Hacker News new | ask | show | jobs
by beoberha 2012 days ago
Do you say this because you think some hacker can gain access to the VMs where your data is stored? It’s significantly more likely that this will happen due to one of your engineers getting social engineered. While we don’t know the details of the SolarWinds breach yet, I’d be willing to bet the hackers did not gain access to production VMs.
1 comments
wegs 2012 days ago
If 5% of businesses are independently compromised every year, that's a painful but manageable drain on our economy.

If the [inter]national infrastructure goes down, with the firmware on every device on every internet-connected computer bricked at the same time due to a large-scale cyberattack (perhaps followed by a military attack a little while later), we're f-ed.

All this would take is:

- One zero-day each on Windows, MacOS, and Linux.

- Nation-state level resources to create a bricking firmware update for all commonly-used devices.

- Nation-state level resources to create a spreading attack for all major routers and network devices.

- Nation-state level resources to deploy this rapidly enough that response systems can't respond.

With 200 nation-states, it's perhaps just a matter of time....

(And yes, there's a lot more i's to dot and t's to cross, but I think they're all doable, with nation-state level resources)

link
EvanAnderson 2012 days ago
Why destroy the computers? Just destroy the power grid. Get a few million smart meters to disconnect from the grid simultaneously and watch the sparks fly. Destroy a sizeable quantity of transformers and it will be months or years before power is restored.

I think this is more "movie plot", though. "Smart Grid" security has gotten tons better than it was at the start. A lot of very security conscious and smart people have been working on it.

link
wegs 2010 days ago
Precisely what you said: Power grid has security. Compromising 90% of connected devices with a mainstream OS would, at once:

(1) Tank the economy

(2) Likely, be doable with resources totaling in the single-digit million dollars

Modern wars are largely about industrial capacity.

But if it is equally easy to compromise the grid, why not do both?

This may sound like a movie plot, but so did the invasion of Poland at the beginning of WWII, the attack on Pearl Harbor, nuclear bombs on Japan, the rape of Nanjing, or many other actual events which Actually Did Happen.

We tend to underestimate the impact of rare events: our brains are conditioned to discount anything which happens once or less than once per lifetime. That's likely why humanity will kill itself at some point.

link