My favourite was from the start of the war when the guys who were supposed to plant incriminating evidence on the scene were they arrested some "terrorists" put the Sims 3 game on the scene instead of 3 sim cards and literally signed the fake documents they planted with "Signature Unclear". (Yes, real story, just search for Sims 3 and Signature Unclear.)
As I understand it I understand this was FSB (or someone elses) way of "getting even" after their boss had been publicly humiliated for proposing to not invade Ukraine. (But that - except for the public humiliation which is well documented - is just speculation on my part although I might have heard it from someone else thinking loud.)
Although sometimes I wonder if it was a genuine misunderstanding. I feel I have unusually many Russian friends and ex-colleagues, people who live outside of russia for good reasons and do not support it. Z-russians on the other hand does not strike me as the brightest bulbs in the box.
This article in turn links to russian state sponsored RIA Novosti, and while I generally don't trust russian state sponsored media, I make exceptions for when they admit embarrassing things, because they have little incentives to lie to get people to ridicule them.
> "Signature Unclear" is actually a real pseudonym of a pro-Nazi author.
That was interesting, thanks!
Do you know if he is an actual Jew-hating nazi or just someone who opposes russia?
(I've learned over the last 3 years that for most russians when they think of nazism they don't think of genocide of minorities, mega-projects, Lebensborn and all that bit rather only about "war against russia")
Then again, that alone us not enough for russia to strike at someone: they have more than one group of openly nazi (by western standards) soldiers fighting against Ukraine, most famously rusisch.
> Log users out frequently for "security reasons".
This is exactly what happens on a contract I work on. Any software that is authenticated through our OKTA SSO very frequently signs users out and redirects to a logout page. This is especially annoying when using the project management software, where you typically have many tabs open to see various requirements, epics, stories, tasks, etc. Any inactivity more than 15 minutes, and all the tabs are logged out. Just like that, everything is gone. It forces us to use strategies such as saving redundant copies of things in notes and spreadsheets. I don’t think it’s necessarily sabotage but it feels extremely negligent. Moreover it’s completely unnecessary since everything is behind a VPN anyway.
Another similar thing that does feel as if it’s somewhat malicious is the very aggressive logout and shutdown policy of our virtual desktops - these are the desktops we do everyday active development on and where we set up IDEs, database clients, web servers, testing tools, API references - anything you can think of. We use this in combination with our regular desktops where we attend meetings or do other non-development tasks such as using the above-mentioned requirements software. It takes a lot of time to set all of this up! If you’re inactive for more than 2 hours, your session is not only closed, it’s completely destroyed so that it can be reclaimed for another user. I don’t need to explain to experienced developers how incredibly frustrating and counterproductive this is, but leadership has been extremely dismissive of any complaints, and tell us that we should use our time more wisely or that we shouldn’t be inactive for so long (which is complete BS, there are a thousand valid reasons foe this). Apparently this is done for cost-cutting reasons, but something feels more nefarious here, because this very obviously leads to reduced productivity and demotivation. This has actually lead to me purposefully overestimating complexity and demanding a user story for every single little trivial action I take, whereas before I used to just go in and make quick fixes or knock out certain operational things in my spare time. It’s a waste of time for us and ends up being worse for our customers.
Logging you out in 15 minutes is ridiculous as is losing your places/work but "behind a VPN" is not considered secure anymore.
"BeyondCorp comes from a realization that VPN perimeter network security is obsolete. As soon as an attacker breaches the perimeter, they have unrestricted access to the resources."
This is a takeoff on a well known WWII pamphlet, the Simple Sabotage Field Manual.[1]
That's not the real worry today. Today we have to worry about remote sabotage of key systems - water, power, comms. It's quite possible that we will see major blackouts in the US, Russia, Europe, or China as side effects of the various wars in progress.
I'm assuming by "significant" you mean an attack on critical infrastructure.
That's a strategic capability that very likely requires multiple attack chains, not a single exploit. For Western countries, cost is probably the least significant factor in deciding to use it.
One would want to be certain that option is available, but only when absolutely necessary. Using it on a random Tuesday would take that particular option off the table forever. Best case scenario, Russia discovers the means by which the attack was carried out. Worst case, they retaliate with nuclear weapons.
Globally, I believe there are only a few countries capable of executing such a plan.
Hacking would just be tit-for-tat at most, and unlikely to be accepted as a good reason for major escalations. Most likely Russian infrastructure is just too old to be vulnerable in the same ways as Western infrastructure.
But it is not. It's quite real! It makes a lot of sense... it's exactly the type of stuff that frustrates people [because it slows down the organization] but happens a lot [because it's not easily detectable/fireable].
Yeah, professional saboteurs only target key systems since incidental systems are constantly experiencing the kind of "sabotage" the site talks about but mostly through laziness, incompetence and bureaucratic fief assertion.
> Leave off the phone or video call information from a calendar invite
Forget government, this is a summary of standard operating procedure at my last (large, private sector) employer. Maybe they weren't all idiots, they were just fighting the man.
Just like the original Simple Sabotage Manual, this is worth reading just to reflect a painfully clear image of your own organization's dysfunction (and possibly your own role in it).
In my workplace people also set the machines to forget the redirects from time to time¹. So that it's not a given that the http:// will lead to anything.
1 - How? I have no idea. They are more expert than the author.
Yes, but the redirection takes both time and energy, that’s what makes it such a good form of sabotage, the grit in the engine that’s too small to notice but still leads to pain and cost.
Sorry, the document has been rejected. We require signatures in blue ink, as specified in the employee handbook section 132.86.9c(3), so we can tell the scanned copy from the original. Please sign again. We’re also sending over a form (G03.2) that acknowledges we received your signature but that it was incorrectly processed. This will ensure you don’t get written up for turning in the document late (section 075.53.7). Please also signed the attached form (form Y64.5) that verifies that the original signature was yours. All forms must be received by the end of the business day. Please also scan the documents and upload the copies to dev.null@fcorp.com
I always carry around a black & blue pen (and sometimes red, I like pens*). At some point I got into the habit of always using blue to sign; not clear why. I distinctly remember signing something in blue and then having to do it all over again because they insisted that I only use black ink. I am now suspicious of this this past event..
*not the expensive kind either, I've tried pens that were $50+; fav is still a $2.75 Uniball Jetstream 1.0mm. Smooth pens make pen&paper writing/signing fun
I may be having an old fuddy duddy moment but I really dislike this site. My first suggestion was at least interesting. My second was to superglue things into place.
Will supergluing things in place actually help the oppressed? Are you the Harriet Tubman of adhesives? Or will someone who makes minimum wage get yelled at and then forced to clean it?
This is Tik Tok level pranks applied to serious political issues and frankly, oppressed people deserve better than this.
The point is to have plausible deniability (just like the original simple sabotage manual). So they have to be realistic enough. Superglueing stuff down isn’t a plausible unless you’re on a boat. But requiring a signature with pen and paper is. Take it a step further and require blue ink (because “its distinguishable from a printed version” or choose a more obscure color for similar reasoning). But make sure to not tell them that until after the signature is received, so that they have to do it all over again.
The intent is for it to appear like childish pranks, mild incompetence, or best of all, nothing. The purpose is to delay and degrade harmful organizations and processes by a thousand tiny cuts.
It bears a strong resemblance to a handbook that went around during WW2 for workers within Nazi occupied territories.
At the very least it doesn't seem like sand-in-the-vaseline tactics are equally useful when applied everywhere, monkeywrenching some random business is not going to bring about the fall of late capitalism exactly, but if they managed to inspire millions of saboteurs it might - of course tough luck about those hospitals and food trucks we depending on.
It's not for you; it's for people who are forced to work for an occupant. During WW2 the CIA actually published a manual for this specific purpose; it's declassified and available here:
I'm quite sure this one is a joke. But yeah, the other one may have been that thing you said (or may have been a joke too, I don't think even the CIA knows by now).
> How else would you recommend people working in adversarial organizations slow them down?
This exact same way. I just don't expect people to recommend slowing down adversarial organizations on the clear, in the public internet.
But then, if you are fighting an unstoppable tyrannical force with superhuman powers, I wish you luck and hope you find the techniques here harmless enough. Maybe there is a better source somewhere with pros and cons of each action, but I don't know how to find it. Either way, I think whoever created this site did so as a joke, so second-guess anything you see here.
My favourite was from the start of the war when the guys who were supposed to plant incriminating evidence on the scene were they arrested some "terrorists" put the Sims 3 game on the scene instead of 3 sim cards and literally signed the fake documents they planted with "Signature Unclear". (Yes, real story, just search for Sims 3 and Signature Unclear.)
As I understand it I understand this was FSB (or someone elses) way of "getting even" after their boss had been publicly humiliated for proposing to not invade Ukraine. (But that - except for the public humiliation which is well documented - is just speculation on my part although I might have heard it from someone else thinking loud.)
Although sometimes I wonder if it was a genuine misunderstanding. I feel I have unusually many Russian friends and ex-colleagues, people who live outside of russia for good reasons and do not support it. Z-russians on the other hand does not strike me as the brightest bulbs in the box.