Biden ‘Will Cyberattack Putin’ (Because SolarWinds) - Security Boulevard

Biden ‘Will Cyberattack Putin’ (Because SolarWinds)

White House sources confirm that President Joe Biden has authorized retaliation against the Russian government for the recent hacking attributed to Russia. No word of when nor how, but it’s said to be “devastating.”

The SolarWinds hack and election interference are said to have been the triggers. And now we hear allies are warming up the nukes.

DevOps Experience

Where’s Dr. Strangelove when you need him? In today’s SB Blogwatch, we duck and cover.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Trusting trust.

MAD World

What’s the craic? Josie Ensor, Nataliya Vasilyeva and Rozina Sabur report—“Biden administration to launch cyber attacks on Russia”:

 The attack, which is expected in the next [two weeks], is in retaliation for the SolarWinds hack. … The White House confirmed it will take “a mix of actions” – both “seen and unseen” – although it did not provide specifics.

A senior Russian government source said they were anticipating the cyber attacks would come in the form of “large-scale information campaign” aimed at discrediting … its Sputnik-V vaccine, primarily targeted at the European countries which have given emergency approval to the shot such as Hungary, Slovakia and Serbia.

Contextualize, please? Janusz Bugajski opines—“Biden vs. Putin: Round One”:

 Moscow’s … periodic cyberattacks, most notably the SolarWinds hack, must be viewed in a broader context. The Kremlin is engaged in a multi-pronged campaign to weaken Western institutions and America’s security role.

[It’s] the seventh anniversary of Russia’s seizure of Crimea and its proxy war in eastern Ukraine designed to neutralize the country’s democratic aspirations. Putin seeks to enforce the allegiance or steal the territory of all former Soviet republics in rebuilding a new Russo-centric dominion.

For too long Moscow has been flexing its muscles without a concerted and robust response. … Paralyzing Russia’s energy offensives, punishing its cyberattacks, uncovering its influence operations, freezing its financial corruption in Western capitals and enabling allies and partners to better defend themselves would spotlight Biden’s determination to prevail at the onset of his global struggle with Putin.

As does Simon Tisdall—“Biden must punish Putin’s cyber-attacks”:

 It had to happen sooner or later. Repeated Russian cyber-attacks, hacks, data thefts and disinformation operations … have finally proved too much for Joe Biden … to bear.

While Biden says he still hopes to maintain cooperation in areas of mutual benefit, the two governments are now on a collision course following last week’s sudden eruption of diplomatic warfare. First came the huge Solar Winds cyber-attack, blamed on Moscow. Now, US intelligence chiefs are publicly accusing Putin in person of conspiring to tip the 2020 election. … Speaking last Tuesday, [Biden] let rip. Putin would “pay a price” for his 2016 and 2020 poll meddling, he warned.

Putin’s people appear to be preparing for punitive American action. Biden must not disappoint them. For years, Putin has got away with murder, literally and figuratively. … The imposition of effective penalties is long overdue.

Officials say the main US effort to punish Putin will comprise potentially devastating, semi-clandestine cyber-attacks targeting Russia’s intelligence agencies, military, and government networks. … This cyber-bombardment may already have begun, hence Russia’s otherwise slightly histrionic reaction to Biden’s remarks.

Russia’s ceaseless provocations warrant a strong riposte. But … this may not be the most sensible way to bring Putin to heel.

Does your head hurt yet? It soon will, after you read BAReFO0t’s summary:

 We hack people who hack people, because hacking people is bad. … The US has just justified every Russian hack of the past. Because, according to the US, hacking is absolutely OK, if you call it a “warning shot” and a “retaliation” or whatever. Which, of course, Putin can do just as well. I mean he was literally put in power by somebody … elected because the US manipulated the Russian elections.

**** all the pain and suffering it causes. There’s a **** size to be compared. ****in’ teenagers.

And hammarbtyp calls it “pretty stupid”:

 Problem with an emphasis on offensive cyber capability is that the tools … are easily stolen and used against you. It also means there is tendency to hoard vulnerabilities, rather than address them, in the hope that at some point you can weaponise them. This results in a lack of defensive capability.

And that is a big issue in the West where we increasingly rely on sophisticated automation and structures to do pretty well everything, while the rest of the world is far less susceptible to attack, since it tends to have at best a mixture of manual and automation.

But why are we talking about Biden doing this? Whatchamacallitcalls it the “worst idea”:

 Plausible deniability is key. You just do it and you don’t brag about it. Broadcasting it ahead of time is remarkably dumb.

Information Technology is full of security holes that are constantly being discovered and fixed. Some date back decades. Nationstate Cyber warfare is all about zero-day exploits which you don’t want to waste. If you are holding a royal flush of security exploits you don’t use them for fear of tipping the hand of the enemy to your capabilities. You save those for when you really need them during a serious conflict.

MADness. This Anonymous Coward sees the oint in the flyment:

 It is very disturbing to hear talk of nukes being mentioned so casually, as if Mutually assured destruction is no longer a thing. … Would Israel be nuked because … NSO group sold malware to some despot?

Also, everyone knows that attribution in a “cyber” attack is almost next to impossible (except politicians apperently). … And even if there were some strong ties to a particular adversary or country, who’s to say it was state sponsored or just some rogue patriots or common criminals?

However, ameline takes very different lessons from history:

 If there is no response it will never end — well or otherwise. The only way to deal with a bully is to stand up to him. In the context of Russia and Putin, you have to make their games costly enough that their cost/benefit analysis comes up in favor of not attacking and destabilizing western democracies.

Lack of response and Russia’s behavior will only escalate until there is a response. This has been shown again and again.

Meanwhile, what goes up must come down, according to NewtonsLaw:

 Sounds like a giant pissing contest to me and in such events, everyone ends up getting wet.

And Finally:

Ken predicts supply-chain hacks

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Nikita Karimov (via Unsplash)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 296 posts and counting.See all posts by richi