An update on the threat landscape

Those 14 are just a drop in the bucket. Neither their arrest nor release will make much of a difference

The Russian version of a recruitment drive?

Since the war began, a number of supposedly independent ransomware groups have publicly announced their allegiance to the Kremlin and the war effort, and their intention to carry out strikes. So the idea of the January arrests was probably part of a larger pattern of arresting criminals and telling them they get out of jail free if they come work for the state. Whether these particular ones have already been turned into assets useful against Ukraine is not clear. At minimum they’re not working against Putin.

The idea of “ransomware diplomacy” was probably just a side benefit.

Yep. Definitely lawyers (specifically those involved in high value transactions) are targeted.

All you need to do is convince one of their customers that you are speaking on behalf of the lawyer and get them to send the money to you instead.

I know this because I've been a victim of this attack.

Not sure how you'd monetize patient/doctor communications in the same way but I'm sure someone could think of something.

If the BBC World Service hasnt taught people a thing or two (winning hearts and minds through propaganda), what will?

Its interesting that some tech firms are jumping on this, there isnt that much data sharing going on between tech firms, I know of email domains which will not work on some webforms or websites, but I think Europes higher levels of privacy and anti surveillance will be a disadvantage at this time.

(Author here) Yeah. Much of this activity is pretty consistent with what TAG generally sees in the region and from these actors.

Don’t think I could ever be a hacker because phishing folks doesn’t sound exciting at all

A recent Science Friday segment observed that there's been less big cyber than expected so far https://www.sciencefriday.com/segments/cyber-warfare-russia-...

> Missing something?

From what I've seen on OSINT Twitter, I think what you're missing is that Russia is not actually all that good at cyberwarfare in terms of hacking high security systems, or even securing their own systems. There was a story today about a high ranking general who was killed and it was picked up by the OSINT community due to Russians using unencrypted phones to communicate on the battlefield. Extremely rookie mistake. Russia's cyberwarfare strengths seem to end with simple DDoS attacks and propaganda bot nets on social networks.

Since Google doesn't really own much infrastructure outside of the US, I don't think Google can do much, and maybe doesn't even have that much insight on what is going through the pipes elsewhere.

There is a lot more things happening that just phishing attacks though, from both sides. While Russia is attacking Ukrainian IT-infrastructure, Russian IT-infrastructure is getting hit by every other country at the moment.

> Is it not worrying that this kind of response is left to Google?

What do you mean “left to” (or “response” for that matter)? Google chooses to do report this information (which is a mix of info gathered from other sources and it's own work to protect it's own critical infrastructure), no one leaves it to them.

The government does it's own publication of extensive cybersecurity information of this type, too; see, generally:

https://www.cisa.gov/uscert/ncas

The question you ask is valid. If I were to guess (I didn't downvote you), it's because of your second sentence. It hints that you're thinking about it in a zero-sum kind of way. Google benefits from a healthy and secure web. This means they are going to engage in projects that aren't directly tied to what they do, like letsencrypt, Project Zero and TAG.

There is absolutely no way that Google will derive direct financial benefits from defending some Ukrainian journalism project from DDOS attacks. So it should be obvious that your assumptions about their motivation is wrong.

Yes, maybe their actions will garner some sympathy among the public. But that mechanism is so generic, it just leads to the same conclusion, i. e. that companies are capable, interested, and legally free to act in the public interest.

Disclosure: I work at Google.

Look at this from pure selfish Google perspective. With the large market penetration, Google earns some share of the total ad revenue of the Internet. Hence, it is in Google's selfish best interest to see the Internet grow and stay healthy.

> They are not a benevolent actor but a business who ultimately only does things to improve their own bottom line and their reach over the internet.

Google has interests, just like you and I. Neither you, me or Google are “benevolent actors”.

I don’t at all mind when less-than-perfect entities help people — regardless of what else they do that is right or wrong.

Google, as a group of human beings, does both good and bad. To claim that it’s problematic to accept help from people who are members of a group of people who also do bad things means we would also have to deny help from e.g. well-meaning Russian citizens.

This recent Science Friday segment talked about that (among other things) https://www.sciencefriday.com/segments/cyber-warfare-russia-...

You have a point, but I recall that when WW2 started many car companies started making tanks, etc, and mostly for the same reason: a specialized skill set that the government simply didn't have the capacity to meet at that time. The unmet need for IT security related work in government is vast.

No company is benevolent. Every company ultimately seeks to maximize its bottom line. The whole premise of capitalism is that in a healthy market there will be some agents whose selfish interests happen to align with your own. For example, while Apple finds it advantageous to play up the privacy angle when competing with Google in the US, its PR statements shouldn't be confused with benevolence. In this case, Google burnishes its image from flexing its internet muscles to "help the little guy".

How would Google pay them, with the sanctions?

Look at https://news.ycombinator.com/active. It’s been practically overflowing with Ukraine and Russia stories for days now, to the point it’s almost a bit of a chore to pick through them all and find discussion of anything else.

> HN has been awkwardly silent on the ongoing conflict

I hate to be the “you’re holding it wrong” guy, but...

Like most major, general-interest news, it doesn't make the front page or, if it does, it doesn't stay very long.

But if you check /newcomments, it's been a continuously active discussion. And an absolute majority of current stories on /new relate to the conflict in one way or another.

HN isn't “awkwardly silent” on the ongoing conflict.

From the HN guidelines:

"Off-Topic: Most stories about politics, or crime, or sports, unless they're evidence of some interesting new phenomenon. Videos of pratfalls or disasters, or cute animal pictures. If they'd cover it on TV news, it's probably off-topic."

It's not unusual for top breaking stories to get flagged off the HN front page, simply because they're top stories that are broadly covered in the mainstream media.

Now, niche responses to ongoing current events (like the InfoSec, supply chain, or technical aspects of the Ukraine invasion) are another matter, and I've seen several of them on the HN front page recently.

This is probably a good thing. HN discussions about geopolitics are usually poor.

But I share your curiosity on the seeming lack of discussion, or on another level, organisation. I feel disturbed by Russia indiscriminately murdering people, and threatening the end of civilisation, all conducted with gleeful mendacity. They have also shut off a large proportion of global food supply which developing nations rely on. I feel I should be doing something about it, but I don’t know what to do.

But in the end, HN is just a bunch of people on the internet.

The silence isn't due to a lack of submissions or upvotes [1], but the articles usually get flagged off the front page relatively quickly.

[1] https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=fa...

Feature, not bug.

There were many posts which reached the front page about the war in Ukraine. Although I devoured them with interest, they are off-topic, therefore it’s good that HN doesn’t dwell on it. Other social media became single-topic about the war for a week, HN offers a reprieve by keeping IT and startups at the center.

I don't think it's awkward silence...there's just very little so far that meets HN's guidelines for on-topic: https://news.ycombinator.com/newsguidelines.html

It was on the frontpage the other day when Elon Musk gave UKR access to Starlink.

Multiple times I noticed a technique being used to push undesirable articles off the first page - you flag an article and then quickly unflag it (1-2 minutes). It will be bumped off the first page, but very few will notice the fleeting flagging.

It has already escalated a lot in terms of "cyberwar" or whatever people call it nowadays. Ukrainian infrastructure is under heavy attack from Russia and Russia is under heavy attack from volunteers from literally ever single country in the world, so heavy that Russia is now cutting off the rest of the internet because they can't handle the attacks.

why this choice of words ?

frankly the amount of noise and fog of war is still high.. whatever we say is of low importance and value

I have other sources that I read when I want general information about what is going on in the world.

HN is something that I read for a very specific subset of information.

I don't find this to be that strange.

Speaking for myself working in cybersecurity, I suspect a lot of corporate and government IT/InfoSec folks are too busy rolling out recommended mitigations and observability improvements to have too much to say. Mainstream media does a good job covering where our (InfoSec/IT) industry fails. A job done well you will likely never hear about.

The occasional disconnect there isn't surprising at all. Whichever group at Google works on anti-phishing attacks probably has rules like "does it say it's coming from Google, does it look like a Google email, is there a picture of a Google logo, does it talk about your account, did a whole bunch of emails that look just like this one just get sent to a bunch of gmail users," etc. Legitimate emails from Google trip pretty much all of those alarms, and it makes a lot of sense to lean on the side of "phishing warning" if you're not sure. Plus, those teams are probably pretty far from each other on a big corporate organizational tree. Seems like a very reasonable sort of mistake to make.