
Cyberattack from outside the U.S. hits newspapers across the country - mwnivek
https://www.latimes.com/local/lanow/la-me-ln-times-delivery-breakdown-20181229-story.html
======
txcwpalpha
This story is so bizarre. Despite the article being 20+ paragraphs, there are
hardly any details. It lists a handful of newspapers spread across the country
and just says they were delayed. Could it be any more vague? The most concrete
detail provided is that the attack "disrupted a shared production platform"
that apparently made it hard for the printing presses to work - but what does
that mean? Disrupted how? What was the shared platform? Was it targeted at
multiple newspapers, or was this an attack on a single platform that just
happens to be used by all of these newspapers?

Then, in regards to the origin of the attack, the _only_ detail provided is
this single line:

> The source identified the attacker only as a “foreign entity.”

That's it. There is absolutely no other information given about the origin of
the attack. And yet it's in the story headline? Talk about fear mongering.

They also either didn't report, or even more confusing, don't know if the
attack was reported to the FBI.

And just to make it even more bizarre, this entire article is written by LA
Times staff and posted on the LA Times website, and then talks about the LA
Times (one of the affected newspapers) as if they have no idea how the LA
Times was affected. Shouldn't they have a lot more information?

Overall, this article seems to be written by someone who has very little
information about the incident(s), and very little knowledge about technology.
It also reeks of knee-jerk "omfg hackers!1!". In reality, based on the few
details that _are_ available, it sounds to me like they just got hit by some
boring ransomware virus. It likely wasn't even targeted.

~~~
zrm
> The most concrete detail provided is that the attack "disrupted a shared
> production platform" that apparently made it hard for the printing presses
> to work - but what does that mean? Disrupted how? What was the shared
> platform? Was it targeted at multiple newspapers, or was this an attack on a
> single platform that just happens to be used by all of these newspapers?

A "production platform" in the context of a newspaper means the systems used
to produce the newspaper. This can be anything from laying out pages and
editing stories to making plates for the press.

(This is not a great thing to get pwned because it's not implausible for it to
contain unpublished stories or confidential source material.)

> _All papers within The Times’ former parent company, Tribune Publishing,
> experienced glitches with the production of papers. Tribune Publishing sold
> The Times and the San Diego Union-Tribune to Los Angeles businessman Dr.
> Patrick Soon-Shiong in June, but the companies continue to share various
> systems, including software._

So this sounds like an internal Tribune problem that also affected some of
their former papers that still use their systems, including the LA Times.

> _It also stymied distribution of the West Coast editions of the Wall Street
> Journal and New York Times, which are all printed at the Los Angeles Times’
> Olympic printing plant in downtown Los Angeles._

Apparently the WSJ and NYT contract out some of their printing to the LA
Times, and since the LA Times' (i.e. Tribune's) production system was down,
they couldn't do the contract printing either.

This part is funny:

> _“We believe the intention of the attack was to disable infrastructure, more
> specifically servers, as opposed to looking to steal information,” said the
> source, who spoke on the condition of anonymity because he was not
> authorized to comment publicly._

It sounds like they asked one of their IT staff what happened (or maybe one at
Tribune) and got an off-the-record answer because IT isn't allowed to "talk to
the press" even when they work for a newspaper.

Then they published it before corporate PR finished deciding what to tell them
because deadlines don't wait for PR departments.

~~~
Kalium
> Then they published it before corporate PR finished deciding what to tell
> them because deadlines don't wait for PR departments.

It _is_ kind of funny to see this happen under one roof, though...

------
gerdesj
_Cyberattack from outside the U.S. hits newspapers across the country,
preventing distribution, source says_

Let's go in with Occam's Razor: RLY? No.

Theory: We don't have useful backups and suffered a IT meltdown. Soz.

~~~
mirimir
Right. They arguably have no clue about the source.

~~~
gerdesj
To be fair: I am only theorising.

------
strictnein
"Outside the US" is such a weird thing. I regularly VPN out through [insert
random country] and then poke at "interesting" websites over Tor. Were am I
coming from? It's almost impossible to tell, and for 99.999% of all orgs
(including government ones), it basically is impossible.

~~~
r3bl
Venn's diagram between people who can achieve this supposed attack and people
dumb enough to use their own IP (or any IP from their own country) is blank.

------
walrus01
I think it's more likely that some commonly-owned group of newspaper syndicate
has been hit by a variety of cryptolocker taking out their windows
XP/Vista/7/10 PCs, due to poor network security practices, than they've been
maliciously attacked.

------
neonate
[https://outline.com/2jWMpj](https://outline.com/2jWMpj)

------
sschueller
Did I misconfigure my nmap port scan again? /s

------
n-gate
One thing I'd guaranteed- it's not china. China is very well adept at paying
newspapers and tv firms journalists as my friends from south asia tell me and
that is a much cleaner approach.

~~~
danso
How would that be a cleaner approach, when it requires a conspiracy? Which
countries did your friends operate from?

~~~
daodedickinson
Conspiracies are cleaner, that's why rulers use them, all over the planet and
beyond.

------
zyxzevn
The NSA's logs will show exactly where it came from. I don't think they will
let us know, as it could also be a False flag cyber attack to push a cyberwar
against NK, Russia or Iran. A strategy that is so common these days.

~~~
tptacek
So common that there is not one reliably documented case of it ever happening.

~~~
alsetmusic
> So common that there is not one reliably documented case of it ever
> happening.

Not exactly full of examples up to this very minute, but the history of false
flag operations is long and well documented. I see no reason to think that it
isn’t in the playbook for modern world powers.

[https://en.wikipedia.org/wiki/False_flag](https://en.wikipedia.org/wiki/False_flag)

~~~
orf
Now here is an actual example of a very, very common strategy

> Hyperbolic statement to push a narrative

> "Please back that statement up"

> Silence, or "Not exactly full of examples up to this very minute"

~~~
fromthestart
[https://en.m.wikipedia.org/wiki/Operation_Northwoods](https://en.m.wikipedia.org/wiki/Operation_Northwoods)

[https://en.m.wikipedia.org/wiki/Gulf_of_Tonkin_incident](https://en.m.wikipedia.org/wiki/Gulf_of_Tonkin_incident)

[https://en.m.wikipedia.org/wiki/Operation_Washtub_(Nicaragua...](https://en.m.wikipedia.org/wiki/Operation_Washtub_\(Nicaragua\))

Why people continue to put such blind faith in government is beyond me.

~~~
wybiral
> Why people continue to put such blind faith in government is beyond me.

This attitude seems really misanthropic to me. Government is people. Elected
people here in the US. Yeah, there have been mistakes and there will continue
to be mistakes, but this "burn it all down" response to that fact of reality
isn't going to make anything better.

