As a Russian software developer, these articles are just sad. US literally develops its own software and hardware.
If we can exploit it, it means the systems are badly designed, plain and simple.
In other words, a well-designed system should not permit unauthorized access.
It's not the same as breaking into the house because you can - well-made software and security-in-depth policies make it impossible to enter. And if the software is not well made, it can fail at critical stages, intentionally and unintentionally, it can and will be exploited, not just by us, but by anyone.
Case in point: Boeing 747 max software. I would rather have hackers show that the system is crap, than to have it fail by itself.
So in other words, Russian hackers are uncovering incompetences (or negligence) of US developers. Which is fair game, pushes technology forward IMO.
And let's not forget, that security is one of those "hygienic" factors, rather than a motivational factor.
In other words, better security doesn't increase amount of users, doesn't make software ship faster, doesn't raise user satisfaction, until the disaster strikes.
So it just exposes natural tendency for people to take the path of least resistance + asymmetry of information (principal agent theory), since the software looks ready on the surface, but inside of it is a rotten mess.
In other words, guys, if we can get into your government systems, you have bigger structural problems. It's only a symptom. Blame government servants, not us.
The only hacking that I'd consider to be fully non-ethical is phishing, since it involves deception, than exploitation of the algorithms. But seriously, gov't employees are so stupid to click on a phishing link? What does it say about the rest of their abilities?
It is well known that China produces an enormous number of electronic devices and has access to most of the embedded firmware installed, yet it seems that Russia is always the accused target of these alleged attacks.
What worries me even more than information that has been exfiltrated is what backdoors have been left behind. Even when the hatch is closed, how can you be totally sure that there is nothing left behind on the accessed systems?
Could someone who is more familiar with security comment on this?
[+] [-] Pindosi|5 years ago|reply
If we can exploit it, it means the systems are badly designed, plain and simple.
In other words, a well-designed system should not permit unauthorized access.
It's not the same as breaking into the house because you can - well-made software and security-in-depth policies make it impossible to enter. And if the software is not well made, it can fail at critical stages, intentionally and unintentionally, it can and will be exploited, not just by us, but by anyone.
Case in point: Boeing 747 max software. I would rather have hackers show that the system is crap, than to have it fail by itself.
So in other words, Russian hackers are uncovering incompetences (or negligence) of US developers. Which is fair game, pushes technology forward IMO.
And let's not forget, that security is one of those "hygienic" factors, rather than a motivational factor.
In other words, better security doesn't increase amount of users, doesn't make software ship faster, doesn't raise user satisfaction, until the disaster strikes.
So it just exposes natural tendency for people to take the path of least resistance + asymmetry of information (principal agent theory), since the software looks ready on the surface, but inside of it is a rotten mess.
In other words, guys, if we can get into your government systems, you have bigger structural problems. It's only a symptom. Blame government servants, not us.
The only hacking that I'd consider to be fully non-ethical is phishing, since it involves deception, than exploitation of the algorithms. But seriously, gov't employees are so stupid to click on a phishing link? What does it say about the rest of their abilities?
[+] [-] __m|5 years ago|reply
#1 fallacy in IT security, even in mother russia
[+] [-] ratsmack|5 years ago|reply
[+] [-] KukiAirani|5 years ago|reply
Could someone who is more familiar with security comment on this?
[+] [-] Throwaway1771|5 years ago|reply
They'll re-image or replace hardware. Or so they say.
[+] [-] Throwawayjedi|5 years ago|reply
[deleted]