish the population to cause surrender method). As far as I know, there are no international laws around it.
Best case is all sides escalate cyber-weapon "strength" to unthinkable levels and we enter a new cold-war standoff. But again, the nuke mutually assured destruction only could happen after nukes had been proven to be crippling...
The West needs to take this threat very seriously, or we'll soon find ourselves at the wrong end of the barrel of a new weapon.
[+] [-] fnovd|8 years ago|reply
The ability to shut down an enemy's computer systems remotely is an awesome power, and will only become more impactful as we rely more and more on computer systems in our everyday lives.
Forget space: the internet is the next frontier. A group of enemy soldiers shutting down a hospital would be met with outrage and military backlash. A group of hackers shutting down fifty hospitals is met with jokes about outdated operating systems and derision towards IT directors.
At what point do we stop treating these like annoyances of a strange new world and start treating them like what they are: targeted, military-grade attacks. The whole world can see how woefully unprepared the West is for attacks of this nature and the attackers are only going to grow more bold.
The more intertwined tech is with the military, the more powerful the cyber-warfare paradigm becomes.
[+] [-] pdkl95|8 years ago|reply
Accusations without evidence are irresponsible; incorrect attribution erodes trust and justifies resentment that lasts far longer than the current situation.
The article discusses evidence suggesting that Ukraine was the target, but that's only circumstantially suggests that Russia may be responsible. Proper attribution of anything on the internet is already incredibly difficult. The history of false flags and other deception-based motives makes the problem even harder.
> Best case is all sides escalate cyber-weapon "strength" to unthinkable levels and we enter a new cold-war standoff.
No, the best case is for software authors to be held liable for the safety problems in the infrastructure they create. MAD isn't going to stop other parties - even script kiddies - from exploiting the same bugs. Yes, it will cost a lot of time and money, but we've known how to build secure systems for a long time[1].
Escalating another conflict between the two largest nuclear powers is a plan that has a very good chance of getting a lot of people killed.
From the article:
>> The Kremlin spokesman Dmitry Peskov said: “[The attack] again proves the Russian thesis that such a threat requires cooperation on the global level.”
I have a lot of issues with the current administration of Russia, but this is how we will survive the brave new technological world. MAD relies on the fear of retaliation; a far more reliable method of deterring hostilities is to create the situation where each side no longer wants a conflict, which can be accomplished with economic interdependencies. You don't bomb - conventionally, atomically, or with a weaponized computer virus - the business partners you rely on.
[1] https://en.wikipedia.org/wiki/Trusted_Computer_System_Evalua...
[+] [-] sqeaky|8 years ago|reply
If we get some decent information out there and stop enabling people with the mentality that computer security is an add-on product I think we can make it pretty far. I doubt google or microsoft will be significantly harmed by a "cyber-weapon", and I don't think most end-user devices with automatic updates enabled will either.
This is a solvable problem.
[+] [-] knz|8 years ago|reply
Our geopolitical opponents should be cautious as well - Public knowledge of weapons technology is often decades behind the reality and I doubt the US and it's allies are unable to defend and respond to any large scale attack.
[+] [-] mtgx|8 years ago|reply
[+] [-] SomeStupidPoint|8 years ago|reply
At the same time though, we need to collaborate with things like the Information Assurance Directorate (IAD)[0] to secure national systems. There are dangerous weaknesses in the US computer systems, and while a lot of the research on securing systems is done by private groups, government agencies are really the only ones that can sustain the funding and act as coordinators between private and public interests (eg, it's costly to secure the electrical grid, but there's a public interest in having one secure against attack).
So hopefully the past few years have scared the NSA on to a saner course of supporting national defense instead of undermining it. And hopefully we can meaningfully collaborate with them on defense while fighting them on issues of privacy.
[0] - https://www.iad.gov/iad/index.cfm
[+] [-] daxorid|8 years ago|reply
[+] [-] notadoc|8 years ago|reply
I agree with your assessment.
But with US politics as they are, it is hard to imagine anything being taken seriously.
[+] [-] wu-ikkyu|8 years ago|reply
Does anyone else find it foreboding that attacks like these are still being primarily framed within the terminology of a legacy 50+ year old threat model?
"World War III is a guerrilla information war with no division between military and civilian participation."
-Marshall McLuhan (1970)
[+] [-] pizza|8 years ago|reply
[+] [-] chocolatebunny|8 years ago|reply
[+] [-] belorn|8 years ago|reply
International laws would be nice. Few'er hospitals would be crippled by tax supported malware development. Focus could be spent on improving security and patching fault rather than hording and exploiting.
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] iammyIP|8 years ago|reply
[+] [-] spurlock|8 years ago|reply
[1]: https://posteo.de/en/blog/info-on-the-petrwrappetya-ransomwa...