I worked for the largest router companies of their time. I won’t ever consider internet-connected garage doors, fridges, lighting, locks, or microphones (Alexa, etc). Sorry, I just don’t need it or the potential headache. I disabled apps on my TV. Ok, I relented on my thermostat (well-protected).
5
Shaming the Russians for bad acts is like scolding Harvey Weinstein. American society is severely vulnerable if that's the best we can do.
1
Lucius Nieman:
What "Russian [state] bad acts"?
Be specific when answering.
2
The day after this warning, tax day in the U.S., the IRS website goes down.
3
I have already been hit by Russians and Bulgarians......be sure to get the info from your security system and report it to the CIA.
This article appears same day IRS site goes down. Coincidence?
1
The guy Kapersky has said he thinks all of the data in the world has all ready been hacked. At least twice. I'm more concerned about the NSA stealing data than the Russians.
1
We've all heard the warnings. Tell us when the government does something.
3
Issued WHERE!? I’d suggest that the government support releases of such helpful guidance to agencies, businesses and citizens with something that resembles a COMMUNICATIONS PLAN.
4
These alerts and other information related to computer and network security are issued at https://us-cert.gov, where you may sign up to receive these and various other notifications by email.
2
To those commenting with genuine, understandable, and justified anguish at the difficulty of personally getting off the internet in today's world, I would simply say two things:
1/ You're absolutely right.
2/ There's no free lunch.
Cambridge Analytica, Trump, Facebook, Russia, etc. are not so much causes of our current level of social and political dysfunction but, rather, what you get, when you are willing to trade long-term and fundamental values and interests for convenience, when you are willing to accept entertainment as news.
And, if you want to make a fundamental change, remember (or check out if yu are young) how many people died fighting for civil rights and against the Viet Nam War. Evers, Chaney, Goodman, Schwerner, Kent State, Jackson State: the list could fill a hundred comments. And, while you're at it, don't expect entrenched institutions to provide "safe spaces" while protecting you from "microagressions", as you seek to make fundamental change challenging the distribution of power. Nope, there aint no free lunch!
Meanwhile, keep some perspective. Think of all the energy and outrage that goes into the somewhat accountable (even if indirectly so) N.S.A.'s collection of (mostly mass) data of Americans, while the same outraged folks willingly give up orders of magnitude more data to corporations, whose only accountability is to profit.
10
The internet cannot be made secure. It really is that simple.
Forget Facebook, Cambridge Analytica, and marketing hype phrased as promises. These are functionally nothing but a smokescreen for the underlying issue: the internet cannot be made private, honest, and secure. Unless and until people are willing to accept the implications of that reality, all else is merely rearranging the deck chairs on the Titanic.
It would be nice to see more articles, Op-Eds, comments, and public leadership about how our society might begin going about unwinding from the internet, starting not necessarily with personal privacy issues but the more immediate and serious problem of our government, military, and intelligence having allowed themselves to become dangerously vulnerable, having now drunk the Kool-Aid of interconnected electronic efficiency as safely secure.
The acknowledgement of Russian cyberattacks is just the tip of the iceberg. Underlying that are efforts to not merely interfere with but to appropriate our command and control networks, including nukes. And that doesn't even get into the issue of what software has been secretly embedded in all our chips made in China.
Though optimistic about life in general, as I watch everyone read about the Facebook hearings on Facebook, I am not holding my breath that self-deluding addiction to the internet will be fundamentally unraveled, before a major security breach occurs, such as an armed drone directed at Congress or the Superbowl.
7
I thought, at least at one time, things like nuclear command and control and other military systems were hardened. Literally, they were not connected to the world wide web. Is that still the case? Maybe its time to revisit some of these older forms of security and that is unhook control systems from using the web. But as far as web based computing, I'm afraid Mr. Fankuchen is correct.
3
Good article, however if possible adding a link to the technical guidance would be nice.
9
How about including the actual warning itself in the article? Or even a summary of it, with a link? The name of the agency issuing the warning?
9
The article is interesting/helpful but where exactly is the 'guidance' that was released? Thank you.
6
This article warms about security problems but doesn't tell what (if anything) I can do to check/fix my own system. That info, or links to it, would make this less concerning and more useful.
5
Then why aren't the USA and Britain returning the favour in kind to Russia?
2
Usa and Uk can’t respond in kind, They are too busy taking care of the fallout of Brexit and Trump. Which were both caused by Russian meddling.
1
I wonder just how smart are all these unregulated devices for the home. For that matter include cars. Particularly with the coming self driving cars.
3
Russia has been awarded the role of insurmountable bogeyman, who can lurk in our homes, waiting to strike. The US and Britain are going full bore into an endless trove of deceit and false information, based on the ethereal nature of the internet, to sow paranoia and fear. They can now prove anything, simply by proclamations that are hyped by an ever more devious media.
6
I totally agree with you. Thank you for pointing it out.?
We are at cyber war with much of world, and the United States hasn't been sitting idle. Remember when the lights went out in North Korea, or Iran had that little problem with Stuxnet? Perhaps our offensive capabilities are more robust than our defensive ones, but most people will agree that a war of 0s and 1s is better than one of bullets and bombs.
3
Our NSA hacked Angela Merkel's cell phone, and yet, we don't see Germany issuing sanction after sanction against the US:
https://www.theguardian.com/us-news/2015/jul/08/nsa-tapped-german-chance...
Russian "hacking" of the election amounted to little more than the creation of fake social media profiles and distribution of a handful of fake news stories, something that a talented junior high student could have done. The Russians are adversaries, not allies, but they are also not sworn enemies. In point of fact, the US has meddled in Russian elections to a far greater degree than the Russians ever have in ours, in both the Yeltsin era, and between 2008 and 2012. Do we really need to go to war against Russia, or to declare a new cold war?
2
Has the NSA tested the vulnerability of power plants, water treatment facilities, hospitals, 911 systems etc.? They know how to make the tools that can be used to manipulate and abuse all types of infrastructure (stuxnet and newer tools). Basically, just like some of the best experts on securing locks are people who pick them for a living (legal or otherwise), the NSA is uniquely qualified to find vulnerabilities and then advise on ways to secure and harden systems They are, after all, the national security agency, so helping to secure the nation's vital infrastructure and sensitive installations (nuclear power stations, power grid, chemical plants, pipelines, railroad signals...) should be a key objective of theirs.
17
DHS is directly responsible for this; NSA partners. But to answer your question, yes, red team analysis is always done. Are the recommendations followed and implemented? Not often.
Further reading: https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-2...
1
That's easy, disconnect them from the Internet; they cannot be hacked from a remote source if they're not connected. They do not need to be connected.
If we know that there is embedded code in the power grid and other key systems, why can't it be removed and the server "hardened" against intrusions? We've known about this for years and it seems to me its a dereliction of responsibility to just sit back and complain about it by governmental authorities. Find it, root it out and protect against it. Or are we just going to await a potential disaster and then retaliate. That seems an unproductive and dangerous course.
3
Isn't this (protecting against cyber attacks) what we should spend $25 billion on, instead of on a wall? Which threat has the greater potential for completely destroying us?
28
How about a skosh of that trillion and a half tax cut or the military mound of money? Aren't they supposed to be protecting us. Get to it, gentlemen.
9
Just like it is decades past the time we should have done something about limiting immigration to our country, it is decades past the time we should have done something to secure the internet and our personal information.
What group of people, or political party, do we blame for the abhorrent lack of action on this threat? There really isn't any specific group of people to blame. It is all of us. We haven't made it one of the most important things for our government to tackle.
We have been under attack for a very long time. We have known about the threats and done very little to secure the things we hold most dear.
Things must change. Russia, and other dangerous actors, want to ruin our democracy and all of us. That can not be allowed to happen. Whatever it takes and damn the cost, we will fight them on every conceivable front.
If this is a war of attrition, we will throw the might of right at them and deal with them in kind.
Comrades if youre thinking about attacking my laptop let me save you the trouble - its true, I do occasionally watch porn.
12
If the West really wanted to avoid disruption, it was a pretty stupid idea for all of it to climb up onto a three legged milk stool and wag its tongue at the East.
1
So, USA and UK governments, you've known about Russian, Chinese, Bulgarian, fat kid in a NJ basement et al intrusions into government, commercial, and private citizen computers for years. You've done NOTHING to protect us. Instead of issuing and re-issuring alerts that go blah blah blah, how about doing something effective? I need to better protect my own networks? How? Should I call Apple? AT&T? AT&T can't even get their bills straight. Meh!
8
Here is the link to the alert.
https://www.us-cert.gov/ncas/alerts/TA18-106A
5
"When we see malicious cyberattacks, whether from the Kremlin or other nation-state actors, we are going to push back,”
It was the US who conducted the cyberattack on Ms. Merkel's private cell phone, not the Kremlin.
https://www.telegraph.co.uk/news/worldnews/europe/germany/10407282/Barac...
1
“U.S.-U.K. Warning on Cyberattacks Includes Private Homes”
“Trump Declines to Add Sanctions Against Russians, Contradicting Haley”
Has the USA really a government?
5
As a species we've evolved technologies that operate in ways that the vast majority of the population cannot explain and don't understand; we live within a "magical" world -- in the anthropological sense of a primitive culture with superstitious beliefs.
Ask yourself: can you explain how a microprocessor, or a flash memory, or an internet server, or prime number encryption, or a liquid crystal display, or web "beacon" tracking, actually work? Then you're at the same cultural level as indigenous peoples who can't explain the natural world they live in.
Why would a species invent technologies that actually strip individuals of comprehension and control of their world, or transfer the comprehension and control to experts, authorities, state actors and other third parties? Because you get comfort, pleasure, gratification and a vast amount of ego reinforcement in the trade. You take selfies because you think you're a special person, and put it on a social media platform where it is currently used by corporations to track your activity and manipulate your media and purchase preferences.
Where does that leave you? As a feedlot animal, a veal pen worker, a prole turning the crank on the selfie grinder of your own sausage market value.
We've made a religion of technology as our salvation, our elevation, our transubstantiation. Well, religion has always been a method of social control and manipulation: you've just traded one form of superstition for another.
13
Superb analysis
4
So where would you put yourself in that taxonomy?
We ain't seen nothing yet. AI is coming.
3
Private Internet companies i.e.: Comcast and FPL should develop tools to protect us against cyberattacks. Paranoid dictators like Castro and Maduro think that all persons living in Miami want to topple their regimes, and for that reason they are spying on us almost 100% of the time. Russia helps them. If you want to know how is to live under those dictatorships you can watch "A quiet place" for a preview of our future: https://youtu.be/22Z4L8zMtQg
“We have found the Russians in routers and deep inside networks for 20 years. But this is about saying to the Russians, ‘We know where you are pre-positioned and if something happens, we will know it is you."
Oh, yeah, the same strategy that worked so well for the "War of Drugs."
Yep, A winner.
This is nothing new, the Russians and many other domestic and foreign criminals have been doing this type of crime for years ever since the internet became available to them. The flaws in computer software including operating systems makes it easier for them to commit these crimes along with a complicit police force and Government; Anti-virus and anti-spyware software of whatever brand won't stop them either.
The more criminals get access to the internet and learn how to use it, the more criminals there will be committing this type of crime.
Our British government does not have an effective legislative DETERRENT for this type of crime yet - hence ever more increasing criminals doing it!
I'm confused. How is this not considered an all out cyber war? How is this okay?
2
"The officials said the Kremlin was often utilizing what were known as man-in-the-middle attacks, in which hackers secretly inserted themselves into the exchange of data between a computer or server in order to eavesdrop, collect confidential information, misdirect payments or further compromise security."
Ah yes, the method by which the Ohio vote count was altered in Nov. 2004 on election night, giving W a second "term".
Oh, wait that had nothing to do with Russia, and hacking isn't a new thing to 2017/18.
2
Our government is not protecting us. I don't know what we can do.
2
Not sure why so many commentators are blaming Trump here.
We had an opportunity, in 1991, to "bury them" or at least allow the USSR/Russia to devolve into civil war. While they were on the mat, we should have finished the job. Instead, we coddled them, tried to make them our friends, while they were re-arming and, with an x-KGB man in charge, finding more devious ways to exert their power.
Russia is the enemy. They should be treated as such.
1
At the end of WW2 we had an opportunity to end the problem. Look where that decision got us.
How do we know that Donald Trump might “reverse course”tomorrow like he just did to Nikki Haley over Russian sanctions.
I’m not believing ANY of this until I see an official Tweet.
In its largest sense, providing effective "cybersecurity" for buyers of home PC's/phones/devices/"things" poses the same root issue as Facebook/Twitter/SM does, in providing cyber-"data privacy" for users. It's 2 sides of the same coin. But, both the public's "Homeland-security" interest in effective cyber-security, and the private Net/tech/social media firms' interest in protecting personal "data privacy", should both share the same end-goal-- protecting us all from "bad actors", foreign & domestic.
Yet we're a capitalist country-- the for-profit private sector does not & is not obligated to share the same interests/goals as national gov't-- & given the FB/Camb.Analytica scandal, this "disconnect" threatens us all. "Internet commerce"--in all its variants, from social media to buying on Amazon-- is going to have to be nationally regulated as a "public utility'. Because it is.
It's analogous to buying/safely-operating a car. As its buyer/user, I don't need to know the "tech details" of how a car works, safety-wise. I just need to know it can pass my state's annual "car safety inspection". So perhaps we're entering an area of mandatory "public safety inspections" of our "devices". At present, all the "end-risk" of safely operating those devices is passed on to us end-users/buyers. Overall, most of us are too uninformed/tech-ignorant to know & understand what we risk when we use them. And even if we do "get it", we're unprotected from our neighbor who doesn't.
6
So what are we in private homes, supposed to do??
5
I believe that the government is finally poking at the manufacturers of these devices and asking them somewhat covertly to step up and make the next rev of these things secure by default.
Adding the ability to get certified firmware updates would be a must.
A universal iot firmware update/installer standard should be adhered to.
Although the family techy will need to apply and check the patch.
Some of these older non secure io things should simply be recalled.
Not going to happen but...
3
I don't think they need to actually hack into our computers to steal files. If we send emails and documents that are not encrypted, I believe these people can steal the information.
2
So what does the average person do who has a device or two at home, accompanied by a router? Most people don't have the money or skills to build firewalls to prevent hacking. I may just go back to the old-fashioned way of paying my bills - mail a check. I'm sick of all this hacking, Russian and otherwise.
3
Does it matter to change passwords if my router is compromised? How would I know if my router is a sleeper cell?
3
No, to be sure, you'd need a new device. Steps:
1. go buy a new router in person (less chance it has been tampered with versus getting it thru the mail thru a TAO-like program...not saying this is likely, but you wanted to know...),
2. turn the device on, login to the firmware (NB: do not connect to the modem yet via ethernet)
3. update the firmware to the latest version (download it before you switch the routers),
4. change the router pass to something secure (use diceware method; take advantage of password mangers e.g. 1Password, lastPass etc).
5. Enable WiFI with WPA2 encryption. Use a minimum six word passphrase by using the passphrase generator in your passphrase manager (do not try to come up with random words yourself, you can not).
6. Do not use WPS.
7. Turn off services in the router that you are not using, e.g., Telnet, SSH, etc).
8. Restart & Plug in ethernet
This is cumbersome but unfortunately, this is the answer to your question.
If you want to spend some time on this and be even safer (probably), I'd recommend looking for a router that can run the open source firmware, dd-wrt, rather than the router company's software. But be careful going down this rabbit hole, it will take time to do it right. If you want to, the router I recommend is the Asus RT-AC68U. The external antennas add to the range. If you want to graduate from dd-wrt, look into Ubiquiti devices, viz. the EdgeRouter Lite and the ac WAPs. Neither of these options is for the faint of heart.
1
I refuse to believe that, as the inventors of computers and the internet, the USA hasn’t got an cyber army of its own to whack Putin with. It is starting to get very annoying.
I also need to know what I am supposed to do to protect my own home. It was not clear in the article.
1
"Russians [are] seeking to exploit increasing popularity of internet-connected devices around homes & businesses- the so-called Internet of things."
This does not surprise me. The fact that people are still going ahead with installing these devices. Well, would you buy a sauna knowing a nation is strategizing to fry you? OK, an oven you need. A sauna? You pass.
Makes me think of the early environmental warnings. My biology teacher gave me a copy of Silent Spring in 1964. It was pretty obvious even then where this was heading. Then we had early air pollution and ozone and the atmospheric folks warning us.
Now it's cyberspace. Sure, bring it on home. Face facts? Common sense? Bah humbug.
Some tips to strengthen network security at home:
- Don’t use routers supplied by your ISP
- Update your router’s firmware to the latest version
- Change the router’s admin password to something other than the default
- Block access to the router’s management interface from the internet
- enable the "https" protocol to access the router’s management interface
- Create a strong Wi-Fi password and use a strong protocol
there's more, of course, but these are some basics.
1
Thank you for the "basic" help in the initial steps one should (must) take to reduce cyber hacking. I want to point out that about 92% of people reading this have no idea what most of it means and have no idea as to how to go about doing what you suggest. I work with all ages using computers; the users simply do not know enough to take most, if not all, of these actions. It is like having a new car. Who can fix their car in today's world? Years ago I could work on my engine, etc., but today I can hardly open the hood. So, what I am saying is that the manufacturer should create the means and methods to fix these tools so they are not as susceptible to hacking, etc., It should not be up to the end user.
1
The reality is that hackers continually come up with new ways to break through, so it's up to the end user to make sure their defenses are as strong as possible. agree that manufacturers should issue security patches as needed for their particular devices and services. But in the end, each user has to take responsibility to ensure their own security defenses across all devices, programs, apps, clouds products, etc., as each user or family has their own unique combination of services, devices, apps, etc. There is no magic bullet.
Totally agree Dan G. -- the overall "risk" to us all (on both levels-- to homeland security and "personal data" security) is far too great to simply be passed on/handed off to tech-ignorant end-users. It's just like the housing bubble/derivatives etc etc.-- the FIRE sectors developed & created the risk & passed it off to the taxpayers left holding the bag.
In all seriousness, I realize how frightening and terrifying this scenario is and could be, however, there MAY be a bright side to a potential cyber attack from a foreign country. Perhaps once and for all Trump's income tax records will FINALLY be revealed for the entire world to see.
At least that's something. Maybe?
2
Why are they so curious about our connectivity? See, some people exploit our ignorance while others are there to help.
http://insna.org/PDF/Connections/v19/1996_I-1-3.pdf
Who knew ignorance could be so well manipulated?
Perhaps a bit of Cold War MAD strategy is in order. During the Cold War "mutually assured destruction" prevented the use of nuclear weapons. By replying in kind to the Russian military, banking, and power grid, we could make it known that whatever they attempted would be reciprocal . . . thus MAD for the computer age. It would definitely be better than the response we have now, which seems to be "duck and cover" . . .
1
I would add that the internet was originally set up with no thought for any kind
of security. And we are paying for that now.Chickens have come home to roost
ladies and gentlemen.
I keep asking myself that rhetorical question - are the Russians really that much smarter than the Americans? Perhaps they are not smarter, just more determined with unmatched perseverance to take down the U.S.
They apparently are capable to launch cyber attacks and "state-sponsored actors using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations".
Perhaps the American Government is simply more arrogant, laid back, and less determined to be proactive about safeguarding our computer systems until something happens. Instead of a continual shoring up of our firewalls and other systems to prevent a grand scale cyber attacked from ANYONE, our lackadaisical approach to network safety and security could come back and bite many of us in the end.
I do not understand how this scenario could not have been envisioned nor foreseen by the U.S., but the bigger question is to how proceed and protect this country from such an attack.
12
I really don't want this glossed over like when it was recently revealed that the Russians have access to power and water systems in the U.S. and UK and the ability to sabotage those systems. That was barely a blip in the news; hardly anyone was talking about it; and if felt like I was the only one concerned. I mean are these actions not essentially acts of war but instead of with missiles with hacking and coding? If the Russians used military means to gain access and control of our water or power systems, that's war. But when done electronically, it's what? We're all just sitting here like, "Oh, OK, another country has access to our key infrastructure, no bigs."
Um, bigs, everyone, bigs indeed. Feel me?
5
War by other means, but meantime everyone in the world is so busy playing on an electronic toy from China and engaging in mindless activities on social media. Good luck getting anyone's attention for more than a nanosecond these days...
3
Go to your nearest survival store and they can set you up for armageddon. It will be bad. Be prepared to go off the grid. You'll need to buy several guns to protect yourself, your property and your family (if you don't already have them). You'll also need bow and arrows and fishing line to hunt for food. You'll probably need several gold bricks. Bitcoin won't do. For inspiration reading I suggest "The Road" by cormac mccarthy. In the mean time chill.
I think that the main problem here is that everything seems to be connected
to the Internet in one way or another.So bad guys figure out how to get around
whatever security you may have. Then internet companies,etc.fix that problem and the hackers figure out another way into computers and systems both
private and public. Talking with people here that work at a large military
installation (Edwards Air Force Base) I am told the they have a whole separate system for high security stuff that is not connected
in any way to the internet.Yet they still have their problems with that
setup
3
Based upon this article, if Trump as President, doesn't take a public stand immediately, to prevent such an attack against individual computers by Russia, then it will be time to commence impeachment proceedings against him for his refusal to do so.
It is time for Trump to protect all of us NOW, and not just himself, his family, his friends, and his contributors.
It became his responsibility to do so from the moment he took his oath as President!
1
You put too much stock in the man.
Critical infrastructure has no business being directly exposed to the internet.
Required connections between facilities (electrical grid stations, gas pipelines networks, etc.) should solely be via VPN with no "open" connection to the internet at large in any of the involved systems. ie: engineering/operations needs to be air/stone gapped from administration and other non technical functions.
Nuclear power plants have ZERO need to be connected to the web. The electrical generation side may need to be connected to the utility network (power management) but that should be air and stone gapped from the nuclear reactor operations.
21
Seems to me to be a well thought out solution. Appreciate the heads up and solutions laid out by Mr. Braun.
3
Agree 100%! Having vital infrastructure exposed as it apparently still often is; that's not just careless, it's criminal, or should be. If there isn't a law to that extend, let's have one, pronto!
1
In the event of an attack, I'm not so sure VPN will help. All that does is make it look like you're located somewhere where you are not.
So, what, if anything, specifically should I do to protect my network from Russians? I have a modem from my internet provider and a WiFi router connected to the modem. My computers have all antyvirus, web and email protections. Is it enough or more is needed? Since many people have systems like mine, I hope someone of the authority is going to answer clearly my questions.
8
Many routers use unchanged factory passwords. Many people confuse virus definitions with antivirus software and don’t update definitions.
1
Here is one website with good instructions on how to secure one's WiFi router:
https://www.computerhope.com/issues/ch001289.htm
I would add that one should check the port forwarding setup on the router to make sure there is no Internect access to insecure services running on the internal network. Make sure all user accounts have a strong password. And make sure the router firmware is up to date.
1
You are asking a simple and practical question, but the answers are becoming harder and harder to find.
As an example, last week the U.S. Copyright Office denied me a Certificate of Registration on a 160 page document that explains, among other things, how to protect chips from back doors and viral implants. They essentially denied me copyright protection. It's supposed to be that you pay the Gov't $85, they assign a priority date to the document, and send you the certificate. Instead, they read the document and decided they didn't like it, so they threw it into the trash. Note that you can't sue for copyright infringement without a Certificate of Registration.
This kind of political repression has to stop, or no one will be able to defend themselves.
_W_
Here is the actual alert (see below). It is technical in nature. While the info in the alert is pertinent -- it is the same sort of alert IT professionals would have seen 5 years ago. Secure Telnet on your router blah blah blah.
I do not think we are getting the whole story from the NSA here. Something is brewing but we are definitely not getting the whole story.
More to the point - if you go to actual IT technical websites, they reference this advisory but they are not excited about it either. Largely because the actual details in the advisory is nothing new at all.
https://www.us-cert.gov/ncas/alerts/TA18-106A
5
Last night, I had my wi-fi suddenly undiscoverable despite WPA-2 encrypted password. First time to lose internet service in this way. Then I hear that the IRS systems partially went down right before filing deadline. Then heard about this warning. Are we currently under cyberattack? That is. more than the usual.
6
What anti-virus are you using?
UK banks were advising business customers not to use the Russian Kaspersky anti-virus due to it being capable of spying on its users and sending their private data back to their labs! I did use to use it myself as the majority of UK universities insisted their students used it for sending emails and assignments to them. I then used BitDefender which is also foreign made but now I use a British anti-virus product.
1
No. Wifi is notoriously unreliable. Don't read into it.
Good that you use WPA2 encryption. Hopefully the passphrase is secure (q.v. https://howsecureismypassword.net ).
But the wireless encryption also has nothing to do with the wifi going down.
Make secure passphrases, learn about diceware, or just use a passphrase manager. 1Password is my favorite, but it is not free. https://www.lastpass.com is free. Use different passes on EVERY login. If you use a manager, you only need to remember its passphrase and the pass to your computer. Enable 2FA via an authenticator app (e.g. https://authy.com); do not use SMS-based 2FA.
IRS system went down because it was overloaded because everybody waits until the last minute to do their taxes. The IRS probably doesn't use a cloud hosting provider, which can easily add more computers when the load is high, but instead relies on old school dedicated boxes.
A specific example may help: You organize a conference at a hotel, and you expect 100 guests. So you get a conference room that can accommodate 100 conference goers, but no more (there just isn't the available physical space). But 50 show up who did not RSVP. What do you do? Rent the conference room next door, that can accommodate the sudden influx of guests.
That's how cloud computing works. The resources (i.e., extra computers) are there for companies to use whenever they need to, and they are only charged for more resources when they hit their capacity.
Hope that helps.
1
Thanks for the concrete suggestions. I have done most but appreciate the additional info.
I recently read an interesting book about cyber war taking down US critical infrastructure. It was a novel, but so realistic that I am starting to wonder if it could really happen.
EDIT: All Systems Down is the book. Looks like it came out this year.
4
I do not claim extensive knowledge of cyber-weapons, but I have made a career in information and cyber security.
These developments are extraordinary, and carry a risk to escalate to a nuclear exchange between the US and Russia. My fears include the following:
• The impact of a wide-scale cyber-attack on critical infrastructure is unknown. Neither the aggressor nor the target can predict with confidence un-intended damage and loss of human life. There is no certainty that cyber-weaponry can be targeted with precision.
• There is no experience in de-escalation of a cyberattack. Unlike symmetric kinetic warfare modeled by military planners, it is not possible to systematically escalate (or recall) an attack; in particular where damage may unfold over a period of time (e.g., a disabled cooling system in a nuclear power plant). In short there is a potential of vastly greater damage than envisioned.
• The security of nation-state cyber-weapons is questionable. Unlike nukes, with rigorous control over ‘launch’, Russia appears to be using a web of military, intelligence, and proxies capable of launching cyber-attacks. This decentralized control risks hostility being initiated by rouge agents
Couple this with a President who has demonstrated an inability to think and act logically, one can imagine an outcome of apocalyptic proportion which began as a cyber-attack.
34
In the 1960s, Timothy Leary said "Turn on. Tune in. Drop out."
Maybe a revised quote should be "Turn off. Tune out. Live off the grid."
21
Good luck with "living off the grid" unless you want to live the rest of your life in some remote cabin in the woods, hunt/grow your own food, use candles for "electricity," etc. It's not a viable way of life for 99 percent of the world.
1
Actually, before he chronicled his final illness and death on the Net, he said, "turn on, boot up, jack in", and that the PC was the new LSD.
Remember Stuxnet? The brilliant, awe-inspiring cyber-weapon created (allegedly) jointly by the US and Israel to stop Iran's nuclear program. That worm could turn-on microphones and video cameras to facilitate remote spying on Iran's labs; and, more importantly, it wrecked their centrifuges. No one can convince me that Russia, China and/or North Korea could not do the same in our connected homes and businesses. Consumer-installed smart TVs and virtual assistants are probably easy prey.
Oh, BTW, Iran hired Kaspersky Labs to solve their Stuxnet problem. Just sayin'.
16
OK, so this is a thing now. What I need is proven steps to protect my data as much as possible. Not the usual window dressing.
9
You know what's good? Paper.
Trump is a compromised traitor! The new Russian attack on our citizens comes just as Trump once again coddles Putin.
Whatever the Russians have on Trump it must be really bad for Trump to betray his nation the way his has done with the Russians.
16
What does Trump love? Money. And the fame that goes with it. Perhaps what the Russians have on him is the spigot. Maybe they turn off the spigot and he owes them so much money already that they literally OWN him! His magic world of "I'm the head cheese" would come crashing down if everybody knew that he was such a fraud and such a poor businessman that the Russians targeted/got him several years ago and have been using him ever since, never thinking he truly could become president but hoping to use him to 'shake things up' and spread 'fake news'. They've got something on him, that's for sure. And it makes me feel absolutely owned as if America is no longer in control of her own fate. I don't like this feeling at all and I wish Mueller would soon deliver us from this.
1
Here's the link to the technical instructions:
https://www.us-cert.gov/ncas/alerts/TA18-106A
16
NYT, as a service to your readers please update this story and provide the link to the joint warning statement and technical guidance to individuals.
20
NYT referenced but didn’t link to:
Alert (TA18-106A)
Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
Original release date: April 16, 2018: https://www.us-cert.gov/ncas/alerts/TA18-106A
2
Thank you. Super helpful. I was just looking for the actual alert.
Baloney
3
actually, mortadella :)
"History comes from Russia".
1
There goes another business down the tubes with Russias cyber attacks. I mean Dell ,Hullard Packard . They get hit the most with viruses in good times. I have an Apple so I hope they can't get into that yet. Serenity now.
2
D.j.j.k. - the more popular platforms get targeted more often. It's a matter of the quantity of low-hanging fruit. There are lots of compromises for any platform you care to bring up.
Your hopes are total delusion. If you have not already been compromised you are lucky. Also, it is not just the operating system that defines your vulnerability. Where do you surf, what chances do you take, do you have A/V and other security software running on your machine, do you keep up-to-date.
The Russians are coming! The Russians are coming! Hello? is there anyone in Congress or the Executive Branch awake? Does anyone care? Should we assume you have this under control? Is this your idea of fake news? What, exactly, are we paying you guys for? Your silence if deafening, and damning.
19
I've been sounding the alarm for years. Researchers at Columbia U exposed printer insecurities 10 years ago and there was a collective yawn. The biggest problem was getting big tech companies to act and develop firmware/software patches. They only acted after being shamed. Printers, like many consumer devices are small computers on the network and present an easy attack vector. It is a national security concern as all of those devices can be pointed at a target to open a fire hose of data to blow up a target in a denial of service attack. There should be a national effort to harden all of our software/hardware vectors. It won't happen without regulation because it costs money now and has no return on investment for shareholders now. The present government won't do it, their collective heads are firmly in the sand. It will take an attack to prompt a response, but this gov't will respond in any other way besides fixing the actual problem. I've got my stuff secured do you? It should be your patriotic duty.
61
this entire comment is bogus and why what it made an editors pick? There is a world of difference between the network printer exploit (which is real and notable but utterly fixable with simple firmware updates) to concentrated attacks on USA power plants (which is real but a whole different story IT-wise and a more serious issue). The PROBLEM from an IT perspective is that power plants are largely administered by non-IT types. Most of them are private owned and operated. They do not care about their own network security. Since congress does not know anything about IT either -- this is really the fools informing the fools when it comes to securing important USA networks. Basically nothing will happen regarding this until a true disaster happens at a USA power plant. The USA govt needs some folks who actually understand IT. Until then nothing.
6
I just bought a manual typewriter and I LOVE IT. It is the machine on which I learned to type and the ONLY copy is the hard copy.
5
So next time that little smart device of yours doesn't answer to Alexa, try Alexi.
135
Amazon World Services may be an easy scapegoat, but there are much more basic vulnerabilities that are far more prevalent, and which pose far greater concerns.
1
Where is the link to the technical instructions?
5
Thanks Trump.
3
We all use routers. Most of us own at least one. What, if anything, are the officials suggesting that we do to mitigate our exposure? I have seen this story in at least 3 other places and not one says a word about what action to take or if any effective action is even possible. NYT... Please?
38
1. change the admin pass on home router to something arcane and long. minimum 12 characters long. No dictionary words. generally most home users should be able to figure out how to do this.
2. confirm you have the latest firmware on your home router. technical topic.
3. Firewall should be ON on our home router. If you dont need or use services on your router that you dont use do not open those ports on your router. Admittedly this is a technical topic.
4. Make your router un-pingable, which makes it a bit harder to discover. Technical topic.
My very incomplete knowledge of this sort of thing leads to me think that we can protect as much as possible our computers, avoid dodgy sites or opening unfamiliar attachments but this has no bearing on our routers. If those are compromised, I would guess that the companies running the servers have something to answer for.
Whether I am right or not, I avoid free email because the company providing the service is interested in advertising revenue, not you nor your router, so I am not sure how much priority they give to your security.
1
I'm not a cyber expert, but I am an IT professional. Two big steps, make sure your router is DISabled for remote access, so NOBODY can connect to it fr om outside your premises, and that you have a very strong password. If you have had the same password for a long time, change it.
1
What good is this amorphous warning against Russian cyber warfare when neither the U.S. nor the U.K. have shown themselves able to deter, detect and defeat it. Why not?
6
What gives the Kremlin the right to do what Washington and London do? Surely it knows that Washington has staked out this area for itself, because we broadcast it.
For example:
The Joint Vision 2010 op-
erational concepts of domi-
nant maneuver, precision
engagement, full-dimen-
sional protection, and fo-
cused logistics are enabled
by information superiority and
technological innovation. The
end result of these enablers
and concepts is Full Spec-
trum Dominance. Informa-
tion superiority relies heavily
upon space capabilities to collect, process, and
disseminate an uninterrupted flow of information
while denying an adversary's ability to fully lever-
age the same.
1
"... we are going to push back." says Rob Joyce. Well, not without trump's authorization you're not. And that is the problem. The NSC has to obey Putin's puppet in the White House - the same puppet that just went easy on additional sanctions against Russia's Oligarchs, ... again.
15
US Cyber Command, or CYBERCOM, needs something to do. Chemical weapons narratives supplied the conventional commands an opportunity to launch missiles from ships and blow things up. A cyber attack narrative will allow Cybercom to launch their version of digital missiles, while enhancing their domestic authority option value, to perhaps unprecedented levels. Pretext is not only the modern institutional tactic de jure, but culturally, de rigueur.
1
"But this is about saying to the Russians, ‘We know where you are pre-positioned and if something happens, we will know it is you.’”
Okay, so what. We've always known it was the Russians. Knowing who it is, is not and never has been, a solution. It's not even talking about a solution. So, what gives? Any plan? Any penetration of their electrical grid. Or just more hoopla and tit for tat while notching up easily manipulated anxious Americans ?
3
Meanwhile back at the ranch Congress is doing nothing to protect the American elections or the American people from Russian interventions.
13
If you have your own private server, do you still have to use a router?
Your question is the first problem.
How timely . . . yesterday, AppleInsider published a story titled, "Lennar now integrating Amazon Alexa surveillance into new home construction." Amazon, America's largest on-line retailer and Lennar Homes, the second largest home builder in the country, have joined forces to bring surveillance capitalism to your residence . . . and surprise! It's missing even the basic privacy protections needed to protect against the kind of risks highlighted by the intelligence communities.
Yes, the warning is vague. They always are. But the risks are well known to information privacy experts in the private sector and the government. One problem is that federal policy makers (e.g. Congress) have been too slow to regulate privacy as a fundamental right. Why? It would put obstacles in the path of businesses like Facebook and Amazon. It would also add a layer of cost to every business to protect citizen data.
This leaves the door wide open to our economic and political adversaries . . .
4
Are there any practical steps that an individual can take to secure their routers and home networks? Why would the russian government or any state actor be interested in hacking a private individual's network other than possibly the few who may house government secrets? n
As you point out in your article, the US has known for 20 years about these cyber vulnerabilities, why have we not acted sooner to reduce the threat?
Can we move to a pay for performance economic model for those who represent us in congress and for the president? As a taxpayer who only sees looming debts on the horizon, I feel it may be incumbent upon us to direct a harsh austerity upon our so-called political leaders.
6
Nothing like a little fear itself to make yesterday's paranoia seem docile. There's a huge difference between warning people about something that the Powers That Be are not able to protect us from. Ultimately, the Internet is keyless and lockless which means we are more than ever dependent on the unchallengeable authority of the government for protection. That, or everybody is equal, like communism, and we don't care about privacy anymore.
From the article --
"In particular, both governments said, Russians were seeking to exploit the increasing popularity of internet-connected devices around homes and businesses — the so-called internet of things — 'the kind of thing you and I have in our homes,' Mr. Joyce said."
Not helpful. The word "thing" is just a bit too vague.
What are we talking about here? What are these "things" we have in our homes?
lnternet-connected light switches, door locks, coffee makers, refrigerators, irrigation systems, TVs...the list is endless.
3
Wow. Thanks. It's so hard to keep up. Probably getting tough for sci-fi writers to beat reality.
Disconnect all routers and any computer systems. Stow personal communication devices indefinitely. Have heart felt personal face to face talks with family members, local friends and neighbors. Repeat daily.
8
Why doesn’t this article direct the reader to the specific guidance our government is providing organizations and individuals to protect themselves???
10
The USG urges us to protect our own networks better while pushing American technology companies to implement backdoors to let law enforcement take a peek, opening the potential for devastating compromise should the government or technology company lose control of the keys, as they have countless other state secrets over the years.
These impulses are blatantly contradictory and give the impression that we are catastrophically behind the curve in coping with these issues at the national level, to say nothing of the individual level.
1
This should be a wake up to call to the dangers of issues like a cashless society where they really could bring down a country in a day.
4
". . . warning about Russian cyberattacks against government and private organizations as well as individual homes and offices in both countries"
This should really not come as a surprise or shock for any American. I mean heck, in the past few years, there has been so many security breeches in a plethora of many major credit card companies, retail giants, Equifax, Facebook, just to name a few. It seems pretty clear that no one is completely safe or secure from some degree of information theft. It was just a matter of time before the Russians allegedly pushed the envelop where their attempts could literally hit home for untold individuals.
For now anyway, I'll going to dust off my box of stationary, find my dictionary, walk to the post office to purchase some stamps, and start writing letters to people. My emails may be hacked, but hopefully my letters and other correspondence will arrive safe and sound to its intended reader with no interlopers eyeballing my words.
3
As with Tom Ridge's color coded alerts in times past, they want us all cowering under our beds in unquestioning fear.
1
The State has always been an institution since Classical times that manages civilian compliance through threat, punishment and disaster intervention. That is among the reasons why the Patriot Act and the larger, sprawling security infrastructure is organized around large-scale civilian authority status, and why terror is among the most ideal cognitive and emotional routines that trigger its activation. Indeed, terror can be synthetically applied to any number of otherwise independent events. Cyber security warnings issued with great urgency by the US and UK over the past 72 hours is an example of pretext opportunity, as are natural disasters. The NYT has a front-page report this morning on earthquake risk in San Francisco. And every day the public is bombarded with fear stimulation signals from media and government. Lastly, this is why global warming and climate change--rather than merely pollution--is also an ideal civilian intervention construct, due to its catastrophist ideology, and thereby an assumed global government mandate. Unchecked and unbalanced indeed.
As I write my comment, the IRS filing website is down, on tax filing day. I experience an ransomware attempt event, about 50 minutes ago. I am thinking about all the problems I have been having with my cable TV streams..my service is okay, but many of the channels have had lots and lots of interference.
This is real. We are constantly under attack now, on the internet and it is becoming useless. Thousands of companies have invested heavily in going electronic, and now have so much of their info "in the cloud" , they are totally dependent on the internet to function. AT&T changed me to paperless billing the other day, without my permission. (I tried paperless, and found they didn't give you the same level of detail about the bill, as the traditional paper bills, so I am getting all my important bills on paper again, now.)
What would happen to these companies, if they could not get their systems up and running for a week or a month? If Putin and other enemy actors decide to really wreak havoc through our cyber systems, there is little defense right now, since the treasonous fake POTUS keeps the back door open for Russia. Corporations and government, both, have been too naïve and entrusting of the possibilities of the internet and not cautious enough, of the evil possibilities, as well. They've harnessed the money-making capabilities, but they've left the back door to the store open.
5
This article would have been more than just fear-mongering if it had at least linked to what private homes can do to protect themselves (other than the obvious, like not using smart devices). A separate and clear bullet point box of recommendations would be very helpful.
Also, what is the gov actually doing other than sending out warnings (heard typically only by people who are already aware we are at risk)?
Finally, please fix the program reporters are using to put in their article or the program which the report is set for web publication where there is a missing line space between paragraphs.
1
If someone has compromised your router, nothing may work, but one relatively easy precaution is to change your router password monthly to an eight-digit (or longer; the longer the better) mix of randomly-generated upper-and lower-case letters, numbers and punctuation. You can find random password generators online (yeah, I know...)
Of course, this means that you'll have to change the passwords on all your Internet-connected devices as well, which can be a PITA. (I have over 25 such devices running at my house, from computers, tablets and smartphones to baby monitors, light switches, TVs, door locks, etc.)
You should also do the same with all your credit cards, website log-ins, etc...or you could just disconnect from the Internet...
My thoughts and prayers go out to anyone who might already have installed smart locks on their homes.
6
So now that they've decided this is important enough to merit a public warning, does that mean that the 3 letter security orgs are going to take the most obvious step by ceasing their current practice of hoarding security flaws when they find them and instead will undertake to immediately inform the appropriate entities in order to have them patched in a timely fashion?
Without that step these are empty words.
9
The U.S. Government already informs the 'appropriate entities'. However, the recipient (e.g. banks, commercial infrastructure and other companies) has to have someone on the payroll with a U.S. security clearance before the Govt. will share the data. I have noted on job postings for prime defense contractors, here in the U.S., that they are sending employees with U.S. security clearances to work in data centers in Canada. I suppose that is how they have things arranged with the Canadians. The problem is...to whom have these people swore allegiance to: the Govt. of Canada or the Govt. of the United States?
_W_
Hysteria could not be defined more clearly. The US has yet to show any meaningful interference in the 2016 election but the NYTs continues to assert the baseless claims. Just think what the US is up to. At the end of the day the future of the internet is called into question. The malevolence of Russians has become cartoonish. The fodder for more marvel comic movies.
5
I agree with the comments about lack of credible evidence of Russian hacking of the election. Not only did they not alter any voting machines, I am unconvinced that a fake political ad on Facebook in the context of a billion other political ads has any significant impact.
However, Russian, North Korean and other national actions to spy, steal information, use file locking extortion and do other cyber-harm is without doubt happening on an ever-increasing basis.
3
Those of us who work in cybersecurity will tell you that you are wrong. Dead wrong. And apparently you know nothing of Russian/Soviet culture.
4
DA, Comrade!
No need for overt, splashy hacks of voting machines. It's so much more elegant and hard to trace, to simply hack the public perception of a candidate. Americans are so gullible, never checking stories, as long as they pander to popular prejudices and preferences.
Russia is saving the splashy stuff for when it really gets sticky. Dropping the power grid across the country is only really useful in certain situations. Like, when an authoritarian President needs a pretense for emergency powers, etc.
1
Routers aside, I'm quite happy with my iPad's performance, w the exception that it's too old to update anymore. My last two Windows laptops were hacked multiple tiles. However, the one ransomeware attack on my iPad failed miserably. I was told my computer was locked and wouldn't function until I paid. Not true. Only the browser was locked. The fix was as easy as deleting the browser and re-installing it. The only things that keep me from moving to a Mac is that everything is so different from Windows, I still can't figure Numbers on iPad. There were no tutorials when I bought it. And, maybe I'm missing something, but Office programs like Word see to have more to offer than Pages. Also, no Windows hacks since W10 arrived. Still, I'm most confident w Apple. If malware is as confused as I am by Apple, there should be no problem. My kids are no help. When I ask them why I shouldn't get Apple, they'll chime,"It's proprietary!" And I'm thinking, Yeah, you just haven't been hacked yet. Good luck.
5
Please explain to me, again, why it is so important for us to establish more, not less, internet connectivity between our computers, laptops, handheld devices, financial accounts, electronic appliances, self-driving vehicles, utility services, home entertainment systems, social media accounts, automated electronic payments, and smart home voice control devices? All while artificial intelligence advances by leaps and bounds.
Why do I have the sinking suspicion that AI will outsmart us, and that we are turning into helpless sitting ducks for all manner of coming electronic mischief that we can barely imagine today?
14
Simple answer: convenience. I can arm/disarm my home alarm system, set the thermostats, and turn lights on and off remotely.
1
Apparently so can the Russians, Phil.
5
Hah. So lovely not to have a home alarm system, steam heat determined by the landlord and, so far, I turn the lights off when I leave the house and flick them back on when I arrive. Revolutionary!
3
After a bit of searching, I found links to the US and UK versions of this warning:
https://www.us-cert.gov/ncas/alerts/TA18-106A
https://www.ncsc.gov.uk/content/files/protected_files/article_files/Russ...
8
Thanks, the article should have included that.
This is the problem with hiring a convicted liar to head the NSA- once Bolton's fingerprints are on something no one believes it. Every warning appears as an excuse to wage war. Get rid of him and get someone with credibility to explain this stuff to the American people. Give us what we pay for.
11
In the cyber war it's difficult to know who did what to whom. If the ISP address in my home TV is attacked, it would be impossible to know if it's the Russians or some other social or commercial predator doing it.
_W_
2
This is why I suspect the answer is to own your own server. The Russians never got Hillary's emails OR Murdoch's UK CEO's, and that could have cost him $2 billion dollars in FCPA fines.
2
It's not impossible to find origination.
Router Security advice can be found at www.RouterSecurity.org. The site is not selling anything and there are no ads.
3
Trump fiddles as Rome (our national security) burns.
4
PROTECTING YOUR ROUTER
This isn't the official UK-US info but it's good advice:
https://www.lifewire.com/how-to-hack-proof-your-wireless-router-2487654
1
Judging by the way congressmembers' eyes glazed over during Mark Zuckerberg's testimony, there are few elected officials who know enough about cybertechnology to keep us safe.
18
This may be the "warnings" information referred to in the article. If so, it's far too technical for most home network users. https://www.us-cert.gov/ncas/alerts/TA18-106A
2
Thanks for the warning. And now what? Hows about some concrete advice?
Reminds of the old color coded terrorist threat level........
7
Here we go again! Is there anything for which Russia is not responsible? Russia caused a tornado across the US, they caused snow in the UK,
5
The Russians are coming! The Russians are coming! (Only this time they ARE.)
5
This sounds a little bit like "The pot calling the kettle black" . Remember Edward Snowden ?
1
The breathless and heavily biased reporting on the Snowden "revelations" largely ignored the fact that the NSA is not the only actor exploiting network vulnerabilities. The fact is that many other nations have active signals intelligence services that are a greater threat to US and European facilities and citizens than the NSA and other Five Eyes agencies. It also ignored the fact that there are plenty of criminals interested in gathering personal information and either using it for fraud or selling it on to others who will. The US-Cert advisory (TA18-106A) is a reminder of that.
"The United States and Britain on Monday issued a first-of-its-kind joint warning ..."
The joint Technical Alert is available at us-cert.gov. The alert is mind-numbingly dense, but it appears to be giving standard advice, such as change your router passwords from the defaults and check that your router firmware is up-to-date.
Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
Original release date: April 16, 2018
Web site: us-cert.gov
36
And the White House response to these Russian cyber attacks -- 'No collusion. No more sanctions.'
Thank you for telling us where to look for the alert and the brief summary. I wonder why a link wasn't included in the article.
1
The technical alert (TA18-106A) notes, manufactures of many routers still in use, especially in homes and small businesses, no longer support them with patches to correct vulnerabilities. Many of these devices, especially consumer grade equipment with low price tags from various manufacturers, were quite insecure when originally sold and many of the vulnerabilities never were corrected. Any that are designated end-of-life or unsupported, for which the most recent patch is over a year or two old should be regarded with great suspicion and replaced promptly
2
Times: "The United States and Britain on Monday issued a first-of-its-kind joint warning ..."
The article fails to clearly identify the government agencies that issued the "joint warning".
4
Another deflection by Trump: He wimps out again and refuses to sign off on the new sanctions on Russia his administration announced,
Then pivots to some vague 'warning' about Russian cyber-attacks,
that he previously denied.
2
When it comes to this sort of thing, please link out to the original advisory. Distilling it down to an accessable summary is important for most readers, but those of us in the field need to be reading the details.
8
Invest in a router that runs DD-WRT. Thank me later.
2
Wow. Isn't this a bit like the way the mob works - once you're in, you never get out. We're all in, at least most us.
The credit reporting agencies, for which I most emphatically do NOT give my permission to collect information about me, had a major security breach and NOTHING was done about it. NOTHING.
The Trump administration and our GOP one-party-three-branches ruling government is doing NOTHING about the Russians, or anyone else trying to disrupt our democracy.
But they're getting ready, courtesy of all those dirty-money PACs to carpetbomb everyone with tens of millions of dollars of propaganda and fearmongering for the midterms, and the suckers who gave us this ghastly administration and Congress will buy the con again, I suspect.
We can't get any lower. And then we do.
4
The US government generally lacks both the authority and the capability to do much about routers and other computer equipment that it does not own or directly control. Moreover, when they do attempt to do so, there tends to be a good deal of resistance by the targets of malware attacks. Recent examples include State agencies that largely ignored Russian probing of election information before the 2016 election and fairly widespread opposition to a proposed law that would have encouraged private companies to share network threat information with federal law enforcement agencies through the Department of Homeland Security and protected them from civil actions related to such sharing.
2
Would be good if we had a president willing and able to respond to this threat.
8
I agree that Trump should take action, but just to put it in context, what did Obama do when his party's candidate was under attack by the Russians?
The more you do online, the more vulnerable you are the cyberattacks. Straight and simple!
1
Russia is a small, poor country with an economy the size of Italy's. Why are we so engaged, so anxious about what Russia is up to? All we need is to build one less aircraft carrier and we'll have the money to protect our computer networks, fight the real and necessary fight against this flea circus of a nation.
5
When people admire or ask about my smart watch, as a joke I sometimes proudly press the button and explain that I just flushed my toilet at home - and they usually believe me! I predict most of the 'internet of things' will eventually prove to be a bust if only because the gimmick isn't worth the risk to our privacy. Besides it's just creepy, if Alexa can hear you calling, it must be listening to everything all the time...
3
Facebook. Transunion. Experian. Target. Our government's computers.
It seems we have almost as many mass hacks than school shootings.
Instead of wasting money on border walls, we should be investing in cybersecurity.
9
Once again we are in the grip of cold war. NYT is
at the front line to sensationalize hocum from British.
There is a huge security set up in Britain spying
on foreigners. Five eyes( Australia, Canada, Newzealand,
USA and Britain, English speaking countries) spy and
share intelligence. NYT didn't mention it creating
the impression that Russia is doing something odd.
Spying is common and with the computers it has morphed
into creating and disseminating fake news to shape
public opinion. Disinformation was common in the
old cold war but computers have made it easy and
pervasive. The way to fix the problem is to have
international agreement.
1
Isn’t this what Facebook is doing?
2
On the same day as this new UK-US announcement about the potential for Russian cyberattacks, Trump walks back sanctions against Russia for its support of Syrian chemical attacks. Strange loyalties.
3
I know I'll sound like a refugee from the Dark Ages, but insist on hard copies of bank and brokerage statements; keep hard copies of tax returns and other key documents.
13
How about my ballot? I want a copy of that.
6
We should heed the U.S.-U.K. warnings about Russian cyber attacks with urgency.Russia has been trying to compromise our data for years.Does anyone remember that we spent millions on a new embassy in Moscow about thirty years ago only to have to tear it down because the Russians had filled it with bugs.We thought we could "de-bug" it but were sadly mistaken.Espionage is Russia's expertise and we fool ourselves if we think that sanctions or bad publicity will change their behavior.We need a government agency just for protection from cyber attacks.Now too many groups are working on it but without the laser like attention it needs.
8
With all due respect, other than "asking citizens to upgrade their passwords rather than duck and cover", that's it? That's the best expert advise one can expect from "both sides of the Atlantic?" Good lord, as the article states, “Once you own the router, you own all the traffic, to include the chance to harvest credentials and passwords,” what good does upgrading one's passwords going to do if people have the ability to garner and access that intel? How often do I change the plethora of passwords I use on various sites?
Other than letting folks know about this potential threat, all this article has done is create more fear, anxiety and unrest for me. Forget about adding millions and billions of dollars to some silly wall and/or defense budget. How about hiring a ton of geniuses and updating the firewalls and other IT defense programs that can actually STOP these attacks from occurring in the first place? Heck, if the US was able to be the first to get astronauts on the Moon, then why can't we build, support and defend our own IT and intel systems from infiltration?
62
We had this discussion when Snowden threw down. Encryptiion can protect us, but also protects criminals' activities. If we want security, it has to be for everybody, and we don't like giving crime a roost.
What a joke this information age is. Where is responsibility?
Now there is a new warning, about what? Where are the details? What can an individual do? Should I buy more software, with each program or app adding its own vulnerabilities to the net? If this danger has been around for 20 years, why was it not dealt with? Is all the software and hardware purchased up to now unable to deal with preventing this threat? Details please, and be specific (which sounds like instructions for an exam doesn't it?).
iF "computer networks are at risk"; is it all of them? "Routers may enabling these attacks". I have a home router for my wifi, could that aid attacks on the Homeland? How can I find out and do anything about it? Does any virus checker check my router?
I have looked for details and found none so far. Should I check if my passwords (soooo many of them!) are secure or just change them all? Can any of the bad code already in place, according to two governments, be identified and removed or deactivated and if so, who must do it?
Is a brand new internet needed as a sure way to start fresh with none of attack software buried on the current web and with protections to prevent any being added?
Is it as chicken little put it, "the sky is falling" or is it an accurate understanding and warning of the true wonders that technology has created for the world. We know the internet has great benefits for commerce but it seems to also have had an evil twin lurking.
10
Sure glad the USofA doesn't do any of this nasty cyber-stuff and isn't (and never has) meddled in the politics of other countries - and that our government is giving us specific information as to what They are doing, rather than just promoting some generalized bogeyman fears.
4
Ever wonder why we constantly hear about Russian and Chinese cyber attacks against the US and other western allies, but never hear the Russians or Chinese complaining about the same perpetrated by us? Either they are too shrewd to let on they know so they can watch our moves or we are so good they don't even know we're deep inside their systems. Don't for a second think the US and its allies aren't waging a clandestine cyber war at all times at a scale we cannot comprehend, and further, lest we forget, we have been caught snooping on our allies, so there's that too.
6
So should we prepare for being technologically crippled by the Russians?
Where are our defenses? Oh that's right, large private telecommunications companies like Comcast and Verizon can't be bothered to add security to their networks because it costs them money. Depending upon our federal government alone to add security ( especially after the fact) is foolish. Just wait and see how much we'll miss our internet after it goes away. Our nation would collapse in 48 hours.
Another thing is not consolidating our entire network under the umbrella of a few monopolistic corporations. Smaller, localized networks is prudent, for our energy grid as well.
3
Actually there was a Russian backed proposel to discuss with Trump a cyber security agreement either through the UN or part of a working group. Seems the US and Europe said they were not participating in these talks After harsh criticism, Trump backtracked on his push for a cyber security unit with Russia.
http://time.com/4850902/trump-russia-cyber-security-putin-criticism/
https://www.reuters.com/article/us-russia-us-cyber-envoy/moscow-in-talks...
1
Mr Putin, feel free to hack my "Internet of Things". You can find out the temperature, humidity and barometric pressure on my deck or the indoor Air Quality, temperature and humidity in my Living Room. You might even see my iTunes Music Collection via my Apple TV- no Rick Astley to be found.
None of my Appliances are internet aware as I never saw the value of an internet connected refrigerator and I do not have a "smart" speaker. Nor do I have any Bitcoin.
You will also find my computers locked down and fairly well protected- they are also backed up on discrete media that is physically disconnected from any networked device- so ransomware will not work, either. Just plug in a backup and boot from it.
1
The main reason bad actors want to get into your network is not to steal your stuff, but to use it as a tool for other attacks. The most effective attacks recently has been "distributed denial of service" or DDoS. They work by sending a coordinated bunch of requests to one or more sites, so much that the site fails in some way. The requests come from thousands or millions of compromised computers, or in the case this article points out, routers, like the one you probably got from your internet provider.
2
With constant hacking by multiple governments and crooks into every important facet of our lives, will the long term use of the internet for banking, private communications, utilities, elections, security, etc., etc., remain tenable?
This seems like advance warning for scripted incidents, more Russia baiting and retaliations and sanctions.
It seems they really are looking for weapons of mass distraction.
2
Agree. Article doesn't say what we can do in our homes. Disconnect the router in the event we learn of an attack?
2
All the "smart" devices folks have put in the homes are merely tools to be used in a mass cyber attack. They do not have squat worth of fire walls. Time for HSA to impose mandatory security standards. Disaster waiting to happen.
1
For a sobering look at cyberwarfare, see "Zero Days," a documentary by Alex Gibney. We haven't even begun to address this problem which poses a threat far beyond what the world has yet seen.
2
For most Americans, a "router" is what we think of as a cable modem. Of course, these devices have become far more sophisticated over the years. Did you know that if you have one of the latest Comcast modems, it acts as a public WiFi hotspot? Yup. It's called Xfinity WiFi, and if it happens to be in your business, Comcast actually lists your business (even if it is not open to the public) as a hotspot location on its website and apps. (Residential customers are spared having their addresses listed but are nonetheless part of the network.) so, Comcast, what are you doing to protect us?
12
That should be against the law... or at least against a regulation. That's invasion of privacy.
4
Our so-called leaders, Democrat and Republican, are all over thirty. They're all last millennium. They're not the continual change agents we need for this new environment. They know not how to think different and their so-called wisdom is all about securing gains and security for their donors. We all deserve better.
2
Your thinking is flawed. While the leaders may be "all over thirty", their advisors span multiple age ranges; and simply because the manifestation of this attack is cyber, not kinetic/physical does not mean that from a policy and strategic standpoint they haven't got an idea what is going on. On the contrary, knowing the history of what has been going on and having that augmented by bright minds who specialize in computer operations is exactly what we need.
3
Well, now, you sure got that right, sonny! The intertubes is safe because our government knows how to fix these things.
It seems to me its obvious why they would attack the routers. This way they can scan all traffic and then pinpoint particular digital conversations. Much like using Lawful Interception to monitor any voice conversation of interest.
2
"Telling" us it is personal - in our homes - and "explaining how it works and the actual impact" -- that is, what they actually do, specifically and what will happen to us, as individuals and as a country, are different things. This article doesn't get there - it needs to be brought down to something a lot more tangible than a warning.
Furthermore, what can we do about it?
I am tired of being told I should worry and be scared without having any viable solution. Our human reaction would be to worry ourselves sick or to shrug our shoulders and accept this is the way it is. Or to ignore it.
66
If you live in chronic fear, you are easy to manipulate. Shows like FOX keep those fears fueled. Chaotic inconsistency by our leaders keeps those fears fueled. It’s almost like something out of the KGB handbook.
1
This is hardly 'news'. We've known this for years.
(Although Trump has denied it.)
Its a new 'joint' venture between the US and the UK to sell 'fear'.
I just hope my home doesn't get hacked, and the Ruskies find out; what's in my fridge, what music I listen to, and that I actually read the NY Times...
And do we have experienced people in charge of things in DC? No. We have Trump sounding off on Twitter or in his "speeches" or through his press secretary about how Comey is a slime ball or someone else should be jailed or that every immigrant from the Middle East is a potential terrorist, even those who have been on our side during our time in their countries.
Apparently our country can elect a complete incompetent as president but is incapable of understanding how the incompetent will affect our day to day lives and our futures with the people he selects or fires in key jobs. Way to go America. Shoot yourself in your collective foot. And squabble over building a wall on the Mexican American border but don't do anything to ensure that we have a strong infrastructure, more than adequate protection on our internet, and a better educational system or excellent health care available to all.
217
No discussion of the substance of the warning. What I am supposed to do? If you're not going to spell that out, where can I find the substance of the warning? That would be useful information even if it's practical.
148
I am a tech-savvy mid-30s professional. But as much as possible, I try to avoid the internet of things in my private life. I don't need an internet-connected fridge. I don't need Alexa listening in on my conversations. I don't need an onboard car computer tracking my every movement. These things offer only incremental "improvements" in convenience at significant cost in terms of privacy and security. It's time for consumers to just say no to these useless gimmicks. Sometimes a fridge should be just a fridge.
362
D. Green, I agree with you. I refuse to do my banking or pay my bills online. It's not safe enough. I don't need to be connected every minute of every day. The internet is wonderful for certain things but when it comes to privacy it fails. When it comes to protecting our personal information it's a laugh or a groan. Businesses want our data, lie to us about how protected it is, and then act surprised when its compromised. Almost every time this has happened what we've heard after the dust settles is that the business didn't do its job. How can we fight that except by refusing to do our most personal business online?
63
Hear, hear. I refuse to buy an Alexa or similar device from Google or Apple for precisely this reason: the Internet of Things is turning into an Internet of No Privacy, and I’m having none of that in my life. Nor should anyone else. If you want to buy groceries or change the music, do it yourself.
22
If you use a credit card to buy groceries of anything retail, no privacy exists there either. Credit card use is tracked and used, too.
5
Seems like our Foreign Policy Establishment (media included) is trashing about not knowing what to do about Russia who won't fall in line and disown Syria's Assad. Almost everyday new accusations against Russia designed to turn the people against them. This animosity will never be walked back and it puts the people of this country in a very dangerous situation.
4
We're too busy fighting Trump to get into it directly with Russia. Unfortunately, unless there's a coup or Trump is impeached, we need him legally to stop the Russian cyber invasion.
"Almost everyday new accusations against Russia designed to turn the people against them."
The "accusations" are not "new". From the article:
'Robert Hannigan ... said: “We have found the Russians in routers and deep inside networks for 20 years. ...”'
1
When cybersecurity was promoted eight or ten years ago skeptics ballyhooed it, saying,, 'I'll believe it when I see it.' When you see it, brother, IF you see it, it's too late.
15
Actually, there is quite a bit more to this story than silliness about "duck and cover."
Rob Joyce recently left the NSA when Tom Bossert was forced out by John Bolton. Days later, he decided to return. His stated list of options to defending against cyberterrorism includes the US using “all elements of U.S. power available to push back against these kinds of intrusions,” he added, including “our capabilities in the physical world.” I am assuming he is referring to military strikes against enemies deploying cyberweapons against the US.
This is troubling given Bolton's role in ginning up the Iraq fiasco with claims of Sadaam's vast arsenal of WMDs. Claiming an enemy has attacked us with cyber weaponry would be much more difficult to refute than claiming the existence of traditional WMDs.
Especially given the level of ignorance displayed by this president and this administration.
47
I've never had to go through an air raid drill. Unexploded ordinance training but never an air raid drill. All the same, this situation sounds quite different to me. I understand the concern highlighted around home routers and small businesses. These are usually the most vulnerable. Do you even know what security your wifi router uses? I'm sure you haven't changed the password since you bought the thing either. Point taken. If you're not an individual of interest though, you probably won't notice the difference unless Russia launches a massive DOS attack. Plausible but probably remote. That's like using a broad sword when you need a scapel.
I think this report is more directed as guidance for larger establishments. When was the last time your public utility reconfigured their cisco routers? How about the local bank? Those machines basically run forever. I doubt anyone has touched the initial setup since they bought the thing sometime in the early 90s. Messing with the configuration can cause a lot of problems if you don't know what you're doing. Most places are willing to leave good enough alone. Build redundancy and only fix what breaks. That's the American way!
As you can imagine, this presents a pretty enormous vulnerability for Russian cyber-ops to exploit. They don't even need to do anything massive. They can punish different individuals and sectors specifically. Like I said, scalpel.
12
Update passwords regularly and keep them secured offline.
Ensure you use good antivirus software (eg Malwarebytes or AVG) that is always on while connected to the www and run a full virus scan weekly.
Fully backup your data on an external hard drive. They cost under $100.
It's not difficult if you plan with the idea of losing all your data and attempts for your passwords being comprised.
16
NIck:
I use Malwarebytes which I have set up to autmatically scan daily (scheduled for early AM when I am not likely to be using my computer).
The only issue is that you need to leave the computer running so that the scan is performed as scheduled.
You can set a schedule by clicking on the settings tab on the left hand side, and then the schedules tab at the top.
5
Wise advice, Nick. I'd add to it: use a good VPN, and change the location you connect to frequently if your VPN has that feature.
2
None of those suggestions protect your router. And, investing in a Chromebook offers much better bang for the buck compared to antivirus software for Windows. Non techies can not secure Windows computers.
Before I moved I had my own modem and router using my own password. Now I lease a combined modem/router from Spectrum. This article and others like it raise the question of how (if) our internet monopoly overlords (no competition where I live) are dealing with this. As soon as I click "submit" I'll enter a Spectrum chat to see if I'm free to change the devices settings.
5
I'll reply to myself: the provider supplied a random(?) 16 place alphanumeric password for the modem/router. I can and did change the user id's to differentiate the two channels (important for my printer).
5
"Now I lease a combined modem/router from Spectrum."
If you are referring to spectrum.net, you can use your own router. Google "Buying Your Own Router site:spectrum.net".
While our showboat Congressional committees were flaunting their general ignorance and dismay at Facebook's complexity, one has to wonder if they have any grasp at all of the cyber threats gushing from our enemies. Thank heavens we have AI to augment our CI (congressional ignorance). How about a national priority project to identify and ban bots? First a remedial course, "What's a Bot?" for many of our leaders. http://seniorjunior.blogspot.com/2018/04/ban-bots.html
27
Language that we use casually without thought can be very telling. When you use the term "our enemies," do you really have any idea what you mean by it? I imagine that "our" is meant to refer to United Statesians in general (as opposed to Americans who comprise all the inhabitants of this hemisphere). If so, that is a bit ludicrous as the citizens of this country are anything but one-minded. The "enemies" you refer to are simply a propagandistic construct you have sucked in all of your life along with your mother's milk. Personally, I worry a lot more about the Executive and Legislative branch under the direction of morally degenerate imbeciles, than I do the Russians.
Of course cyber security is critical these days and can be done by nations, corporations and groups. The threat is not just from Russia as this article pushes.
The same US media that drummed up the war in Iraq is now pushing for war with Russia. I still remember this papers having Judith Miller report during the Iraq war on WMDs, with info from Dick Cheney. Then Cheney would hold up the NYTimes as proof of WMDs
The US Oligarch propaganda machine is on eleven. They are afraid that the story about the Syrian chemical attack may be unraveling and want a war/Cold War with Russia since it is profitable.
The Organization for the Probation of Chemical Weapons (OPCW), arrive in Douma Wednesday and need time to find out the facts of what happened. Delayed by the bombing by France, UK and the US (FUKUS).
Robert Fisk is a UK award winning Journalist working for the Independent. He covered the WMD lies of the Iraq War and is now in Douma
https://www.independent.co.uk/voices/syria-chemical-attack-gas-douma-rob...
“War stories, however, have a habit of growing darker. For the same 58-year old senior Syrian doctor then adds something profoundly uncomfortable: the patients, he says, were overcome not by gas but by oxygen starvation in the rubbish-filled tunnels and basements in which they lived, on a night of wind and heavy shelling that stirred up a dust storm.”
13
And who worked for VP Cheney?...why it was “Scooter” Libby, the guy who was convicted of leaking V.P.’s name...the same guy DJT just pardoned.
2
Your English is pretty good, comrade.
They’ve “known” for 20 years? Consider what that means in tech years and you get a clue how long the Russians have been exploiting these vulnerabilities & how clueless we’ve been in our response.
38
That's great. Our personal data is stolen, our financial/credit information is stolen, now Russia (and who knows who else) come for us. What exactly are we supposed to do now? This is like genetic testing. Do you really want to know? How about this warning: "Live in a constant state of paranoia. Get no sleep at night. And good luck with your life." Thanks for the tip.
37
The people coming for you are a lot closer than Moscow, mostly hanging out in the White House and Capital Hill. For me the best antidote is to live a quiet, simple non-materialistic life style and spend as much time outdoors as possible. Works wonders for peace of mind. I don't see too many worried cats.
2
"... live a quiet, simple non-materialistic life style ..."
I don't care for these types of articles, and I am obviously not alone. What are we supposed to do? You should always keep anti-virus software on your computer and update your software regularly. If we're not being protected, what do we do, write our own code? Or become Luddites? Your personal information is already aggregated online, whether you like it or not (Spokeo); you might as well assume all your private information has already been taken. What are we supposed to do? Give up computers? Stop developing AI? It will never stop. Older folks often say about climate change: "Well, I won't be around to have to deal with it." How about cyberattacks on Social Security and Medicare? At least our government is on top of it with Russia right now, right?
1
So Russia is a bad guy. Russia is doing all this bad stuff and don't forget - there are weapons of mass destruction in Iraq.
14
Some people just never want to learn from history and so it must repeat itself.
"The warnings issued Monday, including the release of technical guidance to businesses and individuals,"
So where's the link to this - I can't find one news article that tells me what to look out for, what to do, how to prevent, detect, or remedy a cybersecurity breach.
251
It's a Kafkaesque unspecified, generally unknown, blanket yet imminent threat from an unidentified state or individual actors. There's nothing you or I can do to defend ourselves.
We just need to be constantly afraid. That's our patriotic duty as Americans.
2
Google "National Cyber Awareness System," aka US-CERT.
You can subscribe for their alerts, for free. Their periodic alerts are intended for tech-savvy folks, but at least you can be alerted to change a password, back something up, etc.
1
Brooks wrote: "So where's the link to this - I can't find one news article that tells me what to look out for, what to do, how to prevent, detect, or remedy a cybersecurity breach."
To respond, here's a link to a US-CERT page (Department of Homeland Security) to explore:
https://www.us-cert.gov/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
Here's a related link:
https://www.us-cert.gov/home-and-business
Does the United States engage in similar practices within Russia? Is the U.S. also tied up in the cyber-world of Russia in order to gain information on them, or is this a one-sided story?
36
sounds like a rhethorical question to me
If anything I expect Russia is trying to catch up...
I honestly don't know anything about our cyber investigations into Russia and how we might be penetrating or spying on them in a cyber manner.
Paper ballots.
327
Yes Dave, I know the younger generation doesn't want to hear it but the more non digital you go, the safer you are.
I rarely buy online, have amazon or other products delivered, do any banking online etc. etc.
5
Paul:
I am part of the older generation. For some purposes, it is important to do things online, not merely convenient.
I suggest that if you do conduct you personal business online, that you have a separate password for each vendor, and that you keep those passwords in the form of paper records.
I agree with Dave that tere are some things, like voting, that should ONLY be done offline, such as by paper ballot that can be hand counted if needed.
11
Thank you for your reply Joe.....passwords for each vendor, paper records?? Say it ain't so Joe. I am too lazy for that.
All jokes aside, if you are gonna go online, yes, your advice is correct, but so far I do an extreme minimum online and nothing that involves credit cards, banking, retirement accounts etc.
1
I don't see any mention in this article of the Kaspersky anti-virus software that many have warned could be a tool of the Russian government. I wonder if there's a connection.
37
Kira N.
The intelligence services say there IS a connection, and Kaspersky anti-virus software is not permitted to be used on US Government computers.
1
Can you point me to an article on best practices for securing our home routers specific to the threats discussed in this article? We have a strong password that we changed last year. How do we tell if the Russians are already pre-positioned within our router, and will changing our password again erase the threat?
The article quotes Hannigan "We know where you [the Russians] are pre-positioned..." What is the estimated percent of private citizen households currently compromised? Have they targeted certain citizens over others? Is/has the US government planning to come out with official guidance of what we as citizens need to do?
100
Gianna:
Your router (or modem/router combination) has two different passwords.
One is to allow access to the software running on the router itself. That password is set at the factory to a default value, which is the SAME for every router of that model built by tat manufacturer. To secure the internal software of your router, you should change that password and write it down on paper (so that hacking your system does not offer the hacker any chance to find that password). Ideally your router should include software that attempts to prevent someone outside your system from getting entry to yuor local system.
In addition, for wireless connection to the router, there is the possibility to encrypt the communication between your wireless devices and the router. There is a second password needed to log on to the wireless network if you have set up encryption of the wireless communication. Many routers come from the factory with such a password set. In general, you can reset that password to a different, or longer, string (which makes it harder to guess).
Just as important as keeping your system secure is keeping a current copy of all your data. You can copy the data to an external hard drive or thumb drive so that an attack that encrypts or wipes the data on your computer does not "put you out of business." Drives with capacites of terabytes are available for less than $100. Generally, your data is worth much more that your computer itself (and may be irreplaceable).
13
Exactly. As the unofficial tech support for a lot of people, I've found that even moderately tech-savvy people (who have their own computers locked down adequately, and understand wifi security well enough) have no idea that their router's security is not the same as their wifi security, and are always shocked to learn that the router itself has a wonderful factory-set password such as "password."
Once an intruder's in the router itself, nothing else really matters.
I know I'm repeating myself and echoing what Joe said, but the wifi password does not protect the router itself.
5
thank you
How can the President be silent and inactive about this information ? This is aggression against a sovereign nation , America, the nation the President wants to Make Great Again? Can't help but ask why??
51
Remember this is the president that has literally done nothing about Russia's cyber attack on our 2016 elections
1
He is compromised. Which at this point sounds nuts. How much worse can it be with him?
3
What is America doing to stop cyber attacks and Russian interference with our election and our personal information? We have heard the national security advisors say that they need a mandate and further orders from the president in order to enforce more rigidly our sovereignty and privacy. What is he waiting for?
Write, call and fax your Congress persons and Senators to demand action against Russia and Russian interference before it’s too late!
13
Um, Dear Leaders, we don't need a warning. We need to be defended. Don't we have a cyber-security command spending hundreds of millions on preventing and responding to this ongoing assault? Time to shut down some Russian pipelines.
110
Joe B.
Think of your modem/router as the front door of your dwelling.
The government is not going to post a cop at every front door in the US. In te same way, there is no way for the government to protect every modem/router in the US.
Protecting your modem/router is your job, just as securing your front door is your job. You can put more secure locks on your doors. You can put security software and passwords on your modem/router/computer.
3
"The warnings issued Monday, including the release of technical guidance to businesses and individuals, had been in the works for a long period..."
Do you have a link to this technical guidance?
51
Google this, from US-CERT:
TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
1
so what are we supposed to do to "better protect our own networks"?
90
How else to justify the spending of insane amounts of money on "defense" than conjuring up a ruthless, savage adversary bent on breaking into our laptops
and stealing our democracy, even though our .1% - pretty much the same people who are now reaping the profits of war - stole our democracy long ago.
22