https://www.dailymail.co.uk/sciencetech/article-13029089/Notorious-Russia-gang-claims-stole-classified-secret-documents-intelligence-agencies-FBI-warns-China-hackers-preparing-wreak-havoc-America.html

Notorious Russia gang claims it stole 'classified and top
secret documents' from US intelligence agencies - as FBI
warns China hackers are preparing to 'wreak havoc' in America

Ransomware group ALPHV stole top-secret FBI and U.S.
intelligence documents

FBI director Christopher Wray warns PRC hackers will
take over America

.. . .

Yep - they can get EVERYTHING. "Secret" stuff,
banks, infrastructure ... we made it SO easy
for sake of convenience.

Oh ... if they know what's in those 'secret'
dox then it means they weren't even encrypted.
What's up with that ? Oh, yea ... "trust your
provider to thoroughly encrypt your data" ...

I always pre-encrypted anything that was being
stored "in the cloud". Never spent a single
millisecond as plain text. Apparently yer govt
and vital services can't be bothered ......

Apologize for excess groups for Linux people,
but the same warnings apply.

Le 2024-02-03 à 04:08, 68g.1499 a écrit :
> https://www.dailymail.co.uk/sciencetech/article-13029089/Notorious-Russia-gang-claims-stole-classified-secret-documents-intelligence-agencies-FBI-warns-China-hackers-preparing-wreak-havoc-America.html
>
> Notorious Russia gang claims it stole 'classified and top
> secret documents' from US intelligence agencies - as FBI
> warns China hackers are preparing to 'wreak havoc' in America
>
> Ransomware group ALPHV stole top-secret FBI and U.S.
> intelligence documents
>
> FBI director Christopher Wray warns PRC hackers will
> take over America
>
> . . .
>
>   Yep - they can get EVERYTHING. "Secret" stuff,
>   banks, infrastructure ... we made it SO easy
>   for sake of convenience.
>
>   Oh ... if they know what's in those 'secret'
>   dox then it means they weren't even encrypted.
>   What's up with that ? Oh, yea ... "trust your
>   provider to thoroughly encrypt your data" ...
>
>   I always pre-encrypted anything that was being
>   stored "in the cloud". Never spent a single
>   millisecond as plain text. Apparently yer govt
>   and vital services can't be bothered ......
>
>   Apologize for excess groups for Linux people,
>   but the same warnings apply.

Of all the «Shit Hits The Fan scenarios» this is one of, if not the
short term most probable...

Chasseur

On 2/4/24 9:29 AM, Chasseur wrote:
> Le 2024-02-03 à 04:08, 68g.1499 a écrit :
>> https://www.dailymail.co.uk/sciencetech/article-13029089/Notorious-Russia-gang-claims-stole-classified-secret-documents-intelligence-agencies-FBI-warns-China-hackers-preparing-wreak-havoc-America.html
>>
>>
>> Notorious Russia gang claims it stole 'classified and top
>> secret documents' from US intelligence agencies - as FBI
>> warns China hackers are preparing to 'wreak havoc' in America
>>
>> Ransomware group ALPHV stole top-secret FBI and U.S.
>> intelligence documents
>>
>> FBI director Christopher Wray warns PRC hackers will
>> take over America
>>
>> . . .
>>
>>    Yep - they can get EVERYTHING. "Secret" stuff,
>>    banks, infrastructure ... we made it SO easy
>>    for sake of convenience.
>>
>>    Oh ... if they know what's in those 'secret'
>>    dox then it means they weren't even encrypted.
>>    What's up with that ? Oh, yea ... "trust your
>>    provider to thoroughly encrypt your data" ...
>>
>>    I always pre-encrypted anything that was being
>>    stored "in the cloud". Never spent a single
>>    millisecond as plain text. Apparently yer govt
>>    and vital services can't be bothered ......
>>
>>    Apologize for excess groups for Linux people,
>>    but the same warnings apply.
>
> Of all the «Shit Hits The Fan scenarios» this is one of, if not the
> short term most probable...
>
> Chasseur

Enemy govts work through "criminal" proxies for
deniability reasons. Many of the proxies may not
even know of the state connections, indeed the
thrill of crime likely boosts their performance.

What we see today is mostly just 'probing', experiments,
looking for weaknesses, victims, new methods. This can do
a lot of damage, but should things deteriorate to more
real cyberwar the damages would be a thousand times worse.

1st-world is 1st-world because everything is efficient,
smoothly integrated at every scale. Alas that sort of
of interdependency is fairly easy to sabotage. Going
after just the banking systems would do it, or the
energy or communications infrastructure. One vital
brick crumbles and the whole empire tumbles down.

And forget "we could fix it soon enough" ... some of
these systems hold up SO much that there'd be nothing
left worth fixing in a matter of weeks. The fuel
runs out, the food runs out, the lights stay off,
it goes Mad Max real quick.

Ironically, 3rd/4th would would barely notice anything
had happened. Afghan goatherds might notice fewer
people coming around to annoy them.

THAT the little hacks COULD get so deeply inside our
supposedly "safe" systems just (again) demonstrates
the level of vulnerability which exists.

I doubt we will ever hear much about the actual methods
and tactics involved - top secret stuff no doubt.

Le 2024-02-04 à 21:21, 68g.1499 a écrit :
> On 2/4/24 9:29 AM, Chasseur wrote:
>> Le 2024-02-03 à 04:08, 68g.1499 a écrit :
>>> https://www.dailymail.co.uk/sciencetech/article-13029089/Notorious-Russia-gang-claims-stole-classified-secret-documents-intelligence-agencies-FBI-warns-China-hackers-preparing-wreak-havoc-America.html
>>>
>>> Notorious Russia gang claims it stole 'classified and top
>>> secret documents' from US intelligence agencies - as FBI
>>> warns China hackers are preparing to 'wreak havoc' in America
>>>
>>> Ransomware group ALPHV stole top-secret FBI and U.S.
>>> intelligence documents
>>>
>>> FBI director Christopher Wray warns PRC hackers will
>>> take over America
>>>
>>> . . .
>>>
>>>    Yep - they can get EVERYTHING. "Secret" stuff,
>>>    banks, infrastructure ... we made it SO easy
>>>    for sake of convenience.
>>>
>>>    Oh ... if they know what's in those 'secret'
>>>    dox then it means they weren't even encrypted.
>>>    What's up with that ? Oh, yea ... "trust your
>>>    provider to thoroughly encrypt your data" ...
>>>
>>>    I always pre-encrypted anything that was being
>>>    stored "in the cloud". Never spent a single
>>>    millisecond as plain text. Apparently yer govt
>>>    and vital services can't be bothered ......
>>>
>>>    Apologize for excess groups for Linux people,
>>>    but the same warnings apply.
>>
>> Of all the «Shit Hits The Fan scenarios» this is one of, if not the
>> short term most probable...
>>
>> Chasseur
>
>   Enemy govts work through "criminal" proxies for
>   deniability reasons. Many of the proxies may not
>   even know of the state connections, indeed the
>   thrill of crime likely boosts their performance.
>
>   What we see today is mostly just 'probing', experiments,
>   looking for weaknesses, victims, new methods. This can do
>   a lot of damage, but should things deteriorate to more
>   real cyberwar the damages would be a thousand times worse.
>
>   1st-world is 1st-world because everything is efficient,
>   smoothly integrated at every scale. Alas that sort of
>   of interdependency is fairly easy to sabotage. Going
>   after just the banking systems would do it, or the
>   energy or communications infrastructure. One vital
>   brick crumbles and the whole empire tumbles down.
>
>   And forget "we could fix it soon enough" ... some of
>   these systems hold up SO much that there'd be nothing
>   left worth fixing in a matter of weeks. The fuel
>   runs out, the food runs out, the lights stay off,
>   it goes Mad Max real quick.
>
>   Ironically, 3rd/4th would would barely notice anything
>   had happened. Afghan goatherds might notice fewer
>   people coming around to annoy them.
>
>   THAT the little hacks COULD get so deeply inside our
>   supposedly "safe" systems just (again) demonstrates
>   the level of vulnerability which exists.
>
>   I doubt we will ever hear much about the actual methods
>   and tactics involved - top secret stuff no doubt.

I concur.
And to agravate matters, a new dragon has or will soon enter the
cyberspace, namely artificial intelligence. Up until more or less now,
hacking has been personel intensive, probably in the thousands, wether
they are tethered to hostile govs or not. AI will in all likelyhood
change all of that. AI acts and learns. It will become more and more
efficient and quite forseeably, much less personel dependent.
Furthermore, it will be relentless, 24 hours a day, 365 days a year.
Just imagine a coordinated simultaneous AI controlled cyberspace attack
on utilities (water, gas, electricity, etc.) transport (our computerized
private and public vehicles), data (finance, medical, gov and private
administration, military, etc.). It is predictable that such an attack
would be more damaging than a powerful EMP event, not to mention almost
ridiculously inexpensive.
In my view, it is not a question of IF but a question of WHEN.
Considering the disruptive potential of such an AI attack, I am pretty
sure that the likes of Vlad, Xi, Kim and their groupies are already on
it. Caveat emptor.
Chasseur

On 2/5/24 1:32 PM, Chasseur wrote:
> Le 2024-02-04 à 21:21, 68g.1499 a écrit :
>> On 2/4/24 9:29 AM, Chasseur wrote:
>>> Le 2024-02-03 à 04:08, 68g.1499 a écrit :
>>>> https://www.dailymail.co.uk/sciencetech/article-13029089/Notorious-Russia-gang-claims-stole-classified-secret-documents-intelligence-agencies-FBI-warns-China-hackers-preparing-wreak-havoc-America.html
>>>>
>>>>
>>>> Notorious Russia gang claims it stole 'classified and top
>>>> secret documents' from US intelligence agencies - as FBI
>>>> warns China hackers are preparing to 'wreak havoc' in America
>>>>
>>>> Ransomware group ALPHV stole top-secret FBI and U.S.
>>>> intelligence documents
>>>>
>>>> FBI director Christopher Wray warns PRC hackers will
>>>> take over America
>>>>
>>>> . . .
>>>>
>>>>    Yep - they can get EVERYTHING. "Secret" stuff,
>>>>    banks, infrastructure ... we made it SO easy
>>>>    for sake of convenience.
>>>>
>>>>    Oh ... if they know what's in those 'secret'
>>>>    dox then it means they weren't even encrypted.
>>>>    What's up with that ? Oh, yea ... "trust your
>>>>    provider to thoroughly encrypt your data" ...
>>>>
>>>>    I always pre-encrypted anything that was being
>>>>    stored "in the cloud". Never spent a single
>>>>    millisecond as plain text. Apparently yer govt
>>>>    and vital services can't be bothered ......
>>>>
>>>>    Apologize for excess groups for Linux people,
>>>>    but the same warnings apply.
>>>
>>> Of all the «Shit Hits The Fan scenarios» this is one of, if not the
>>> short term most probable...
>>>
>>> Chasseur
>>
>>    Enemy govts work through "criminal" proxies for
>>    deniability reasons. Many of the proxies may not
>>    even know of the state connections, indeed the
>>    thrill of crime likely boosts their performance.
>>
>>    What we see today is mostly just 'probing', experiments,
>>    looking for weaknesses, victims, new methods. This can do
>>    a lot of damage, but should things deteriorate to more
>>    real cyberwar the damages would be a thousand times worse.
>>
>>    1st-world is 1st-world because everything is efficient,
>>    smoothly integrated at every scale. Alas that sort of
>>    of interdependency is fairly easy to sabotage. Going
>>    after just the banking systems would do it, or the
>>    energy or communications infrastructure. One vital
>>    brick crumbles and the whole empire tumbles down.
>>
>>    And forget "we could fix it soon enough" ... some of
>>    these systems hold up SO much that there'd be nothing
>>    left worth fixing in a matter of weeks. The fuel
>>    runs out, the food runs out, the lights stay off,
>>    it goes Mad Max real quick.
>>
>>    Ironically, 3rd/4th would would barely notice anything
>>    had happened. Afghan goatherds might notice fewer
>>    people coming around to annoy them.
>>
>>    THAT the little hacks COULD get so deeply inside our
>>    supposedly "safe" systems just (again) demonstrates
>>    the level of vulnerability which exists.
>>
>>    I doubt we will ever hear much about the actual methods
>>    and tactics involved - top secret stuff no doubt.
>
> I concur.
> And to agravate matters, a new dragon has or will soon enter the
> cyberspace, namely artificial intelligence. Up until more or less now,
> hacking has been personel intensive, probably in the thousands, wether
> they are tethered to hostile govs or not. AI will in all likelyhood
> change all of that. AI acts and learns. It will become more and more
> efficient and quite forseeably, much less personel dependent.
> Furthermore, it will be relentless, 24 hours a day, 365 days a year.
> Just imagine a coordinated simultaneous AI controlled cyberspace attack
> on utilities (water, gas, electricity, etc.) transport (our computerized
> private and public vehicles), data (finance, medical, gov and private
> administration, military, etc.). It is predictable that such an attack
> would be more damaging than a powerful EMP event, not to mention almost
> ridiculously inexpensive.
> In my view, it is not a question of IF but a question of WHEN.
> Considering the disruptive potential of such an AI attack, I am pretty
> sure that the likes of Vlad, Xi, Kim and their groupies are already on
> it. Caveat emptor.
> Chasseur

Current "AI" models need to be TRAINED. This can be a
complication, esp when there is a lot of variation in
what it's supposed to be looking for. Even tomorrows
"self-training" AIs - a possible bridge to true
e-sentience - might have problems UNLESS the targets
were pretty standard.

Commercial services like SolarWinds and M$ and friends
DO offer a lot of 'standard' aspects. This makes them
especially vulnerable. Clearly a way, per the news, was
discovered (by mere humans). It'd become a lot faster
and easier once AIs became involved. Current AIs can
become VERY good at emulating humans - which will
greatly facilitate "human factor" approaches. Very
"human seeming" correspondence over e-mail, even
over phone, can be created. Will fool almost anyone.

Note the vast increase in phony "abduction" scams
and "grandmother" scams. A person in my office called
and said she'd been kidnapped and money should be
beamed to a yet-to-be-specified account. Thing
is she was busy, in her office, seemed surprised
she'd been kidnapped. SOUNDED convincing, used
something close to her voice. An AI attack. Passed
it along to the cops - who, no surprise, could not
do anything with it. Might have originated in
Romania for all I know.

That was a couple years ago. It'll get better and better -
soon to include 'live' video no doubt - they just need a
few photos they find online. SAME approaches can be used
to scam people out of access codes and such. People ARE
the weakest link. Forget your OWN skills - think "barely
competent button-pushing people". These days THEY are
the real gate-keepers. All for 'convenience" ...

Enemies have MANY routes ... and, being the instigators,
defenses will always be behind the curve. Some kind of
CyberDoom awaits.

Oh, you can't really eat gold coins ... a basement
full of dried beans might be better :-)