• ExotiqueMatter@lemmygrad.ml
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    4 days ago

    Chinese state-sponsored hackers have exploited vulnerabilities in Microsoft software to breach sensitive systems around the world, including those of the U.S. government agency that oversees nuclear weapons

    I’m picturing some American general about to order a nuke strike when just as he reaches for the controls his WindowsTM control panel choose that moment to auto-update and reboot.

  • barrbaric [he/him]@hexbear.net
    link
    fedilink
    English
    arrow-up
    50
    ·
    6 days ago

    All the control systems that actually launch the nukes are air-gapped and cannot be hacked by typical methods. They only stopped using floppy disks in 2019. This is just saying that some DoE offices got hacked, which really means nothing.

    You’d need something like a stuxnet-level worm, and even then, I can guarantee you that those consoles are secure enough that nobody is going to plug a random USB stick they found in a parking lot into them. Further, nobody would reveal that news, either China or the US, because you wouldn’t tell your enemy that either you broke their MAD abilities or that they broke your MAD abilities.

    • cayde6ml@lemmygrad.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      9 hours ago

      So, in layman’s terms, could you please explain this development then?

      I would hope that bare minimum, China could at least monitor nuclear production/storage/launch facilities, and have one or more backdoors to see what is going on, even if they can’t immediately destroy or scramble nukes.

      • barrbaric [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 hours ago

        Computers in offices used by the NNSA were compromised. Those computers themselves are not tied into any of the controls involving nuclear weapons, but are used in offices, some of which may have been on bases with launch sites. There may have been some intelligence that could be gained from these computers that may describe some things like operations at nuclear facilities, or supply chains. All of the computers involved are almost certainly being wiped, so there will be no ongoing backdoors.

        It must also be noted that there’s a decent chance that this was just hackers unaffiliated with the Chinese government doing a ransomware attack on whatever they could find using the microsoft sharepoint vulnerability, and that this just happened to hit this department.

        • cayde6ml@lemmygrad.mlOP
          link
          fedilink
          arrow-up
          1
          ·
          6 hours ago

          Ah. That fucking sucks, but it’s not nothing, at least.

          Part of me was/is hoping, that given how lax security, intelligence, and expertise at anything anglo and Amerikkkan related, that there still might be backdoors that the crackkkers couldn’t find or wipe yet, but I wouldn’t hold my breath, and you sound way more knowledgeable than me on stuff like this.

          I always appreciate those that remain grounded and comparatively calm about potentially exciting news, rather than getting extremely excited, like me.

    • Xavienth@lemmygrad.ml
      link
      fedilink
      arrow-up
      16
      ·
      5 days ago

      Doesn’t the UK have submarines that literally are supposed to fire nukes if they can’t contact home base when they surface (which can be months between surfacing)?

      I wonder if the US has the same. If so, yeah you can’t kneecap that with hackers.

      • Horse {they/them}@lemmygrad.ml
        link
        fedilink
        English
        arrow-up
        8
        ·
        4 days ago

        Doesn’t the UK have submarines that literally are supposed to fire nukes if they can’t contact home base when they surface (which can be months between surfacing)?

        when a new prime minister comes in, they write a letter that contains their orders for if this happens, there were(?) three options:

        • Launch your nukes
        • Sail to the nearest allied nation and place yourself at their disposal (usa or australia)
        • Use your own discretion (“you’re on your own lmao”)

        the letter is then sealed and placed in the sub commanders safe, to be opened only when it happens

      • barrbaric [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        15
        ·
        edit-2
        5 days ago

        Yep, they’re part of the nuclear triad, which consists of land-based ICBMs, submarine-based missiles, and aircraft carrying nuclear bombs.

    • Maeve@lemmygrad.ml
      link
      fedilink
      arrow-up
      12
      ·
      5 days ago

      It seems a while back I read something about POC about exploitation of airgapped systems without physical access, but can’t remember how.

      • barrbaric [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        20
        ·
        5 days ago

        I feel like it’s certainly possible, you do occasionally hear stories of outlandish hacks. That said, I’d say it’s not very likely, and for it to actually matter they’d have to simultaneously hit not only every US missile launch site, but also every nuclear sub and bomber.

  • IHave69XiBucks@lemmygrad.ml
    link
    fedilink
    arrow-up
    36
    ·
    6 days ago

    For over a decade, Microsoft had been funneling work through American “digital escorts” — low-pay workers with security clearances but often possessing limited technical expertise — who input commands from more skilled China-based engineers into U.S. Department of Defense networks, a recent ProPublica investigation found. Microsoft announced on July 18 that it would halt the practice after national security and cybersecurity experts raised concerns that these engineers could gain access to sensitive government data.

    This is fucking pathetic. Americans are so dumb they have to sit there and ask Chinese engineers to guide them step by step in how to do their jobs every day.