
U.S. Escalates Online Attacks on Russia’s Power Grid - matt2000
https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html
======
pmoriarty
_" For the past year, energy companies in the United States and oil and gas
operators across North America discovered their networks had been examined by
the same Russian hackers who successfully dismantled the safety systems in
2017 at Petro Rabigh, a Saudi petrochemical plant and oil refinery."_

Why are these systems even connected to the internet?

Decades ago, creating such connections might have been a forgivable oversight,
since the internet was a much more peaceful place, and the idea of
cyberattacks might have seemed like paranoid science fiction.

Today such attacks are happening in front of our noses and these systems are
still connected to the internet?

It really boggles the mind.

~~~
PatrolX
Internet connected or not they'll always be vulnerable.

~~~
noir_lord
More or less vulnerable is the question though.

Given the state of play with security, a connection to the internet is pretty
much going to always be more vulnerable.

~~~
Phlarp
This is about nation state adversaries. There should be no illusions that they
laugh at people who think they are safe behind air gaps and routinely cross
them. Often both infiltrating and exfiltrating data.

~~~
solarkraft
Would you prefer systems being very easy to attack or very hard?

~~~
archy_
You can have easy to administer systems that are also secure. It's not
mutually exclusive.

------
_iyig
_“So far, there is no evidence that the United States has actually turned off
the power in any of the efforts to establish what American officials call a
“persistent presence” inside Russian networks, just as the Russians have not
turned off power in the United States.”_

The NYT decision to frame these efforts as “attacks” rather than
“infiltration” is certainly an interesting one. In essence, the U.S. has built
a (digital) mutually-assured destruction deterrent. We wouldn’t refer to past
nuclear drills or tests as “attacks” on Russia, so I find the use of that
phrase here intriguing. I assume they simply borrowed the vocabulary of
security researchers, knowing that it would mean something different to much
of their readership.

~~~
tgsovlerkhgsel
Since they're actively planting stuff in their systems, I consider calling it
an attack appropriate.

That's not "testing nukes in your own desert", that is "sneaking into
someone's factories and planting bombs", if we're looking for an analogy.

And I'm surprised that this is openly admitted by the US, and tolerated by
both sides, instead of being treated as an act of war.

~~~
mogadsheu
Maybe they’re both more concerned with attacks from terrorist groups than from
each other.

The analogy would be one guy telling a colleague that his fly is down before a
client meeting. They both might want the same position but an unrecognized
failure would make them both look bad.

------
true_tuna
Holy crap. This is huge news. Isn’t a cyber attack on critical infrastructure
kind of an act of war? I’m not sure how wise this course of action is.

~~~
mirimir
I recall reading, some years ago, that the US reserves the right to respond to
cyberattacks with nuclear weapons. I wonder if Russia also does.

Playing games with power grids etc is arguably much higher stakes than
fighters messing with each other, or even with passenger planes. Or navy ships
passing too closely.

Edit: I guess that it was more like a heads up for adversaries. As in "don't
think that we won't". Just in case you didn't think we were that hardcore.

~~~
kyrieeschaton
Every state "reserves the right" to do whatever they want, including things
they have previously claimed they will not do. That is literally the
definition of sovereignty.

~~~
hammock
Countries in Europe have given up some sovereignty to the EU.

Example:
[https://en.m.wikipedia.org/wiki/R_(Factortame_Ltd)_v_Secreta...](https://en.m.wikipedia.org/wiki/R_\(Factortame_Ltd\)_v_Secretary_of_State_for_Transport)

~~~
undersuit
Yes, the legal framework is there, but it is up to the members to enforce it.

It's the classic: "What are you going to do, hit me?" response after hitting
someone. Just be glad most countries maintain some semblance of civility.

~~~
hammock
Hence the benefit of nuclear weapons. Although even the UK caved.

------
gbuk2013
Wonderful. What better way to drive home the message that the Russian
government’s strategy of control over internet and Great Firewall makes total
sense from the POV of national security.

~~~
gruez
>strategy of control over internet and Great Firewall makes total sense from
the POV of national security

How do those contribute to national security? "control over internet"/gfw aka
censorship isn't going to prevent any cyberattacks.

~~~
maehwasu
It makes it a lot easier for the Russian gov to sell "control over the
internet" to the public.

~~~
gbuk2013
Yes, and this. It’s a lot easier to sell the idea of defence against a common
enemy when the enemy is actually real.

------
billfruit
I think doing this type of work, causing possible disruption in another
countries infrastructure during peace time is ethically problematic. Much more
problematic that the ethically dubious things alleged on FB and Google. I hope
there is some outcry against doing this type of work.

~~~
devoply
It's a tit-for-tat response... until some treaty is signed which forbids it
and then there is follow through from Russia. US plays hard ball if the other
side is not playing fairly. You can hardly blame them.

~~~
ShorsHammer
The US plays "fairly" in international relations? Honestly amazed if anyone
truly stands by that statement.

The irony of mentioning treaties too. That's some next level true believer
stuff.

Would love to have a chat about:

* Chemical weapons convention

* Mine ban treaty

* Rome Statute of the International Criminal Court

* Comprehensive Test Ban Treaty

* Anti-Ballistic Missile Treaty

* Biological and Toxin Weapons Convention

* Kyoto Protocol

* Reneging on the Iran deal and then forcing Europe to do the same despite US intel chiefs saying Iran they held up their end of the bargain.

* The half dozen worldwide commitments Trump has pulled out of in the last year, there's too many to count.

American foreign intel agencies have far more funding and skills than the next
10 largest countries combined. They do not play fair nor do they have to.
Anyone claiming otherwise likely doesn't know much about it or wilfully
ignores it out of nationalism.

~~~
speedplane
> The US plays "fairly" in international relations? Honestly amazed if anyone
> truly stands by that statement.

If you consider how much power the U.S. has and how often it does not use that
power to its fullest advantage, it's pretty remarkable how much it holds back.

~~~
qwsxyh
Not being as evil as they possibly could is not really good.

~~~
manigandham
There are dozens of countries murdering their own citizens. The US is not
nearly as much as problem as people want to make it seem and Pax Americana has
led to almost a century without major worldwide war.

~~~
ganzuul
The death sentence is the same thing, just with more decoration.

~~~
manigandham
You mean criminals tried, found guilty, lost all appeals, and sentenced to
death? This is not the same thing as countries killing their own innocent
citizens.

~~~
ganzuul
Yes. Many have been wrongly sentenced in spite of all those decorations.

~~~
manigandham
There's a massive difference between wrongly-fully sentenced inmates and
countries that kill innocents through authoritarian means. It's disingenuous
to pretend otherwise.

~~~
ganzuul
There are similarities too.

~~~
manigandham
Which are overshadowed by the differences. North Korea and the United States
are not the same, but you already know this.

~~~
ganzuul
They are not overshadowed because life is not a commodity bartered according
to rules of law. Once you take a life there is no restitution. Life is not a
transaction: it is destiny, and it is above the law.

Rules and reasons for why killing is okay are therefore all equally wrong.

~~~
manigandham
This is a religious stance and not how the world actually works, nor does it
have anything to do with the previous discussion of the relative moralities
and freedoms of countries. Since you think North Korea is the same as the US,
there's nothing further to discuss here.

~~~
ganzuul
It is not religious. For now it is a fact that death is permanent.

------
majia
I guess this explains what caused power outage in Venezuelan.

[https://en.m.wikipedia.org/wiki/2019_Venezuelan_blackouts](https://en.m.wikipedia.org/wiki/2019_Venezuelan_blackouts)

------
Redoubts
""" Two administration officials said they believed Mr. Trump had not been
briefed in any detail about the steps to place “implants” — software code that
can be used for surveillance or attack — inside the Russian grid.

Pentagon and intelligence officials described broad hesitation to go into
detail with Mr. Trump about operations against Russia for concern over his
reaction — and the possibility that he might countermand it or discuss it with
foreign officials, as he did in 2017 when he mentioned a sensitive operation
in Syria to the Russian foreign minister.

Because the new law defines the actions in cyberspace as akin to traditional
military activity on the ground, in the air or at sea, no such briefing would
be necessary, they added. """

Way to bury the lede

~~~
PixyMisa
"We hid this from the president because we were afraid he might issue a
perfectly legal and constitutional order to stop doing it."

Yes, way to bury the lede.

~~~
jonathankoren
Sounds more like, "We hid this from the president because he's _at best_ an
unwitting intelligence asset to a hostile foreign power."

~~~
Redoubts
The fact that both interpretations are potentially valid is particularly
awful.

------
mensetmanusman
[https://twitter.com/realDonaldTrump/status/11400653040196444...](https://twitter.com/realDonaldTrump/status/1140065304019644427)

Trump just accused the NYT of treason for using the word ‘attack’

~~~
9HZZRfNlpR
I don't understand if he is accusing them because he denies it, or is it
because of wording/"for being anti-american"?

------
ETHisso2017
What's to prevent these implants and beacons from being hacked themselves and
turned on without US intent?

------
rapjr9
What happens to quality assurance when malware starts modifying systems? When
malware starts modifying systems that have already been modified by other
malware? Seems like a mutual game of Russian Roulette. Any attack that is not
perfectly executed risks harming the system, even if the malware is never
activated. This happens all the time with software upgrades that have been
vetted. Are the spies doing regression analysis on the effects of their
implants to make sure they don't accidentally break something?

------
jokoon
It's weird, because I thought putin and trump were friends. There might be
other things I'm not understanding, or that's just staged to tell the public
russia and trump are not friends...

~~~
jonathankoren
From the article:

>Two administration officials said they believed Mr. Trump had not been
briefed in any detail about the steps to place “implants” — software code that
can be used for surveillance or attack — inside the Russian grid.

>Pentagon and intelligence officials described broad hesitation to go into
detail with Mr. Trump about operations against Russia for concern over his
reaction — and the possibility that he might countermand it or discuss it with
foreign officials, as he did in 2017 when he mentioned a sensitive operation
in Syria to the Russian foreign minister.

------
collinstevens
Throwback to Madam Secretary.

On a more serious note, does the US have red teams which try pen test our own
power grid and other critical infrastructure? I don't believe I've ever heard
of it, but I would have to assume at least one three letter agency does it
right? (I hope)

------
bitL
Oh yeah, let's blow up another nuclear reactor so that HBO can shoot a great
sequel! /s

------
reneberlin
War-games, anybody?! I just can't elaborate how stupid this kind of game is.

------
drawnwren
What's the workaround to the new nyt ad blocker blocker?

~~~
zarriak
Do you mean anti ad-blocking or the new detection for "private" mode? It took
the NYT like 6 hours after WaPo started detecting incognito mode for them to
start doing the same thing. That was about a week ago.

I just open chrome to read the articles but if you want to be away from
google, install a firefox derivative and setup to accept trackers and the like
and delete all cookies on shutdown.

~~~
drawnwren
Yeah, I use Firefox Focus on mobile and it tells me I can't view it in private
mode. I'll see if I can figure out how to implement your suggestions with it.
Thanks for the tip.

------
molteanu
I don't understand a single bit from this article.

~~~
jessaustin
Rational people are often confused by the war media's agitation for war. The
reason for the confusion is _they are lying to us_. Whenever I'm confused by
the war media, I conclude they must be trying to start another war. They're
pressing this button too often, though. Compare the results in Syria to those
in Libya...

~~~
artiste
Genuinely asking: what is their motive behind this?

~~~
jessaustin
Assuming "their" refers to the war media, motives vary. Younger folks are just
trying not to get fired. (Those who haven't even gotten hired yet have to
cultivate a very careful Twitter persona even to be considered.) More
experienced journalists can't get frozen out by official sources, whether
that's the spooks, the brass, the lobbyist-owned politicians, or the
surveillance-owned politicians. Editors/producers/executives have to worry
about pissing off big advertisers. Lots of people on the talking-head shows
are think-tankers, intellectually totally beholden to whatever shadowy
reptiles have funded their sinecures and sabbaticals. Even if motives went the
other way, at this point habit keeps them doing their masters' bidding, as
witnessed by the schizophrenia regarding Julian Assange.

But, really, asking about motives is just another way to ignore this. Motives
will always be squishy and deniable. Look at what actually happens. They lied
us into Vietnam with the Tonkin Gulf Deception. They lied us into the First
Gulf War with the incubator babies. They lied us into the Second Gulf War with
WMDs. We went to war in Afghanistan and Osama turned out to be in Pakistan.
They lied us into Libya with some random exiles living in Switzerland plus a
French philosopher. They lied us into Syria (thankfully not all the way) with
gas attacks staged by our ally Al-Qaeda. They're trying to lie us into
Venezuela with a recession caused by our own sanctions plus staged attacks on
_soi-disant_ "aid convoys". Now they're trying to justify a war with Iran with
a video of CIA operatives in a boat. If you prefer older history, "remember
the Maine!" was also a lie.

------
myrandomcomment
This is silly. All of these systems should be have an Air Gap. Period.

~~~
lostmsu
Yeah, tell that to the drivers of the hype train around cloud for IoT, which
includes Microsoft.

------
blitmap
Wonderful that we can do these things during peacetime.

------
yasp
Despite having received 18 votes in 5 hours and while never having advanced
beyond page 3 on the list of trending links (position #67 currently), this
piece trails behind another Times piece, "Why don't more American men take
paternity leave?", which is on page 2 (position #45 currently), and which has
received only 6 votes in the span of 8 hours.

WTF

~~~
dang
It got a software penalty, probably correctly, because this topic is
unfortunately more likely to lead nationalistic flamewar than thoughtful
discussion. But let's try taking the penalty off and seeing.

By the way, you can't derive story rank from points and submission time—HN's
system is more complex than that. That's all that "WTF" means here.

~~~
kindof-bullshit
A "software" penalty. Okay, Dan. Why don't you just come out and say someone
modded it, rather than hide behind the veil of some dubious natural language
processing or ratio analysis.

That's like blaming the dog for a fart.

The truth is that everyone operating HN would rather keep users in the dark
about how and why stories land where they do. The idea being that if we could
predict what the software might do, we'd try to manipulate the narrative, and
if we knew when the hand of god intervened we might dare blaspheme.

But that gives up the truth anyway, because if we cannot know what "the
software" will do, then we are prevented from knowing such facts, only in
service to a false narrative, and that, in and of itself, is an unnatural
intervention and willful deception.

~~~
dang
I didn't say someone modded it because someone didn't mod it—unless you
consider writing code modding, which is not how most of us use those words.

When the software does a thing I say the software did it. When moderators do a
thing I say moderators did it. Who knew that was controversial?

------
tehjoker
The USG is insane. The evidence of Russian interference in our elections is
not that impressive and it probably didn't have much impact (compared with
Clinton sending American advisors and billions to Yeltsin in the 90s).

Instead, to paper over the decrepit nature of the American political system,
they are attacking civilian infrastructure in a nuclear armed nation.
Insanity.

~~~
imchillyb
> ... to paper over the decrepit nature of the American political system, they
> are attacking civilian infrastructure in a nuclear armed nation. @tehjoker

Uh, I think what you /really/ mean is:

In retaliation to numerous US Network Infrastructure incursions -from the same
entity- the US has attempted their own software implantation within the
attacker's networks.

Fixed that for ya! ;)

_____

Also, from the article itself which you apparently didn't read:

""" Two administration officials said they believed Mr. Trump had not been
briefed in any detail about the steps to place “implants” — software code that
can be used for surveillance or attack — inside the Russian grid. Pentagon and
intelligence officials described broad hesitation to go into detail with Mr.
Trump about operations against Russia for concern over his reaction — and the
possibility that he might countermand it or discuss it with foreign officials,
as he did in 2017 when he mentioned a sensitive operation in Syria to the
Russian foreign minister.

Because the new law defines the actions in cyberspace as akin to traditional
military activity on the ground, in the air or at sea, no such briefing would
be necessary, they added. """

~~~
equalunique
When Trump's base says that "the deep state" is trying to start a war between
the US and Russia, it's quotes like these that will be used to bolster their
claims.

~~~
sapilla
Would they be wrong?

Edit: AFAICT both sides are "technically not wrong", homomorphic to the basic
"free speech" argument, "it's technically not illegal".

I'm a bit flabberghasted that no one has constructed an ironclad technological
solution to this wishy-washy dance of weak arguments, backed up by rhyme but
not reason. Proof verifiers should come to politics.

~~~
3131s
They are not wrong unfortunately, just unaware of Trump's own complicity in
the war machine.

