1970s again

The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
We had an incident a while back. Seems someone was shooting at a transmission line. It failed some time after that. It was winter and we were without power for 18 hours. The whole town was dark. It got down to 40*F in the house before the power came back on. It wouldn't take much to bring the country to a complete halt.
 
I finally found gas last night - all of the stations were out except one. The good news is I could start walking if needed. It is only 8 miles to work. The 110 miles home to see my wife on weekend might be tough. Well, atleast hold are not hoarding TP again, yet.
 
We had an incident a while back. Seems someone was shooting at a transmission line. It failed some time after that. It was winter and we were without power for 18 hours. The whole town was dark. It got down to 40*F in the house before the power came back on. It wouldn't take much to bring the country to a complete halt.
This is a part of the arrogance of especially telcos that boggles my mind. They refuse to invest, cut off customers at random, literally abuse their clients... and somehow forget they have tens of thousands of miles of highly-exposed infrastructure that depends entirely on the social contract they routinely ignore.
 
This is a part of the arrogance of especially telcos that boggles my mind. They refuse to invest, cut off customers at random, literally abuse their clients... and somehow forget they have tens of thousands of miles of highly-exposed infrastructure that depends entirely on the social contract they routinely ignore.

TelCos are probably concerned about internet from the sky, that has the potential to remove them from the equation. I've been on no-contract fiber for about 7 years, and was contacted by my rep (this year) that I could "lock in" my current pricing, if I went on contract, and that would prevent my Fiber company from jacking up rates. It looks as if they are concerned about satellite internet making them inconsequential.

I asked if they had plans to raise my rates. They said NO. I said I was fine with my current arrangement, and if major price increases were on the horizon, I'd look at my options.
 
Our company does a similar test phishing e-mail
Despite annual training and getting a black mark for each failure to catch the phishing (and too many you can lose your job), every test there is a percentage of people who click.
One bad thing about the test is they hit a large portion, if not all, of the workers. So if someone thinks an email is phishing, they check with a coworker - when we see multiple people have the same one we know it is a test. But what if they only sent it to a few scattered employees? The percentage would be higher.

And if someone allows a real phishing email in, smart card or not, the mail can set up malicious code that can create a backdoor to get in.

And while many of our critical systems have an air gap, some are on the plant network.

But the cost to constantly upgrade every PC or device to keep on top of things, plus the software impacts would be excessively cost prohibitive. We once were going to replace a PC in a piece of equipment. The equipment had to interface to certain devices that were now obsolete. The drivers for those devices would not work with the operating system for the new PC, and since obsolete the manufacturer was not providing upgrades (or were out of business). We tried instead to revert down to an older OS for the PC that the drivers supported. Except the older OS could not work the peripherals in the PC itself! Now, instead of just a PC, we would need to replace the PC, all associated devices, update all the operational software, test software, interfaces to data collection, etc. What was thought to be a couple of thousand for just the PC was going to turn into multiple hundreds of thousands of dollars. Instead we managed to get the old PC working again..
Multiply that by the 100's of computers and devices of various vintages over the last 30+ years and we would price ourselves out of the market...
This in todays comics round up...
1620914516852.png
 
This in todays comics round up...
View attachment 464032


Exactly - it makes no difference how modern or robust your system is, 1, 2, 5 levels of authentication, smart cards, whatever - if the users click on a malicious email that allows in a file that can corrupt/take over the system, it is going to get in.

And people will fall for the phishing - some are quite good. But also think about all the SPAM and Robo-calls you get. If people were not falling for it and making people/companies money, that activity would stop. But they make sufficient profit to justify their efforts/cost tp do this....
 
And to add insult to injury if you look closely at the person filling the tote with gas they are also talking on the cell phone.

Just saw on the news that the pipeline company paid the hackers 5 million bucks the day after the hack. They did this even before they reported the event to the authorities. (As reported on the news for what it's worth) Another gutless American company. I've been following all of the comments being made in this thread about how hard it is to combat and about all of the things this company or that company is doing and with all of that there nobody in the United States that can take these people on. May God (or whoever you believe in) helps us all.......
 
I am a paid, professional cyber security expert who works to defend DoD’s networks from the bad guys. This gentleman has a much better grip of the reality of the situation than all you folks beating your chests and talking about a forceful response, or going back to pre-computer days. Two points: 1. There are no simple answers to complex problems. 2. If you are not in the industry, in the trenches with access to classified reports you have no idea what is going on, or what your country is doing. That’s all I can say.
 
Earth: The Insane Asylum of the Universe- nowhere else could things be this messed up.
VZe6ref.jpg
 
Why is the pipeline hooked up to the internet? There was a time before the internet when the pipelines ran without the internet.
Valves and pump control are all via BAS and the BAS got hacked. Still Joe Plummer could go over to a valve/pump and turn it on? These are sophisticated systems, so turning on a pump/opening a valve could cause major electrical and mechanical problems if not timed correctly.
 
Just saw on the news that the pipeline company paid the hackers 5 million bucks the day after the hack. They did this even before they reported the event to the authorities.

As it turns out, the ass-clowns who didn't airgap their corporate from Ops network, caved-in and paid up from day one, and still could not decrypt their file systems: "after Colonial paid the hackers, the criminals were so slow to help the company that pipeline staff got to work on recovery themselves. "
https://www.bbc.com/news/business-57112371https://www.bloomberg.com/news/arti...eline-paid-hackers-nearly-5-million-in-ransom
Here are the folks in charge of this fiasco. Colonial CIO has been named "CIO of the Year by Georgia CIO Leadership Association", and has Bachelor of Arts and Master of Education degrees. Might have been a half-decent school teacher.
https://www.colpipe.com/about-us/our-company/executive-team
Another gutless American company.

Technically, Colonial Pipeline is a private company, and they can do whatever they want.
However, their ineptness has significant social and economic externalities to the entire country, way beyond the net worth of the company's balance sheet.

Reminder: it is not the FBI's job to prevent you from:
  • leaving all your doors wide open when you go on vacation
  • keeping gold bars in plain sight in your passenger seat
  • storing your cash in a barrel on the lawn

Therein lies the problem - folks intuitively "get" and "relate to" locking doors, building fences, installing security cameras, paying for the security guards at the front gate. They can <see> the output of that expenditures with their eyes, and observe when some elements of physical security are getting neglected or become ineffective. And even then, many still find ways to screw that up.

Network/IT security is harder to observe with a naked eye, and thus harder to appreciate, and monitor. But if your corporate or personal hard-drives get encrypted and rendered unusable, the impact is far greater than some vagrant wondering in and steeling gear from your work equipment shack, or home garage.

Unless you detonated a single nuke in low-Earth orbit.

Too dramatic.
We now live in a world where dumb criminals hold-up banks and gas stations to score a few grand at a time, then usually get caught.
Smart criminals surreptitiously encrypt your hard dries and hold-up companies for ransom a few Million $$ at a time. Then usually get to do it again, and sell their tools to others to do more of the same.

a
 
Good gosh, I had pants like that in the 8th grade. No one laughed back then either. My mom got a few pairs that were oversized I actually was an odd ball and wore through med school.:)

Kurt
 
And to add insult to injury if you look closely at the person filling the tote with gas they are also talking on the cell phone.

Just saw on the news that the pipeline company paid the hackers 5 million bucks the day after the hack. They did this even before they reported the event to the authorities. (As reported on the news for what it's worth) Another gutless American company. I've been following all of the comments being made in this thread about how hard it is to combat and about all of the things this company or that company is doing and with all of that there nobody in the United States that can take these people on. May God (or whoever you believe in) helps us all.......

If someone was to hold my life, family hostage, threaten to shut them down, all I had to do is give them the change in my pocket, I of course would give them the change in my pocket. $5MM is pocket change to a pipeline company.

It's also not like they are going to pay for it in the end, you and I are
 
Last edited:
So given the huge resources that the US Govt has, why can't they track down malicious hackers, and send some folk to deal with them personally? Yeah, you'd probably irritate the local govt if they found out that those 3 computer guys who had suspicious accidents or were dissapeared was done by us, but so what? Are they going to do anything about it otherwise? I think its a lack of political will and the balls to make some examples, rather than technical reasons or lack of money.

I'd gladly be educated as to why this isn't feasible.
 
Between TOR, Darkweb, VPS, IP spoofing, staying completely untraceable on the internet is easy. And to that, payment by bitcoin? You cannot stop someone you cannot identify.
 
So given the huge resources that the US Govt has, why can't they track down malicious hackers, and send some folk to deal with them personally? Yeah, you'd probably irritate the local govt if they found out that those 3 computer guys who had suspicious accidents or were dissapeared was done by us, but so what? Are they going to do anything about it otherwise? I think its a lack of political will and the balls to make some examples, rather than technical reasons or lack of money.

I'd gladly be educated as to why this isn't feasible.

Are you suggesting we send troops in to russia to deal with hackers "personally"? Potentially starting WWIII to deal with a compromised network of a very wealthy private company is not a plan I'd support.
 
Also likely in Bulgaria, N Korea, China, Iran, Syria, turkey, Missouri, Canada, the Netherlands, etc..

they can be anyone, and likely anywhere, especially in places with lax policing & the ability to do anything..
 
A smart group would make it "just traceable enough" to see it is coming from Russia, while they are sitting in Wichita Kansas. You cannot punish who you cannot find
 
Are you suggesting we send troops in to russia to deal with hackers "personally"? Potentially starting WWIII to deal with a compromised network of a very wealthy private company is not a plan I'd support.

I'm not saying I'm in favor of it, but I thought the suggestion was more along the lines of how top Iranian nuclear scientists kept being the victims of random street crime, aka Mossad assassinations. That still leaves the question of whether it's worth takijng a big risk to off a person who is easily replaced. How many times did we take out the #3 man in Al-Qaeda with a $1M missile from a drone? There was always another guy to promote to #3. With the hackers, it'll be pretty similar.
 
If someone was to hold my life, family hostage, threaten to shut them down, all I had to do is give them the change in my pocket, I of course would give them the change in my pocket. $5MM is pocket change to a pipeline company.

It's also not like they are going to pay for it in the end, you and I are
Payload, please understand my angry face emoji on your post has nothing to do with you and everything to do with the corporation passing the cost of their monumental stupidity down to us, the consumers.

Now, I identify as fiscally conservative and understand and support capitalism. However, this is one of those RARE times when I think the government should force the offending corporation to forgo passing the costs on to the consumer and tell them to suck it up, buttercup. Actions (or inaction) should have consequences. If they recoup their "losses" by charging us for cleaning up their FUBAR, then they avoid the negative consequences of a decidedly negative failure to take appropriate precaution.

Maybe the costs should come out of the CIO's and CEO's compensation packages.

</rant>
 
Remember the great big punishing cigarette settlement? 400 Berzillion dollars over 20 years? Didn't cost the cigarette companies a dime, cost went right on to a pack of cigarettes
 
I'm not saying I'm in favor of it, but I thought the suggestion was more along the lines of how top Iranian nuclear scientists kept being the victims of random street crime, aka Mossad assassinations. That still leaves the question of whether it's worth takijng a big risk to off a person who is easily replaced. How many times did we take out the #3 man in Al-Qaeda with a $1M missile from a drone? There was always another guy to promote to #3. With the hackers, it'll be pretty similar.
isnt that he case?

I, a generic & bored 'smart guy', manage to hack you & hold you hostage. You pay me the $$ I demand. I then flee [retire] to the Turks & Cacos.. I can still come & go with impunity; you have no idea of who I am..

the guy behind 'KnowBe4' used to be a hacker. Look at him now.. How many other hackers have become legit & well employed to 'fight their own kind'?

There is always 'someone else'...
 
Maybe the answer is we need to have out hackers hit Russia if that is where this started.
 
Back
Top