First Malware Designed to Deliberately Harm Humans Discovered, Possibly Russian - Sensationalist Headlines

https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/ Article mentions how there isn't a definitive answer on who did it, originally they suspected Iran as the first target was Saudi Arabia, but researchers later placed it more likely to be the work of Russia. It isn't 100% known yet who is behind it, however the fact that someone has actually gone out and deployed a malware designed to literally put human lives at risk or possibly to actually straight up just kill people, is a world first.

Surprising absolutely no one.

Can we please just go back to making derpy computer worms?

Aside from being able to remotely work on the plants systems why the ever loving fuck would someone connect shit lile this to the internet? Like if you are so worried about cyberattacks just keep it disconnected from net, it seems its more trouble than its worth.

All it takes is someone with a USB, my man. Whether they intentionally bring it in or not.

I remember back in the day receiving a file from a friend which when opened, caused a message box to pop up: "A cup holder for you". When you clicked OK the CD tray would open, and it would persist until you killed some process or rebooted. Simpler times.

Harmless viruses are the best.

Yeah, you could have all the best cyber security in the world and all it would take to hack somewhere is head of security Joe Bloggins putting his password as "password123" to gain access to everything, or a "loose" USB without a label being left at the front desk to get plugged into a PC by an unknowing secretary to check it's contents, or my favorite, using the "3 questions" system as a method of password retrieval. if you know the name of someone's dog, their mother's maiden name, and where they were born then BOOM, you're in. The weakest link in every cyber security net is the human part.

Jesus after seeing this headline I thought it was some sort of malware that was infecting people's pacemakers or something and just killing them. I'm actually a little relieved it isn't that serious but this is still pretty bad.

Because in an automated system, you'd need these dysjointed systems running ontop of eachother for maximum efficiency. Thus; just like our current issues with our crops being monoculture, our automated systems become so centralized for efficiency reasons that a single attack vector could collapse an entire system. Our economic systems are already teetering on uncontrollable and untenable, if a single small scale outbreak of something incredibly viral were to hit the right spot in the United States, our economic system would shudder to a near halt as we tried to contain it. Now amplify what is the comparatively slow and organic efficient to a highly specialized and designed centralized system requiring input from non-human places that if even one thing goes off the system hitches and starts falling behind horrendously.

I remember this friend of a friend doing some shit and turning his computer off remotely. He was such a troll.

Hahaha I used to send something this round school to fuck with the librarians when I was a little shithead. Except it would only do it once. They never found out why it was happening.

Isn't Stuxnet basically the same thing? I really don't think this is a 'world first' or that Russia is the sole perpetrator of such things.

you can bet your ass that any and every advanced nation-state is developing offensive cyber tools. it's just a matter of covertness; russia and china seem to have no problem with overt tools and operations such as this, while for the US we really only hear about cyber tools when they get blown or they fuck up like stuxnet

I think the scariest take away from this is that doing something like this is not too hard for a nonstate actor to pull off. Bill the programmer and a few of his friends from the local power plant could feasibly do something similar. Unlike conventional terrorism, which leaves a pretty big footprint (Why did bob buy a bag of fertilizer from 7 different stores, etc), this leaves barely anything. All you need is an understanding of whatever software you're targeting is and a delivery method.

I’m still of the opinion that tools such as stuxnet and triton can’t exist without nation-state backing and funding. Stuxnet especially was a really advanced tool, with probably multiple years of development, including vulnerability research for the 0-days it used, research into personal security product avoidance or defeat, assets to steal private keys from companies to create a legitimate driver signature, exhaustive testing on real PLCs, and a reliable way to deliver it all. It’s not really something a handful of average programmers can do, and if they do have the know-how they probably would make ransomware instead