If you're looking for what the damage was, it failed.
Potential damage: "Most notable was one [attack] in Ukraine in December 2015. It left roughly 230,000 people without electricity for about six hours during one of the coldest months of the year."
This war will likely clean some old electronics providers from the market. You are either very good at security (and that does not mean "airgap" all the things- if your plc needs a special laptop to connect to, the malware just needs to go for those laptops) or you are out of buisness in regions under threat permanently.
My first pass through the title was "Those windshield wipers shouldn't need to be internet-connected."
Thankfully, the article did clear that up, but the fact that my brain didn't even think, "that's a stupid idea that no one would buy that" is a bit depressing.
But then how would you alert people that their wiper blades are wearing down, and automatically ship them new ones?
Well, obviously, your car can count cycles on the electromotor moving the wipers. Then you apply statistical wear and tear, maybe even geofenced, and your car orders new wipers. Same with tires. Simple as pie ;)
BTW, I would have zero interest in that feature.
I think the most important part would be preventing any third party wipers from effectively wiping by disabling them!
Poland has a high alertness status for like 5 years now. So there was time to be prepared.
There's some news about some psy-op or some damage every couple of days. We hear about "Russian trolls" and influencing the political discourse.
I wonder if there is any symmetrical response to this happening. How about unleashing psy-ops and "Western trolls" in Runet? Is Europe in purely defensive mode?
EU-based troll farms are for long time in RUnet already (i.e. FRF) along with EU-aligned russian language media who spread certain narratives.
I think Europe hasn't developed this kind of political manipulation ability. Europe seems to operate in the mode where as long as the political institutions are still standing, everything is felt to be alright. US democrats also operate in this mode.
Russia is perfectly capable of trashing itself without anyone helping.
FWIW it seems Russia's trolling activities took a pretty significant hit after Prigozhin fell out of a window in 2023, as the "Internet Research Agency" was one of his ventures.
Probably just caused outsourcing to india and china.
The Jaguar hack cost the UK $2.5Bn and dropped production to levels you'd normally only see during open warfare. Recovery took many months, and the financial damage persists today.
We still operate with a primitive homunculi where a gunshot is considered aggressive, but sabotaging infrastructure that can kill hundreds from cold is being waved at.
But hey, at least they saved a few million a year in developer salaries by offshoring
The difference is the bureaucratic "doubt" about who did what.
Which, with the current zeit geist, should really be minimized to almost zero
Blame everything on X group i don’t like is a bold move
Assuming that Ukraine cyber attacks (novel/0-day) on the Russian energy grid must be happening, I don't often hear of this happening there.
Why not?? Is Russia's grid infrastructure so old as to not be as vulnerable?
Might be. For highly sensitive messages, Russia still uses physical delivery of typewritten letters. This is because they (rightly) distrust digital security models.
Curious to how these attacks work logistically. I assume these networks are air-gapped?
Another source says:
> It "involved an attempt to disrupt communication between generating installations and grid operators across a large area of Poland".
I doubt we will have all details, but I suspect this kind of communication occurred over the Internet (hopefully, at least a VPN).
Also, even completely airgapped networks are not 100% secure, if you can install a device or convince someone to do it by accident (social engineering).
E.g. with stuxnet they got to the air-gapped machines by letting worms loose on the network of suppliers, targeting technicians laptops.
For what purpose? Cui bono?
Poland is a major logistical hub for everything going towards Ukraine. Thus targeting basic infrastructure like energy grid or railroad have to be expected.
On the bright side, using these weapon grade malware is burning exploits and also showing current state and techniques of Russian cyberwarfare which defender can learn a lot from.
> On the bright side, using these weapon grade malware is burning exploits and also showing current state and techniques of Russian cyberwarfare which defender can learn a lot from.
Or perhaps they used an already-known malware to measure defensive capabilities without showing any of their cards.
Cyber-defensive measures aren't very useful though. Once malware is known to exist, you don't "reveal a capability" by detecting it - it all boils down to basically signature analysis, or just good standard practice (air gaps, software supply chain accountability etc).
This is vastly different to real world military systems, where there are a lot more variables and no guarantees - i.e. countries have limited numbers of air defense systems and missiles, the missiles have finite non-zero flight times, the physics of detection systems and sensors are not absolute etc.
The real world is just more complicated, so the value of buzzing someone's airspace reveals a lot more information then "huh, guess they didn't click on that email".
You'd think it would've been done during the summer or some other time when that wouldn't matter then.
No, of course not. They want to also measure response in the physical aspects (like electricians thot would have to drive some time to arrive on site). They're testing end-to-end, so to say. There's no testing like testing in production.
While there's some overlap in methodologies and back-and-forth with various escalations, so-called malware is distinct from software exploits. Malware can be delivered without an exploit and quite often is. Social engineering is highly effective.
Interesting that Russia still hasn't targeted the bridges going into Ukraine from Poland for some reason.
There were cases of railway sabotage.
To be fair precision strikes on bridges are not that easy. Of course the Kerch bridge is especially resilient due to the way it was build but still actually hitting a 60-100 meter length bridge from 700-1000 km away is tricky.
Not that it matter anyway at all... since there aren't any major rivers separating Poland and Ukraine to begin with.
What bridges?
Russia is at war with Europe.
before anyone jumps on the pedantry bandwagon, its worth noting that even though open war hasn’t been called: the attacks on infrastructure especially cyber warfare is extremely active and, crucially, direct.
It is totally fair to say that in a digital context, Russia is absolutely at war with Europe.
As far as I can tell, they don’t even try to hide it.
Not to mention the information war they have been waging globally since 2016
It has been ramping up a bit. Most recent case has been Russian (sock)puppet activity on Wikipedia, where they actively try to rewrite the language used, the narrative to be more suitable for them. It has even gotten news coverage.
First link in English I found: https://balticsentinel.eu/8394326/wikipedia-s-baltic-battle-...
You don’t remember Trump Moscow? Ivanka? Trump and Russian connections go all the way back to Epstein’s early days.
Some could say that in the cyber realm, they are not petty, ya! Well, or something like that.
Eversince notpetya and the colonial pipeline hack, the cyber strategy game changed a lot. Notpetya was genius as a deployment, because they abused the country's tax software deployment pipeline to cripple all (and I mean all, beyond 99%) businesses in one surgical strike.
The same is gonna happen to other tax software providers, because the DATEV AG and similar companies are pretty much the definition of digital incompetence wherever you look.
I could name other takedowns but the list would continue beyond a reasonable comment, especially with vendors like Hercules and Prophete that are now insolvent because they never prioritized cyber security at all, got hacked, didn't have backups, and ran out of money due to production plant costs.
Europe is the main supplier of weapons to Ukraine which is in actual war with Russia. Of course Russia is at war with Europe, the only reason bombs are not falling in Poland and Germany is that Russia wouldn’t have the capability to defend itself against retaliation. Do people really believe their countries can openly take sides in a war and not be targeted??
The name of that is proxy war. They would attack each other directly only if they were prepared to escalate to open war, but when we’re talking about nuclear powers, luckily the chance of that happening seems to be very low. It’s the only reason Europe does not openly deploy troops to Ukraine, though there are definitely some under cover.
Fortunately Russia in their benevolence tries to limit the damage, so that we don't feel the destruction all at once. This means some people will be annoyed for day or two and everyone is reminded to increase security pretty constantly. Just recently we got news about ONE furnace (from several in that heating plant) being probably hacked. The furnace shut down. Operator didn't notice, because the display on furnace was already malfunctioning and operator just restarted it. They checked everything only after our "cybersecurity" forces notified them.
That was in local news this weekend. I know about it because I'm responsible for another city heating network, we take security pretty seriously. All devices are in vpn and if someone outside needs to login remotely, he is granted access only for the time needed, so window for actually worming the network through vendors is very small. All staff accessing the system has computer security training. But not every heat provider operates like this, some small ones (like the one affected) are a little more sloppy.
The cold war never ended
...for Putin
[flagged]
They started this long ago, with the first invasion of Ukraine in 2014 and a series of poisoning attacks all the way back to https://en.wikipedia.org/wiki/Poisoning_of_Alexander_Litvine...
This completely ignores that: 1. Russia was the aggressor in Ukraine, 2. Putin has made clear his desire to pursue expansionist goals through military action targeting prior members of the Soviet Union, 3. Putin regular threatens nuclear war with Ukraine, 4. Russia has shown outward hostility towards Western democracies and sought to manipulate elections with information warfare to reach their goals (most notably, 2016 US Election and Brexit), 5. Russian regularly cuts cables connecting countries, and 6. Though completely unrelated, Putin has a history of assassinating political opponents. That's wolfish behavior if I've ever seen it.
[flagged]
What I am starting to appreciate about these digital infrastructure attacks is that they may be reversible and or temporary. It can be a nice feature.
Time matters.
Imagine the power grid fails in an entire city for 48 hours. How many apartments or shops have backup power for 48 hours? What about hospitals or cellphone towers or traffic lights?
How long before someone cannot make a 911 call or hits another car at night or dies in intensive care because the machines don’t work anymore? What about all the food in a refrigerator, or CCTV cameras, or POS payments or a thousand other things? And if sometimes physically fails, how long before a technician (who was himself relying on that power grid) is able to reach the place, carrying whatever spare part they have, and fix the thing?
Or, take a dam. I’m no dam expert, but how long does it take before a flood happens? And when water starts flooding the streets, how long before people can’t get out of their homes, cars are swept away, and so on? How long before standing water starts carrying diseases?
Can you give some examples of? I can imagine that under the right circumstances you might succeed in blowing up some transformers or even a turbine, but it seems like you’d be up to speed within a month or two on the outside? Or am I missing the gravity somehow?
I wasn't commenting on any particular case. I was stating that flipping a switch is less costly to reverse than blowing up a dam.
Deaths resulting from such attack are not reversible.
Thankfully we'll magically stop being at war with Russia once Ukraine gives up :P
Haha yep :P
Next is Moldova.
Then Latvia and Lithuania.
Then Estonia and Northern Finland/Norway.
Then Romania and Bulgaria.
Putin has already said many times that he intends to rebuild the Russian empire to its zenith.
It is not, because Europe is not a political entity. Russia is at war with some European countries.
Russia considers all the European countries as lesser states that should be dominated. Even Hungary, which is politically friendly to Russia, is probably experiencing a lot of disinformation campaigns, because Russia wants to ensure that Putin's lapdog (i.e. Orban) stays in power and serves russian interests.
If you want facts, then start at this overview article on Wikipedia: https://en.wikipedia.org/wiki/Russian_disinformation
Does Europe overall feel and act like that’s the case though?
It seems as if the European war has been pushed to the background recently, and most people kind of forgot about it. If you walk down the streets of Paris or Berlin does it look like it’s wartime, do people talk about it much, do they share the latest front news and so on?
>If you walk down the streets of Paris or Berlin does it look like it’s wartime,
Like what exactly would you want them to do? Run around screaming all day because there's a war in another country 2000 km away from them?
No, people just go on with their lives, doing their jobs, taking care of family and friends, paying their taxes, so that specialized workers in the ministry of defence can take care of the war stuff for them. That's how modern society works.
It's even similar in Kiev, when you walk down the streets you see people living their lives. Gyms, bars, cafes, clubs are full and lively. People don't stop living and enjoying their daily lives just because there's shelling somewhere else in the country.
>While it's true to a certain degree, you make it sound like Kyiv residents are having a grand old time right now.
I am not. You choose to interpret it that way.
Since we’re going with Kyiv equivalence, presumably there not air raid sirens, veterans coming back from war, mobilization vans grabbing people from the streets. I just don’t see how “Kyiv is the exact same way” is plausible.
> Like what exactly would you want them to do? Run around screaming all day
And I didn’t suggest they should “do something or other” I was wondering what the situation was since I am not there in person and figured enough HNers might be.
I beg to differ. Calling going out to a gym, cafe, club or a bar during wartime, as anything other than enjoying life, diminishes the real tragedy of those who are fighting on the front line and don't enjoy such leisure activities. Some people are fortunate enough that they can still get to enjoy life even if their country is in a war, as just like in every war ever, not everyone is affected equally.
[dead]
Berlin recently had a blackdown caused by domestic terrorists.
Is everyone talking about domestic terrorism or Putin and the war in Ukraine? Or are you thinking the domestic terrorism is not that domestic and it’s Putin doing it?
[flagged]
It wasn't Iran that bombed Afghanistan, Libya, and Iraq[0]. Gadaffi warned that Libya was the only thing stopping most migrants reaching Europe.
[0] at least recently
In fairness, a large chunk of those immigrants to France were "Pied Noirs" and other diaspora from its former colonial possessions, e.g., Indochina.
[flagged]
have you seen the competence in those who manage the infrastructure? i'd say i would need significant proof before assuming anything. And IF russia is doing it, I would still say that we should put 99% blame on the absolute incompetents running the infrastructure, 1% russia.
If you did then you'd be extremely gullible.
That seems like just victim blaming - "she was asking for it with the clothes she was wearing".
A tank is designed for war. Infrastructure is designed to serve some other utility. Claiming it should also be hardened against (cyber) war is acknowledging that there is an aggressor performing an attack of war, not that the infrastructure is failing the utility it was designed for.
It's fine to have this view that software should be defect free and hardened against sophisticated nation-state attackers, but it stretches the meaning of "defect" to me. A defect would be serving to fulfill that utility it had been designed for, not succumbing to malicious attackers.
no, thats not the same. If you for example leave your front door open, and the insurance finds out, do you think they will be doing "victim blaming" ?
so lets turn this logic around on those megacorps that leaks personal data, suppose they run an open postgres or mongodb with ALL the customer data, no password or default password, on the open ipv6, is it victimblaming to go after them for this? after all, its the big bad criminals that stole the data?
the truth of the matter is that yes, the ones that take the data are criminals, but so are the one that doesnt take proper pracautions.
Have you actually seen how these infrastructure things operate? many of them have open scada systems directly coupled to the internet. Many of them have sms gateways that just accepts messages from _ANY_ phone number to issue shutdowns.
I know because I have been brought in to look at some of those things as a consultant
Russia is currently focused at striking Ukrainian energy assets. Ukraine get energy imports from EU through Hungary and Poland. Hampering energy supply from Poland would but a huge strain on the already struggling Ukrainian network.
Poland is frequently listed by Putin and his crew as one of Russia’s greatest enemies.
The most obvious answer is Russia(or one of their allies like China or Iran) did it because Poland is supporting Ukraine in the war (directly, and also indirectly by letting stuff from other countries be staged and move through Poland).
That would be the most obvious answer, but Russia wants to keep Poland off-balance over the next 2 decades so that they won't intervene as Russia captures its neighbors. You'll see a lot more sabotage in France if Europe agrees to a new nuclear defense pact.
Hybrid war on Europe.
Will this be the time that EU grows a spine and comes together to oppose Russia?
Naaa, better continue to have Germany and France continue to destroy the Union by looking only at their self interests while they pretend to talk tough on Trump and sabotage any real internal changes so that they can keep their crumbs.
Just this week, France’s meddling halted a deal that was 30 years in the making: Mercosul while their president, in all his virtue signaling went on Davos to pretend to have the moral upper hand on the USA.
We’re a union of hypocrites. And France and Germany are the worst of them.
Which EU? The EU that continues to buy rebadged Russian oil and gas, the EU that sold them entire fleets of shadow tankers? Or the one that likes to pretend that states bordering Russia have suddenly acquired the exact same demand for expensive cars that Russia used to exhibit?
Yes, but how could that be solved? To solve this issue you'd have to significantly reduce the sovereignty of the EU member states, which some, especially Poland will oppose fiercely. But on the other had, without some coherent cooperation and responses, Europe will be chewed up country at a time by Russia, and maybe in the future by China.
https://eur-lex.europa.eu/EN/legal-content/glossary/mutual-d...
Any actual EU members are in principle protected by this, even if they aren't NATO members. Whether or not EU countries being in NATO diminishes their ability to act without US consent is debatable and I lean towards saying NATO's joint command essentially sets article 42 cooperation up to fail.
That's the difference between Ukraine and the other countries on Putin's list though: Ukraine wasn't in the EU or NATO, and for all intents and purposes had no allies.
Things like that don't protect countries. If a real threat arises, if there is no unified force, under the command of one central organ, they won't cooperate, it will always be inferior to the force that does have a single unified command center, like Russia for example or China. NATO or the EU cannot command, say Poland or Germany where to put their forces and what to do with them, but Russia and China can do that with their own. Although their military potential is on par (I mean NATO and Russia) My point is, although on paper NATO is great, it's still fragmented, and to some extent relies on who is in power politically, for example the tomorrow's president of an X country can say "Oh, we will leave NATO yata yata"
>France’s meddling halted a deal that was 30 years in the making: Mercosul
Mercosur would actually be Polish complaint to the EU Court of Justice (CJEU)
https://www.visahq.com/news/2026-01-22/pl/polish-meps-spearh...
[dead]
With all the other crazy world-destroying us bullshit, is this also you? 50% you, 50% russia. It's an new gameshow, is it Russian or us?