The clear suggestion is that it is Russia doing it.
Other than as an f-u, I don’t understand why they would though. If I have an effective weapon (GPS spoofer), surely I don’t want to alert the enemy to it, lest they develop defences. So eg say NATO were overreliant on GPS, incidents of spoofing like this will cause them to rethink and reduce that reliance, or harden the system.
I think there are probably many parties contributing to the interference in the Eastern Mediterrarnean. Russia and Israel are two of the big ones right now (and both have admitted doing it).
I'm pretty sure they meant "because China and Russia are probably identifying exploits", not "because China and Russia are reporting exploits". I.e. it's a defensive measure.
Or maybe the US are being caught but other countries don't typically publish the fact they are catching the US. I can't see chinese/Russian leadership announcing to the world their systems have been hacked.
It always struck me as improbable that all these high profile (and notoriously hard/impossible to attribute) attacks on “critical infrastructure” or whatever are always instantly and authoritatively pinned (by US authorities) on groups operating in the US’s geopolitical enemies.
Part of me suspects that there might be something in this related to current events. If I were to spitball ideas about motives and modus operandi, it feels like the kind of thing a state actor would tamper with, and in terms of style I'd gravitate toward looking in North Korea's direction, since it feels like their style.
Why do it? Raising noise with false alarms, desensitizes the intended signal of an alarm, ruining signal-to-noise, as people slack off about responding to alerts. It also serves as a probe to see what an actual outcome would look like. There's no profit (no money), and no incentive to whip emergency responders up into a confused state, for most non-state actors.
Even SWATTING is usually more targeted, with the prank being played on a specific person. Sometimes SWATTING serves to distract the target from something under their control. That doesn't seem to be present here.
North Korea's hacks usually come across as sort of impish in a lot of ways. They seem to like the attention of getting into the news. Messing with something reminiscent of air raid warnings seems to fit the personality of their general profile, given their ballistic missile ambitions. Other state actors in the news lately, probably wouldn't be as interested in domestic civil defense systems in the U.S.
They (whomsoever is responsible) might be motivated to do something like this (if it were a North Korean team) given some of the sabre rattling going around this season. It rings of something that would score points with Dear Leader.
But then again, yeah, maybe this is just the typical sort of "because it's there" hack, and some script kiddie found his way into another cookie jar.
1. US military hardware runs different software than Russian military hardware.
2. There are major geographic differences in the software, hardware and architecture of Industrial Control Systems. Not to mention vulnerabilities that might only exist in certain configurations which are common to the contractors building those systems.
3. Major powers are developing their own GPS satellite constellations. Some countries develop their own satellite software.
4. Most web applications are customized to the client.
5. Due to fears of hardware backdoors, it is looking like we might seen a balkanization of communication hardware (internet routers, etc). Note that their are already geographic and regional differences in cell and phone communications.
6. S. Korea's legally mandated https encryption, SEED, is not used outside of S. Korea. An attack on SEED software would be very specific to that country.
You are correct though in the notion that much of the consumer OTS software is global in scope. It really depends on the vertical you are attacking.
It is well known that China produces an enormous number of electronic devices and has access to most of the embedded firmware installed, yet it seems that Russia is always the accused target of these alleged attacks.
Quite a stupid policy, IMO. It's much too easy to make it look like country X is doing the hacking. It would be an exceedingly cheap way for a 3rd party to marshall US resources on their behalf.
It can be very hard to determine who is really doing the attacks. For example, we know that North Korea is surprisingly active in this area[0]. Even though they are probably using servers in China, the only nation that they still have somewhat friendly relations with, it is better for them if the attacks appear to be coming from Russia.
It doesn’t make sense to teach terrorists how to secure their systems if you need to exploit these systems to achieve your mission.
Now that Chinese, Russian and North Korean actors are putting in work and causing real economic damage in the west it looks like defence is starting to hold some value again.
China has been accused of hacking and/or electronic spying by other states.
Russia has been accused of hacking and/or electronic spying by other states.
North Korea has been accused of hacking and/or electronic spying by other states.
And yes, the US and quite a few European states -- and many other countries -- have also been accused of hacking and/or electronic spying by other states[a].
All these governments are playing with explosives: The right spark at the wrong place at the wrong time can start a fire.
Seemingly "minor" incidents have triggered wars in the past.[b]
China is a growing economy and will surpass the US GDP soon, so theres plenty more of the world to do business with, if people want to avoid the hassle of being a suspect or set up by earlier phishing trips.
Remember US Mil drones only target the mobile phone's the intel is still not good enough to know if the target is still in possession of the phone. Same applies elsewhere especially when considering hackers could be phishing for spook capabilities over the decades after all what hacker wouldnt like to hack the spooks to establish fact from fiction?
In February this year there was an attack against Vodafone Portugal that brought down their whole mobile networks, 4G, 5g, and fiber, taking them several days to bring everything back up [0]. It also very clearly was a state actor, no threats, no ransom, sophisticated.
Taking down pipelines, taking down comms, taking down transport infrastructure. All within a few months. Always on NATO targets, always localized, never claimed with any statements, always sophisticated enough that it would require knowledgeable state actors.
It all seems like a training ground to find out if they can do it and probably a message to NATO members to not assume they are safe.
It would be better to tighten security and prevent such activity, than to accuse any state actor, accusing a state actor, I would guess, gives them more power in political negotiations.
As far as I understand, its mostly impossible to be certain who did what in hacking since the location doesn't really determine who it is.
Other than as an f-u, I don’t understand why they would though. If I have an effective weapon (GPS spoofer), surely I don’t want to alert the enemy to it, lest they develop defences. So eg say NATO were overreliant on GPS, incidents of spoofing like this will cause them to rethink and reduce that reliance, or harden the system.
reply