My favourite was from the start of the war when the guys who were supposed to plant incriminating evidence on the scene were they arrested some "terrorists" put the Sims 3 game on the scene instead of 3 sim cards and literally signed the fake documents they planted with "Signature Unclear". (Yes, real story, just search for Sims 3 and Signature Unclear.)
As I understand it I understand this was FSB (or someone elses) way of "getting even" after their boss had been publicly humiliated for proposing to not invade Ukraine. (But that - except for the public humiliation which is well documented - is just speculation on my part although I might have heard it from someone else thinking loud.)
Although sometimes I wonder if it was a genuine misunderstanding. I feel I have unusually many Russian friends and ex-colleagues, people who live outside of russia for good reasons and do not support it. Z-russians on the other hand does not strike me as the brightest bulbs in the box.
> Log users out frequently for "security reasons".
This is exactly what happens on a contract I work on. Any software that is authenticated through our OKTA SSO very frequently signs users out and redirects to a logout page. This is especially annoying when using the project management software, where you typically have many tabs open to see various requirements, epics, stories, tasks, etc. Any inactivity more than 15 minutes, and all the tabs are logged out. Just like that, everything is gone. It forces us to use strategies such as saving redundant copies of things in notes and spreadsheets. I don’t think it’s necessarily sabotage but it feels extremely negligent. Moreover it’s completely unnecessary since everything is behind a VPN anyway.
Another similar thing that does feel as if it’s somewhat malicious is the very aggressive logout and shutdown policy of our virtual desktops - these are the desktops we do everyday active development on and where we set up IDEs, database clients, web servers, testing tools, API references - anything you can think of. We use this in combination with our regular desktops where we attend meetings or do other non-development tasks such as using the above-mentioned requirements software. It takes a lot of time to set all of this up! If you’re inactive for more than 2 hours, your session is not only closed, it’s completely destroyed so that it can be reclaimed for another user. I don’t need to explain to experienced developers how incredibly frustrating and counterproductive this is, but leadership has been extremely dismissive of any complaints, and tell us that we should use our time more wisely or that we shouldn’t be inactive for so long (which is complete BS, there are a thousand valid reasons foe this). Apparently this is done for cost-cutting reasons, but something feels more nefarious here, because this very obviously leads to reduced productivity and demotivation. This has actually lead to me purposefully overestimating complexity and demanding a user story for every single little trivial action I take, whereas before I used to just go in and make quick fixes or knock out certain operational things in my spare time. It’s a waste of time for us and ends up being worse for our customers.
Logging you out in 15 minutes is ridiculous as is losing your places/work but "behind a VPN" is not considered secure anymore.
"BeyondCorp comes from a realization that VPN perimeter network security is obsolete. As soon as an attacker breaches the perimeter, they have unrestricted access to the resources."
This is a takeoff on a well known WWII pamphlet, the Simple Sabotage Field Manual.[1]
That's not the real worry today. Today we have to worry about remote sabotage of key systems - water, power, comms. It's quite possible that we will see major blackouts in the US, Russia, Europe, or China as side effects of the various wars in progress.
Yeah, professional saboteurs only target key systems since incidental systems are constantly experiencing the kind of "sabotage" the site talks about but mostly through laziness, incompetence and bureaucratic fief assertion.
> Leave off the phone or video call information from a calendar invite
Forget government, this is a summary of standard operating procedure at my last (large, private sector) employer. Maybe they weren't all idiots, they were just fighting the man.
Just like the original Simple Sabotage Manual, this is worth reading just to reflect a painfully clear image of your own organization's dysfunction (and possibly your own role in it).
In my workplace people also set the machines to forget the redirects from time to time¹. So that it's not a given that the http:// will lead to anything.
1 - How? I have no idea. They are more expert than the author.
Sorry, the document has been rejected. We require signatures in blue ink, as specified in the employee handbook section 132.86.9c(3), so we can tell the scanned copy from the original. Please sign again. We’re also sending over a form (G03.2) that acknowledges we received your signature but that it was incorrectly processed. This will ensure you don’t get written up for turning in the document late (section 075.53.7). Please also signed the attached form (form Y64.5) that verifies that the original signature was yours. All forms must be received by the end of the business day. Please also scan the documents and upload the copies to dev.null@fcorp.com
I may be having an old fuddy duddy moment but I really dislike this site. My first suggestion was at least interesting. My second was to superglue things into place.
Will supergluing things in place actually help the oppressed? Are you the Harriet Tubman of adhesives? Or will someone who makes minimum wage get yelled at and then forced to clean it?
This is Tik Tok level pranks applied to serious political issues and frankly, oppressed people deserve better than this.
The point is to have plausible deniability (just like the original simple sabotage manual). So they have to be realistic enough. Superglueing stuff down isn’t a plausible unless you’re on a boat. But requiring a signature with pen and paper is. Take it a step further and require blue ink (because “its distinguishable from a printed version” or choose a more obscure color for similar reasoning). But make sure to not tell them that until after the signature is received, so that they have to do it all over again.
The intent is for it to appear like childish pranks, mild incompetence, or best of all, nothing. The purpose is to delay and degrade harmful organizations and processes by a thousand tiny cuts.
It bears a strong resemblance to a handbook that went around during WW2 for workers within Nazi occupied territories.
At the very least it doesn't seem like sand-in-the-vaseline tactics are equally useful when applied everywhere, monkeywrenching some random business is not going to bring about the fall of late capitalism exactly, but if they managed to inspire millions of saboteurs it might - of course tough luck about those hospitals and food trucks we depending on.
It's not for you; it's for people who are forced to work for an occupant. During WW2 the CIA actually published a manual for this specific purpose; it's declassified and available here:
skinkestek|1 year ago
My favourite was from the start of the war when the guys who were supposed to plant incriminating evidence on the scene were they arrested some "terrorists" put the Sims 3 game on the scene instead of 3 sim cards and literally signed the fake documents they planted with "Signature Unclear". (Yes, real story, just search for Sims 3 and Signature Unclear.)
As I understand it I understand this was FSB (or someone elses) way of "getting even" after their boss had been publicly humiliated for proposing to not invade Ukraine. (But that - except for the public humiliation which is well documented - is just speculation on my part although I might have heard it from someone else thinking loud.)
Although sometimes I wonder if it was a genuine misunderstanding. I feel I have unusually many Russian friends and ex-colleagues, people who live outside of russia for good reasons and do not support it. Z-russians on the other hand does not strike me as the brightest bulbs in the box.
lukan|1 year ago
I did, but got lots of vague rumor stories, but nothing solid.
cyberax|1 year ago
"Signature Unclear" is actually a real pseudonym of a pro-Nazi author. So this particular part was at least believable.
The "Sims 3" disks (3 of them) and Bandera's books were far less so.
temporallobe|1 year ago
This is exactly what happens on a contract I work on. Any software that is authenticated through our OKTA SSO very frequently signs users out and redirects to a logout page. This is especially annoying when using the project management software, where you typically have many tabs open to see various requirements, epics, stories, tasks, etc. Any inactivity more than 15 minutes, and all the tabs are logged out. Just like that, everything is gone. It forces us to use strategies such as saving redundant copies of things in notes and spreadsheets. I don’t think it’s necessarily sabotage but it feels extremely negligent. Moreover it’s completely unnecessary since everything is behind a VPN anyway.
Another similar thing that does feel as if it’s somewhat malicious is the very aggressive logout and shutdown policy of our virtual desktops - these are the desktops we do everyday active development on and where we set up IDEs, database clients, web servers, testing tools, API references - anything you can think of. We use this in combination with our regular desktops where we attend meetings or do other non-development tasks such as using the above-mentioned requirements software. It takes a lot of time to set all of this up! If you’re inactive for more than 2 hours, your session is not only closed, it’s completely destroyed so that it can be reclaimed for another user. I don’t need to explain to experienced developers how incredibly frustrating and counterproductive this is, but leadership has been extremely dismissive of any complaints, and tell us that we should use our time more wisely or that we shouldn’t be inactive for so long (which is complete BS, there are a thousand valid reasons foe this). Apparently this is done for cost-cutting reasons, but something feels more nefarious here, because this very obviously leads to reduced productivity and demotivation. This has actually lead to me purposefully overestimating complexity and demanding a user story for every single little trivial action I take, whereas before I used to just go in and make quick fixes or knock out certain operational things in my spare time. It’s a waste of time for us and ends up being worse for our customers.
nox101|1 year ago
"BeyondCorp comes from a realization that VPN perimeter network security is obsolete. As soon as an attacker breaches the perimeter, they have unrestricted access to the resources."
https://goteleport.com/blog/how-teleport-extends-beyondcorp-...
no idea if that's a good resource, it's just the first hit for "beyondcorp"
Aeolun|1 year ago
After all ‘Teams’ is fine.
downrightmike|1 year ago
Animats|1 year ago
That's not the real worry today. Today we have to worry about remote sabotage of key systems - water, power, comms. It's quite possible that we will see major blackouts in the US, Russia, Europe, or China as side effects of the various wars in progress.
[1] https://www.cia.gov/stories/story/the-art-of-simple-sabotage...
doright|1 year ago
https://www.enoshop.co.uk/product/oblique-strategies.html
ben_w|1 year ago
2 million USD gets you a smartphone zero-day*, according to rumours, something like a single ATACMS missile.
* geometric mean of 200k and 20M: https://techcrunch.com/2023/09/27/russian-zero-day-seller-of...
rightbyte|1 year ago
joe_the_user|1 year ago
yardstick|1 year ago
cjfd|1 year ago
rogerthis|1 year ago
jdblair|1 year ago
tanseydavid|1 year ago
nmwp|1 year ago
MalbertKerman|1 year ago
> Create overly-ambitious timelines and set impossible-to-keep deadlines
> Send unnecessary meeting invites then cancel them last-minute
> Don't use collaborative software, just email things back and forth
> Introduce burdensome software license approval processes
> Leave off the phone or video call information from a calendar invite
Forget government, this is a summary of standard operating procedure at my last (large, private sector) employer. Maybe they weren't all idiots, they were just fighting the man.
Just like the original Simple Sabotage Manual, this is worth reading just to reflect a painfully clear image of your own organization's dysfunction (and possibly your own role in it).
praptak|1 year ago
Smash equipment, waste thousands and get caught. Delay a big project, waste millions and nobody notices.
yawpitch|1 year ago
marcosdumay|1 year ago
1 - How? I have no idea. They are more expert than the author.
kouru225|1 year ago
ChrisMarshallNY|1 year ago
Click on "Exit".
stavros|1 year ago
Natsu|1 year ago
morkalork|1 year ago
OsrsNeedsf2P|1 year ago
> Require wet signatures (ink on paper) for documents instead of digital
Jesus Christ.
godelski|1 year ago
kouru225|1 year ago
NelsonMinar|1 year ago
walterbell|1 year ago
Oarch|1 year ago
itronitron|1 year ago
hluska|1 year ago
Will supergluing things in place actually help the oppressed? Are you the Harriet Tubman of adhesives? Or will someone who makes minimum wage get yelled at and then forced to clean it?
This is Tik Tok level pranks applied to serious political issues and frankly, oppressed people deserve better than this.
godelski|1 year ago
MadnessASAP|1 year ago
It bears a strong resemblance to a handbook that went around during WW2 for workers within Nazi occupied territories.
blacksmith_tb|1 year ago
wetpaws|1 year ago
[deleted]
unknown|1 year ago
[deleted]
SavageBeast|1 year ago
rolfus|1 year ago
https://www.cia.gov/static/5c875f3ec660e092cf893f60b4a288df/...
exe34|1 year ago