> In 2019, the Maduro government accused the United States of conducting a cyberattack on a hydropower plant that plunged much of the country into darkness for a week.
> The power failures caused sporadic outbursts of looting and unrest, bringing the government close to collapse.
Good point. It's easier to say you got hacked by nation state actors than to tell your boss you accidentally screwed up a major system with no way to recover. It's not like 99% of the management could tell the difference.
Is there a particular reason to take any state account of anything at all at face value? At some point you either have to accept to play the game or reject all news.
In this case, it fits squarely in with American foreign policy, especially their orientation towards Venezuelan chavismo.
It also fits squarely with corruption in Venezuela, specially regarding energy. Venezuela has been rationing electricity across the country since 2009 and has been involved in countless corruption scandals involving Odebrecht, PDVSA, Derwick Associates.
I understand the US's foreign policy is a global threat, but let's not let that be an excuse for the atrocities and corruption of tyrants in Venezuela and other places.
In the 2019 book "Sandworm", which discusses cyber warfare against infrastructure like this, but between Russia and Ukraine, the author begs the question in an interview with a US military/intelligence official,
"why doesn't the US go after these hackers and designate targeting civilian infrastructure as a crime?"
To which the response was essentially "The US would like to reserve those types of cyber attacks for their own uses"
These quotes are very loose, I read it last year, but essentially, the US didn't make a stink about older grid attacks in order to save face when the US does it.
Additionally, much of VZ's difficulty was due to the massive sanctions against the nation. Sanctions are effectively attacks on a nation's citizens to pressure the government. Disabling power infrastructure is absolutely in-line with the motives of sanctions and embargos.
Let's hope those chicken never come home to roost. NSA has a history of losing offensive cyber tools.
IIRC both Texas and California had widespread power outages in the last few years. I am not convinced that US power grid is much better defended than the one in the EU.
> Let's hope those chicken never come home to roost.
Bare minimum it gives chinese tech suppliers a great pitch to convince buyers to choose their products over US suppliers. Even if theirs are also full of backdoors, at least they have no history of taking advantage of them to kidnap heads of state far away.
Yes, you're missing that if you mess with the power grid the US will go and kinetically strike back (read: bomb your country) or attack you with its own cyber warfare capabilities, unlike the EU. That's why the EU is experiencing cyber attacks and cyber warfare with clear culpability from Russia, but is unable to do much about it besides give Ukraine more weapons. If Russia launched a cyber attack and shut down JFK the way it did Heathrow, the US would actually do something about it even with all the Trump is a Russian agent stuff aside.
Calm down, John Rambo. Even if USA could prove that it wasn't a false flag op, it won't "kinetically strike back" against China, Russia, India, or even small allies like North Korea.
USA is only willing to fight very asymmetrical wars.
Sure, of course it's not that simple. If China for example did a cyber attack it doesn't necessitate an immediate kinetic response or some sort of gargantuan nation-state level warfare to take place.
But if one of those countries shut down the US power grid we absolutely would respond and you're naive to think that the US would not respond out of some "fear" about only fighting very asymmetric wars.
Amongst some there seems to be this idea that because the US has taken military action in other countries over the years, more recent being more important, and because those countries "couldn't fight back" that the US is unable or unwilling to take further action against other nation states that theoretically could fight back (India could not, for example as a weak military power with nuclear weapons), but instead I'd caution you look at those action with respect to the ability of other countries to take action.
In other words, it feels good to throw in zingers like the US only beats up on weaker countries or something which, let's be frank would be every country or bloc except China, but you're missing the fact that those countries are not even able to project power to or willingness or ability to attack other countries.
I only remember that if one US state loses power the other states laugh about it because obviously it is because the current governor is a black female democrat. It'd be great progress to actually detect what caused it in a timely manner and then do a proper cyber attribution.
Generally I think you are using a lot of big words to compensate for the fact that the US ignored the Minsk agreement.
The russian government has been publicly joking about Trump, broadcasting nude pictures of the first lady and boasting about possessing the Epstein tapes. Before that was the hack of Hillary's mail server and fake news campaigns. No kinetic repercussions, even red carpet for putin's visit in Alaska.
Apart from all this a modern drone war would be a big problem for the US, and countries like Ukraine, russia and china are much better prepared for such a scenario.
Europe had Ukraine sabotage (according to European reports) its gas lines and gave it more weapons as a reward… so I guess the answer is that it’s complicated.
German intelligence thinks so… maybe they’re garbage. Also “the island” and “the guardian” maybe they’re garbage when they report on this but not on other things.
Russia conduct cyber attacks on US all the time. North Korea did a high profile attack too. China flew a balloon over the whole country, not bothering a single airport, without any response. US never does anything to anyone that can hit back.
> Yes, you're missing that if you mess with the power grid the US will go and kinetically strike back (read: bomb your country) or attack you with its own cyber warfare capabilities, unlike the EU.
Sounds too good to be true. I'd love to believe it.
Didn't russia claim to have the full Epstein files, so how did they get them if not by hacking US government?
Attribution of cyber attacks is extremely difficult, and US seems to notoriously under invest into infrastructure. Unlike other countries, most of the power grid is above ground. How can you be so sure that it is safe?
> Unlike other countries, most of the power grid is above ground. How can you be so sure that it is safe?
I didn't say it was safe by virtue of defensive capabilities, but it's safe by virtue of the US will very likely come bomb you or use its own cyber capabilities if you do something to the US. This is in contrast to the EU which was the comparison point, which is unable and unwilling to do much against cyber attacks.
Let's not take Maduro at his word, he's great at playing the victim to hide their corruption. Venezuela has been in an energy crisis since 2009 with rationing still happening everywhere in the country except in Caracas [1] big part of it from the Odebrecht corruption scandal [2]
US cyber capabilities have an edge because they can analyze all of our data stored with US tech companies and they have interception points on all major internet cables.
Their human intelligence is much better prepared to "convince" someone to act against their own interest if they can look at your last ten years of communication, family pictures, and web browsing history before they even meet you.
Imagine working in a foreign country where death penalty is applied to certain crimes, like blasphemy or homosexuality. They just need to find one person in the target organization who has a secret twitter account that talked badly about god and then they hit them up and tell them to plug in a certain USB stick to a certain system. Cyber operation succeeded because they have a shell.
The reality probably isn't far off... I know in the past the "breaches of critical infrastructure" breathlessly reported by the media have actually just been wide-open SNMPv2 services using the default community string. I'm sure something similar happened here. Turns out you can just connect to port 161, press "power off," and be reported in the news as an "advanced persistent threat actor"
Is it that, or is it more likely they paid some anti-Maduro electric company worker to walk into HQ and shove a dongle in the back of a PC somewhere on their internal network, ala Stuxnet?
I work in electricity, it wouldn't be one, but yeah essentially it's probably an unpatched RDP/vnc/remote desktop exploit. Or the password is contraseña123
There's also great potential to build misattribution in. Just pause between combining the attacks from the Internet and renaming variables to watch a Dolph Lundgren movie.
This. Also do not underestimate developing countries internal security budgets. Most middle income countries can now afford DACH sized cybersecurity procurement deals.
It's a performative announcement - most American and Israeli cybersecurity vendors either don't sell in China or white label a Chinese product for the Chinese market.
I know 2 companies in that list that have done that very thing because otherwise it would have put their FedRAMP and CMMC pipelines at risk.
I initially was in the Huawei client engagement where they wanted copies of all of our source code. We said “no, nobody gets that”. They just keep asking over and over.
On one hand, that seems like a sure way to get your product copied. On the other, they’d be totally nuts to run a cybersecurity product without the source code, right?
Seems like a situation where getting the interests to align is just very difficult.
Even with white labeled products so they stay legally compliant, is it really justifiable to increase the risk? They're having people flying in and out for "sales meetings", shared office spaces, devices, maybe even staff overlap.
I understand it's a good way to make money but it comes with some tail risk.
Basically, a Chinese MSSP or SI is selected and given the American/Israeli company's logo and makes a revenue share agreement, and an airgapped environment using a distinct fork is deployed.
That said, most companies decide not to operate in the Chinese market - the TAM is too small for the headaches that it entails (losing Gov and NATO+ defense procurement opportunities).
You're using "false equivalence" bias. Not every government is bad, especially if you still have russia, iran, and others as ongoing contenders for worst crimes against humanity.
So saying "every government is bad" is simply a bad faith argument and you should shamefully sink towards the planet core for using it. Andorra is not as bad as russia or iran.
Just yesterday there was a video where russian soldiers tie an anti tank mine around the torso of a black African mercenary soldier from Mali before forcing him on a suicide meat assault towards Ukrainian positions. Some countries are evil on another level.
India has neither the ability nor the desire to attack the US. The very idea is silly.
The country has its hands full enough coping with its state of quasi-chaos and belligerent nuclear-armed neighbors without taking on the worlds leading superpower for absolutely no reason at all.
Almost certainly not. The first impeachment trial revealed that Trump's foreign policy was for his personal benefit. It's pretty obvious Trump has figured out that nations, corporations and oligarchs will pay him for favors. I think the dots are connectable.
> In 2019, the Maduro government accused the United States of conducting a cyberattack on a hydropower plant that plunged much of the country into darkness for a week.
> The power failures caused sporadic outbursts of looting and unrest, bringing the government close to collapse.
Is there any particular reason to take this claim from Maduro at face value?
Good point. It's easier to say you got hacked by nation state actors than to tell your boss you accidentally screwed up a major system with no way to recover. It's not like 99% of the management could tell the difference.
Agree. In hindsight though the claim gets a little more credibility.
Is there a particular reason to take any state account of anything at all at face value? At some point you either have to accept to play the game or reject all news.
In this case, it fits squarely in with American foreign policy, especially their orientation towards Venezuelan chavismo.
It also fits squarely with corruption in Venezuela, specially regarding energy. Venezuela has been rationing electricity across the country since 2009 and has been involved in countless corruption scandals involving Odebrecht, PDVSA, Derwick Associates.
I understand the US's foreign policy is a global threat, but let's not let that be an excuse for the atrocities and corruption of tyrants in Venezuela and other places.
https://en.wikipedia.org/wiki/Energy_crisis_in_Venezuela
https://en.wikipedia.org/wiki/Odebrecht_case#Venezuela
https://en.wikipedia.org/wiki/Derwick_Associates
In the 2019 book "Sandworm", which discusses cyber warfare against infrastructure like this, but between Russia and Ukraine, the author begs the question in an interview with a US military/intelligence official,
"why doesn't the US go after these hackers and designate targeting civilian infrastructure as a crime?"
To which the response was essentially "The US would like to reserve those types of cyber attacks for their own uses"
These quotes are very loose, I read it last year, but essentially, the US didn't make a stink about older grid attacks in order to save face when the US does it.
Additionally, much of VZ's difficulty was due to the massive sanctions against the nation. Sanctions are effectively attacks on a nation's citizens to pressure the government. Disabling power infrastructure is absolutely in-line with the motives of sanctions and embargos.
Let's hope those chicken never come home to roost. NSA has a history of losing offensive cyber tools.
IIRC both Texas and California had widespread power outages in the last few years. I am not convinced that US power grid is much better defended than the one in the EU.
> Let's hope those chicken never come home to roost.
Bare minimum it gives chinese tech suppliers a great pitch to convince buyers to choose their products over US suppliers. Even if theirs are also full of backdoors, at least they have no history of taking advantage of them to kidnap heads of state far away.
> at least they have no history of taking advantage of them to kidnap heads of state far away.
Ha. Someone else wrote:
> USA is only willing to fight very asymmetrical wars.
I say:
> China is only willing to kidnap defenseless people
Yes, you're missing that if you mess with the power grid the US will go and kinetically strike back (read: bomb your country) or attack you with its own cyber warfare capabilities, unlike the EU. That's why the EU is experiencing cyber attacks and cyber warfare with clear culpability from Russia, but is unable to do much about it besides give Ukraine more weapons. If Russia launched a cyber attack and shut down JFK the way it did Heathrow, the US would actually do something about it even with all the Trump is a Russian agent stuff aside.
Calm down, John Rambo. Even if USA could prove that it wasn't a false flag op, it won't "kinetically strike back" against China, Russia, India, or even small allies like North Korea.
USA is only willing to fight very asymmetrical wars.
Sure, of course it's not that simple. If China for example did a cyber attack it doesn't necessitate an immediate kinetic response or some sort of gargantuan nation-state level warfare to take place.
But if one of those countries shut down the US power grid we absolutely would respond and you're naive to think that the US would not respond out of some "fear" about only fighting very asymmetric wars.
Amongst some there seems to be this idea that because the US has taken military action in other countries over the years, more recent being more important, and because those countries "couldn't fight back" that the US is unable or unwilling to take further action against other nation states that theoretically could fight back (India could not, for example as a weak military power with nuclear weapons), but instead I'd caution you look at those action with respect to the ability of other countries to take action.
In other words, it feels good to throw in zingers like the US only beats up on weaker countries or something which, let's be frank would be every country or bloc except China, but you're missing the fact that those countries are not even able to project power to or willingness or ability to attack other countries.
I only remember that if one US state loses power the other states laugh about it because obviously it is because the current governor is a black female democrat. It'd be great progress to actually detect what caused it in a timely manner and then do a proper cyber attribution.
Generally I think you are using a lot of big words to compensate for the fact that the US ignored the Minsk agreement.
The russian government has been publicly joking about Trump, broadcasting nude pictures of the first lady and boasting about possessing the Epstein tapes. Before that was the hack of Hillary's mail server and fake news campaigns. No kinetic repercussions, even red carpet for putin's visit in Alaska.
Apart from all this a modern drone war would be a big problem for the US, and countries like Ukraine, russia and china are much better prepared for such a scenario.
Europe had Ukraine sabotage (according to European reports) its gas lines and gave it more weapons as a reward… so I guess the answer is that it’s complicated.
source: toilet in google headquarters
German intelligence thinks so… maybe they’re garbage. Also “the island” and “the guardian” maybe they’re garbage when they report on this but not on other things.
Russia conduct cyber attacks on US all the time. North Korea did a high profile attack too. China flew a balloon over the whole country, not bothering a single airport, without any response. US never does anything to anyone that can hit back.
Three points:
1. You don't actually know what actions the US has taken.
2. The only country outside of one using nuclear bombs that could theoretically "hit back" is China.
3. Flying some balloons across the US doesn't necessarily necessitate some sort of massive response. There's levels.
Oh I thought you said the actions would be kinetic.
No, sorry. I wrote:
> Yes, you're missing that if you mess with the power grid the US will go and kinetically strike back (read: bomb your country) or attack you with its own cyber warfare capabilities, unlike the EU.
Sounds too good to be true. I'd love to believe it.
Didn't russia claim to have the full Epstein files, so how did they get them if not by hacking US government?
Attribution of cyber attacks is extremely difficult, and US seems to notoriously under invest into infrastructure. Unlike other countries, most of the power grid is above ground. How can you be so sure that it is safe?
> Unlike other countries, most of the power grid is above ground. How can you be so sure that it is safe?
I didn't say it was safe by virtue of defensive capabilities, but it's safe by virtue of the US will very likely come bomb you or use its own cyber capabilities if you do something to the US. This is in contrast to the EU which was the comparison point, which is unable and unwilling to do much against cyber attacks.
Let's not take Maduro at his word, he's great at playing the victim to hide their corruption. Venezuela has been in an energy crisis since 2009 with rationing still happening everywhere in the country except in Caracas [1] big part of it from the Odebrecht corruption scandal [2]
[1] https://en.wikipedia.org/wiki/Energy_crisis_in_Venezuela
[2] https://en.wikipedia.org/wiki/Odebrecht_case#Venezuela
Stuxnet was 15 years ago. This isn’t crazy news, it’s just the first time it’s being reported openly
Because cyber is not a flashy capability like a new jet or missile but it's an area where the US has the clear edge: https://www.iiss.org/research-paper/2021/06/cyber-power---ti...
US cyber capabilities have an edge because they can analyze all of our data stored with US tech companies and they have interception points on all major internet cables.
Their human intelligence is much better prepared to "convince" someone to act against their own interest if they can look at your last ten years of communication, family pictures, and web browsing history before they even meet you.
Imagine working in a foreign country where death penalty is applied to certain crimes, like blasphemy or homosexuality. They just need to find one person in the target organization who has a secret twitter account that talked badly about god and then they hit them up and tell them to plug in a certain USB stick to a certain system. Cyber operation succeeded because they have a shell.
I think I just got Mandela-Effected, I had to look this up. For some reason I thought Stuxnet was something that happened in the 90s, not late 2000s.
It happened to 90s systems which were used in the 2000s so you are still technically correct ;)
It would be funny in this case if it was really just an open SCADA for their entire power grid that they clicked “off”, then “on”.
The reality probably isn't far off... I know in the past the "breaches of critical infrastructure" breathlessly reported by the media have actually just been wide-open SNMPv2 services using the default community string. I'm sure something similar happened here. Turns out you can just connect to port 161, press "power off," and be reported in the news as an "advanced persistent threat actor"
Is it that, or is it more likely they paid some anti-Maduro electric company worker to walk into HQ and shove a dongle in the back of a PC somewhere on their internal network, ala Stuxnet?
I work in electricity, it wouldn't be one, but yeah essentially it's probably an unpatched RDP/vnc/remote desktop exploit. Or the password is contraseña123
https://archive.is/rUYS4
I’m stuck Ina captcha loop with this site today
Third world countries lack the resources to secure their ICS and SCADA. Corrupted US govt doesn't even need NSA's capabilities for this.
Not sure if that’s the right way to divide the world.
Actually, poor countries can leverage cyber to pose a much bigger threat than they could traditionally.
Or in other words: Cyber can be used for asymmetric warfare. In relative terms, poor countries cause a lot more damage than rich ones.
There's also great potential to build misattribution in. Just pause between combining the attacks from the Internet and renaming variables to watch a Dolph Lundgren movie.
This. Also do not underestimate developing countries internal security budgets. Most middle income countries can now afford DACH sized cybersecurity procurement deals.
China should help them.
Beijing tells Chinese firms to stop using US and Israeli cybersecurity software - https://news.ycombinator.com/item?id=46618949 - January 2026
It's a performative announcement - most American and Israeli cybersecurity vendors either don't sell in China or white label a Chinese product for the Chinese market.
I know 2 companies in that list that have done that very thing because otherwise it would have put their FedRAMP and CMMC pipelines at risk.
I worked at a place that faced exactly that.
I initially was in the Huawei client engagement where they wanted copies of all of our source code. We said “no, nobody gets that”. They just keep asking over and over.
On one hand, that seems like a sure way to get your product copied. On the other, they’d be totally nuts to run a cybersecurity product without the source code, right?
Seems like a situation where getting the interests to align is just very difficult.
Even with white labeled products so they stay legally compliant, is it really justifiable to increase the risk? They're having people flying in and out for "sales meetings", shared office spaces, devices, maybe even staff overlap.
I understand it's a good way to make money but it comes with some tail risk.
Basically, a Chinese MSSP or SI is selected and given the American/Israeli company's logo and makes a revenue share agreement, and an airgapped environment using a distinct fork is deployed.
That said, most companies decide not to operate in the Chinese market - the TAM is too small for the headaches that it entails (losing Gov and NATO+ defense procurement opportunities).
unlike rich countries, which only lack the will and care to secure their ICS and SCADA /s
Or the US in particular that applies a lot of resources into willfully keeping every ICS and SCADA out there insecure, including their own.
> Corrupted US govt
and Venezuela govt is not corrupt?
"Murder is bad!"
"So rape isn't?!"
Come on.
Every govt is. But whoever has most power is most corrupted.
You're using "false equivalence" bias. Not every government is bad, especially if you still have russia, iran, and others as ongoing contenders for worst crimes against humanity.
So saying "every government is bad" is simply a bad faith argument and you should shamefully sink towards the planet core for using it. Andorra is not as bad as russia or iran.
Just yesterday there was a video where russian soldiers tie an anti tank mine around the torso of a black African mercenary soldier from Mali before forcing him on a suicide meat assault towards Ukrainian positions. Some countries are evil on another level.
Is the US attacking Russia and China and India as well because they’re the biggest threats?
India has neither the ability nor the desire to attack the US. The very idea is silly.
The country has its hands full enough coping with its state of quasi-chaos and belligerent nuclear-armed neighbors without taking on the worlds leading superpower for absolutely no reason at all.
> India has neither the ability nor the desire to attack the US.
Extraordinarily wrong on the first part.
Some countries have even outsourced some of their cyberattack capability to Indian companies in the past, and not for cost reasons.
https://www.cybercom.mil/About/Mission-and-Vision/ This is a 4-star command.
No: 1) big bully only bullies little guys. 2) big guys have nuclear deterrent.
The US is almost certainly ready to attack China, Russia, India, and every other country. Currently attacking? No, at least not on this scale.
Also: Why is India on your list? "Biggest", certainly, but in what way are they a threat?
I read GP as a commentary of BRICS. There may/may not be interference there by the US and/or Five Eyes.
Almost certainly not. The first impeachment trial revealed that Trump's foreign policy was for his personal benefit. It's pretty obvious Trump has figured out that nations, corporations and oligarchs will pay him for favors. I think the dots are connectable.
javascript only
They can only do JS cyberattacks?
Maybe they need to use RISC-V assembly ;).