

Ask HN: Were we cyber attacked today? - alansmitheebk

I hate to sound like a conspiracy wingnut, but it seems unlikely that there were major outages at NYSE, United Airlines, and the WSJ all on the same day and it&#x27;s merely a coincidence.<p>The media are referring to this as &quot;computer glitches.&quot; I mean what, three different guys at three different data centers each tripped over a cable and it took each of them several hours to figure out how to plug it back in?<p>Maybe three different companies each committed buggy code in the past 24 hours -- code so bad that took their systems completely offline-- and they all forgot how to use git revert?
======
jasonhansel
Perhaps Hanlon's razor applies here: "Never attribute to malice that which is
adequately explained by stupidity."

------
veddox
Seen statistically, three "major players" still aren't all that much...

If the White House, Facebook, electricity companies and AT&T had gone down as
well, then maybe we could start talking ;-)

------
hobs
Unlikely? Maybe, but is it more likely that some entity that could attack such
important infrastructure would attempt to steal something, or just destroy?

The only way I could see this could make you money is if you hedged against
the markets and wanted to take everything down to benefit you, and that is
superman villain level stuff.

------
jklein11
It is possible that the outages weren't unrelated but also weren't malicious.
For example, all three companies use the same vendor who's services failed.

I do think it is still more likely that they were 3 unrelated problem's with
their systems.

~~~
firebones
> It is possible that the outages weren't unrelated but also weren't
> malicious. For example, all three companies use the same vendor who's
> services failed.

That is my operating theory based on some throwaway "insider" in the NYSE
thread who claimed (without supporting evidence) that "multiple US citizens in
multiple US cities" worked together to fix the internal IT issue involving the
NYSE issue. Cisco? Or network provider?

Perhaps there was a 0day discovered that affected UAL (or someone else) and
the prioritization favored the airline and financial industries first. Hence
the secrecy to let them get things in order before the larger market is
informed.

Or, it could simply be that two industries that rely heavily on public trust
around their network security have a standard operating procedure to pull the
plug more readily when they get caught off guard with some kind of 0day or
mundane attack. There was someone on here the other day talking about how
banks never publicize small losses due to attack against them for similar PR
reasons. But other systems are too big to fail.

~~~
firebones
Of course, with the emerging revelation that this was just an internal
software/interface screwup during a pilot, I guess my speculation was wrong.

Not sure why the insider wouldn't have just said "it was a software upgrade
issue" instead of saying "trust me, it's nothing", though.

------
vezzy-fnord
Why do you assume they use Git?

------
MaulingMonkey
> and they all forgot how to use git revert?

Implying they use any form of VCS at all...

The Knightmare fiasco might serve as a useful datapoint for re-calibrating
your expectations:

[http://dougseven.com/2014/04/17/knightmare-a-devops-
cautiona...](http://dougseven.com/2014/04/17/knightmare-a-devops-cautionary-
tale/)

> I hate to sound like a conspiracy wingnut, but it seems unlikely that there
> were major outages at NYSE, United Airlines, and the WSJ all on the same day
> and it's merely a coincidence.

My expectations are calibrated at roughly "this is noteworthy?" Taking the
long view of things, it seems unlikely it's taken this long for there to be
three major outages on the same day. Well, rather, there have been - one wee
little "yet another OpenSSL security vulnerability" and half the internet
catches on fire, it seems. Or Michael Jackson dies and the full internet
catches on fire. (EDIT: Or an AWS region goes down and you make a drinking
game out of what popular websites are down because of it.)

Or, even ignoring mass issues like that - I suspect it's likely there _have_
been "three major outages on the same day" before - and we simply didn't
notice. I wasn't aware of the United Airlines outage, for example. I didn't
notice this. I had to have it called to my attention.

> and they all forgot how to use git revert?

This also ignores the fact that git revert is insufficient for something as
simple as an SQL schema change if you don't want to lose data. Rolling back
your blog's comments is one thing - they were mostly spam anyways. Rolling
back financial transactions is entirely another (breach of contract? Fraud?)

It's entirely possible to generate rollback scripts which handle this, of
course. These aren't necessarily faster to execute than it is to fix the
actual problem, however, if you've got a sufficiently large database. Murphy's
law means you'll hit some edge case, your rollback will fail, and now you're
trying to untangle yet another layer of things gone wrong.

(EDIT: Hell, rereading about Knightmare, they tried to rollback. They
succeeded, but that just made things worse in the process!)

> Were we cyber attacked today?

Nothing to suggest it was one so far, IMO. Although I'll certainly grant that
a "computer glitches" hand-wave isn't a terribly strong indication it wasn't
one, either. "Cyber attacks" (what does that term mean to you, exactly, I
wonder?) are common enough I wouldn't find it too terribly surprising, though.
I can predict my rough reaction: "I guess they were wrong about that."

