The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance.
This is one of the most significant cyberattacks since Russia invaded in February 2022.
&ers • December 21, 2023 8:48 AM
@ALL
And follow-up. They say payback for the Kyivstar.
hxxps://newsukraine.rbc.ua/news/ukrainian-hackers-breach-rosvodokanal-seize-1703107044.html
Clive Robinson • December 21, 2023 11:47 AM
@ Bruce,
A couple of things to note with regards the “physicality” of the cyber attacks so far in this war,
1, They don’t appear to do much if any permanant damage.
2, Most of the damage was only possible due to poor design, manufacture and implemementation.
Which means there are some valuable lessons to be learned by others.
Firstly it’s obvious we are still turning out crap component systems and failing to implement over all systems securely.
Secondly the attacks can mostly be cleaned up after a short period of time.
Thirdly the lack of perminance means the effectivness of the attacks is not so much in what they do, but how they are coordinated with more physical attacks that do do physical damage.
That is not ment to minimise the seriousness of what could be achieved with cyber attacks, but point out their utility is transitory at best, thus should be carefully timed as part of an overall military objective.
From the defence point of view, there is a lot that could and should be done that is not being done.
As an industry ICT is shipping mostly deffective goods riddled with avoidable issues thus vulnerabilities. We are building fragile components that lead to fragile systems, thus fragile infrastructure.
There was a couple of lessons pack in the old POTS system with “Phone Phreeking” which was,
1, In-band signalling will fail.
2, Trust for conveniance (SS7) will fail.
There are known solutions to these issues that have been known for more than a third of a century if not longer.
Yet because we’ve “gone digital” the lessons have been ignored and mainly forgotten for “convebiance”.
Various analyses suggest we are moving out of a period of peace and stability into a period of war, instability thus increased insecurity.
Our ability to deal with this increasing insecurity is based almost entirely on the instability of the underlying if not foundational infrastructure systems.
Thus there is a lesson that all should take onboard. Whilst a plethora of mostly unusefull features might please the point scorers in marketing, they are rather more than a waste of time and resources, they are actually a danger in the form of vulnarabilities.
There was a reason the old POTS system appeared stable and slow to move forward, whilst digital is unstable and progress looks fast.
Maybe we should stop,
“Moving fast to break things”
And consider what that could mean in these times of increasing political and social instability that is costing us very deeply. Not just in the lost opportunities conflict inflicts significantly, but the disaster capitalists profiting from, mostly meaninglessly at humanities expense.
Something we all should give some thought to.
Kent Brockman • December 21, 2023 8:56 PM
@ Clive
“From the defence point of view, there is a lot that could and should be done that is not being done.”
Well we are pouring trillions into our unaccountable miltary including boondoggles like the F-35, the littoral combat ship and so many others, not to mention 1.5 trillion in nuclear weapon “modernization” which is just insanity multiplied by a lot of bucks. Pouring money down rat holes is what we have a congress for. But not to worry, it’s all being done to keep us safe from yesterday’s threats.
Ismar • December 22, 2023 3:11 AM
@Clive
“ Maybe we should stop,
“Moving fast to break things”
And consider what that could mean in these times of increasing political and social instability that is costing us very deeply. Not just in the lost opportunities conflict inflicts significantly, but the disaster capitalists profiting from, mostly meaninglessly at humanities expense.
Something we all should give some thought to”
Not a chance as those braking the things are leaving the clean up to others while benefiting in the process
Clive Robinson • December 22, 2023 12:30 PM
@ Ismar, ALL,
Re : Moving fast to break things.
“Not a chance as those braking the things are leaving the clean up to others while benefiting in the process.”
A lesson from history is why science and engineering replaced the artisanal craftsman starting back in the “Great days of Steam” in the Victorian era[1].
It took something like a thousand years to develop the spoked wheel for carriages and the like. Because peogress was by “artisanal design patterns” passed on as “Guild Secrets”. The invention of the Steam boiler promised significan “force multiplication” thus reduction of manpower etc.
The problem nobody realy knew how to make a safe steam boiler let alone engine… The result was any young blacksmith just knocking things together and seeing what did not explode…
That is the “Moving fast and break things” of the Victorian age. The problem is when steam boilers break they have a habit of doing so explosively. Thus bits and body parts tend to litter the vicinity and those who loved those body parts in more wholesum times tended to be more than a little upset, as widows and orphanes tended to end up in prostitution the work house or both.
Eventually even politicians became concerned as their mills and such like in the proximity to such explosions became distinctly unprofitable and a neusance to sort out and clean up (some never were).
Thus the first “industrial legislation” got passed. Thus the work of natural philosophers was taught to the brighter artisans/craftsmen who became the first of what in these days we would call engineers. Who took the work of scientists and the formulars they produced and applied it to not just the boilers but engines as well.
Things stopped exploding and the legislation became more numerous and wider in scope.
These days anything using “physical principles” is very rarely done the artisanal way, not just because it’s illegal, but most know how bl**dy stupid it is to do.
Unfortunately with software we still appear to be stuck in the pre-science, pre-enginering, artisanal design patterns as trade/guild secrets phase. Hence “Moving fast to break things” is still crazily seen as a way to move forward…
Things will change, but I’m guessing it will depend on how fast and big the physical piles of bits and body parts get as we give “Moving fast to break things” software “agency” in the likes of self driving vehicles and AI systems.
[1] Remember there are quite a few “Stale White Idiotic Male”(SWIM) numpties still in politics. That is those that long for the Victorian Era nonsense… Because they at best foolishly romanticize themselves in positions of high status, ignoring the reality of everyday existance of disease and painfull early death. They have serious cognative deficit in that they forget they will not know what they know now if they lived in those times… Thus they would have no advantage, infact the opposite and would be lucky to make it in life as little more than a discruntaled clerk desperatly believing they would have been a great Roman General or some such nonsense.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
&ers • December 21, 2023 8:35 AM
@ALL
Just for the record – it isn’t yet all good with Kyivstar.
hxxps://english.nv.ua/business/ukraine-mobile-operator-kyivstar-fa
ces-new-network-outage-50378025.html
And those wasn’t hacktivists.