Hacker News new | ask | show | jobs
by msane 3525 days ago
Hopefully it's not related threats about hacking during the election.

Remember that recently Biden openly threatened cyber attack on Russia if they make any attempt to tamper with the election. Which is completely unprecedented, as is the notion that DOD is openly saying Russia was behind DNC and other attacks.
2 comments
cm2187 3525 days ago
Also what amazed me is that he would casually threaten to strike Russia. It seems that no one considers these attacks as an act of war. But that's what they are.
link
eternalban 3525 days ago
NATO's new position as of July 2016: http://www.nato.int/cps/en/natohq/topics_78170.htm

    In July 2016, Allies reaffirmed NATO’s defensive 
    mandate and recognised cyberspace as a domain of
    operations in which NATO must defend itself as 
    effectively as it does in the air, on land and at sea.
The technical verbiage used is "domain of operations" and "security domain".

This article says that "massive" cyber attacks can lead to invocation of Article 5: http://www.reuters.com/article/us-cyber-nato-idUSKCN0Z12NE

http://www.navyhistory.org/wp-content/uploads/2014/02/541-b_...

link
msane 3525 days ago
Well that is potentially huge.
link
mysterypie 3525 days ago
> It seems that no one considers these attacks as an act of war. But that's what they are.

Wouldn't it be better that we on Hacker News stay above trying of define "act of war". Is it an act of war for one country to pollute air that floats over another country? Is it an act of war to launch satellites that pass over another country? These questions are governed by precise treaties today, but I can imagine politicians screaming "act of war, act of war!" at some point in the past.

It's just an arbitrary phrase used by politicians to justify whatever action or inaction they take. It will lead us to needless unproductive argument.

link
brazzledazzle 3524 days ago
God I fucking hope not. I'd much rather lose access to some services and focus on technical mitigations than literally start a war over it. I don't want me or my family to die just because services go down or businesses lose some income.
link
tdkl 3524 days ago
Like it or not, that's happening and next year when Clinton comes in the office, that will be the among the first things it comes to. Mark this comment.

Why ? Because business.

link
cm2187 3524 days ago
I am not sure you will think the same if someone in your family is at the local hospital and the electricity has been shut down
link
brazzledazzle 3524 days ago
I think I must have missed some context here or misread since an attack on an electrical grid is substantially different from disrupting major web services.
link
speedplane 3524 days ago
I'm not sure you've seen eighth graders who are unable to watch Netflix.
link
meowface 3525 days ago
It's espionage, not necessarily an act of war. The US government is threatening to strike back with more espionage. (If they haven't already...)
link
cm2187 3525 days ago
Espionage is stealing data. Disrupting utility services is an act of war, whether it is shutting down an electricity power plant, cutting communications, or any other act of sabotage.
link
Zigurd 3525 days ago
Equating what amounts to a temporary sabotage of a non-critical service to an act of war highlights how brittle and conflicted is US cyber-strategy.

Surveillance has for so long gotten all the money and mindshare A stockpile of zero days is considered a good and necessary thing. Back doors in hardware and software are considered clever and useful, and maybe even a workable compromise for domestic surveillance.

Imagine if the domestic surveillance budget had been spent instead on making Linux into an EAL6+ certifiable system and creating open, verifiable designs for chips and firmware for secure hardware platforms.

link
optionalparens 3525 days ago
This is true, but in fun hypothetical talks with various tech friends over the decades, we often talked about in relation to Internet services in particular, taking down services and such can actually help with hacking (i.e. stealing data) efforts. How? Why? Firstly, probing as the article mentions does yield plenty of valuable intel which is the core for espionage.

Secondly, we often joked that companies have such flawed backup and response procedures that triggering these things has a funny effect. More specifically, a lot of times in our experiences, we saw things like backups, up-scaling servers, etc. go noticeably unmaintained or poorly attended. A lot of people, especially years ago never did a great job of testing their backup systems, failovers, scaling, etc. and kept them up-to-date and secured as well as the main stuff. It's more interesting in some ways in this world of containers and VMs. One would assume things are updated, patched, and deployed exactly inline with the mainline stuff, but that's not always the case. It often takes only one slip-up and this is where a ton of people make mistakes for so many reasons. And sometimes it's easier to manipulate the protection systems to be the vector itself than the systems they are protecting.

That is to say, messing around with services sometimes can be a way of creating an open front or back door. Especially if there's malware and things that can be planted that will be less likely to be caught in the panic or otherwise deployed as a result of the panic response.

Of course all of this is more unlikely, but it's fun to think about in the same way stupid schemes that are similar in heist movies are fun.

link
pinebox 3525 days ago
Doesn't seem hypothetical or unlikely at all:

http://www.zdnet.com/article/symantec-data-stealing-hackers-...

IIRC this tactic was used during the massive Target data breach in 2014.

link
rfrank 3525 days ago
What about say, stealing a map of secret military installations? Can stealing certain pieces of data be considered an act of war?
link
Crito 3525 days ago
> Espionage is stealing data.

You tell me. Under their classification system, is stealing map data espionage?

link
rfrank 3525 days ago
Don't know, hence the question. It seems murkier than data vs. infrastructure. The one article I've read so far on the subject doesn't say much [1]. The Cyber Act of War Act of 2016 is apparently working its way through Congress [2].

Does application of the stolen data play a factor? ie considering the OPM breach an act of war if compromised individuals are blackmailed. Would Russia stealing the location data & capabilities of our missile defense system constitute an act of war?

1. http://www.wsj.com/articles/when-does-a-hack-become-an-act-o... 2. https://www.congress.gov/bill/114th-congress/house-bill/5220...

link
catawbasam 3525 days ago
If a foreign entity is attacking our infastructure, that could certainly be viewed as an act of war.
link
abysmallyideal 3525 days ago
What if an entity willingly allowed the attacks or espionage to continue? Like the NSA allowing foreign nations to spy on US citizens and corporations, or the CIA operating and allowing drug operations to run amok within US borders, or the OPM breach?

You can't just have one without being able to hold all of those responsible accountable.

link
jonlucc 3525 days ago
I think it could be either. Destruction vs information gathering would seem to be the line to me.
link
meowface 3525 days ago
Hence not necessarily.

What Russia is trying to do with us (whether it's to influence our election or just make us seem weak) is very bad and should be met with a proportional response, but calling it an act of war seems a bit too far.

link
cpr 3525 days ago
Hillary specifically promised to treat a cyberattack with all possible responses including military.

This woman is dangerous.

link
meowface 3524 days ago
She and Obama were referring to cyberattacks that cripple critical infrastructure. Like shutting down power grids.
link
tptacek 3525 days ago
If that's what they are, why aren't we already at war with Russia?
link
matt4077 3525 days ago
Would you like to be at war with Russia?

Did you know you're at war with North Korea?

Did you know you're not at war, and have never been, with Afghanistan?

Meaning of all that: what is or isn't "war", an "act of war" or "is" is up to people to define, and international law is easily ignored whenever states think that's a good idea.

The best definition is probably the UN's "act of aggression", see http://www.un-documents.net/a29r3314.htm. That definition does not include provisions for such situations – the only (theoretically) unarmed act of aggression is a blockade.

link
draw_down 3524 days ago
There is a strange push in America to go to war with Russia. Of course no one comes right out and says this, because it would be counterproductive. But every time something bad happens to democrats, it gets blamed on Russia. Lots of non-sequitur bellicose talk about Putin all the time.

It reminds me of the run up to the Iraq war. Seems bad.

link
tdkl 3524 days ago
But they had WMDs ! /s
link
abysmallyideal 3525 days ago
The idiot is embarrassed because the DNC was exposed as fraudulent and corrupt to the core. One might figure only the Russians would be interested in exposing the underlying machinations of American politics, but it really is just a classic case of misdirection.

He's also threatening not just the Russians, but the American citizens as well... that if they try to challenge the system as it is, then the politicians would rather start a major war than to address any concerns of fraud/corruption.

link
kswahl1 3525 days ago
DNC and RNC are corrupt to the core. Does that really need to be exposed? It's been a know fact for a few decades.
link
lambdadmitry 3525 days ago
It's not just DoD, eset found strong evidence to back the claim [1].

[1]: https://news.ycombinator.com/item?id=12764898

link