The HSE cyberattack should prompt us to join NATO

hmmm · 19-05-2021 9:35am #1

The cyberattack on the HSE is being treated as a criminal matter. The reality is that we are likely dealing with attackers who are operating out of a country which has given them tacit approval for their actions. As someone else said, once you do this as a country you end up with 20 year-olds implementing foreign policy, and I think it is as much of an attack on this country as if it had been a kinetic attack.

If this had happened in a small NATO country you'd have seen some consideration of invoking the mutual protection clause. There's a diplomatic element to this (drawing up the rules of what is acceptable in cyberwarfare) and it also would have given them the ability to draw on the resources of other states.

Unfortunately for us we now have a problem as we've been marked as relatively weak and this will encourage more attacks (that's not to denigrate the hard work being done by people to try and recover from this).

Our fortunate geographical position has largely protected us to date. In cyberspace geography means very little, and we can very rapidly end up on the front line of what will be a new form of warfare. We need to seriously consider whether we have the ability to protect ourselves in this new environment, and if not what we do in response.

Dohvolle · 19-05-2021 12:48pm

This is just the beginning.
I see NZ suffered a similar attack this morning.

lawred2 · 19-05-2021 12:50pm

what would guns and bombs do for us?

Larbre34 · 19-05-2021 1:00pm

I'm inclined to agree.

Make no mistake, if this was a State actor, it would be an act of War. The fact that Russia shelters this activity is almost as bad.

If nothing else, NATO would allow us to access shared resources both to prevent this stuff with greater success and to go after the gangs.

I've said on other fora, there is a two pronged approach to shutting this stuff down. 1) kill cryptocurrency. Undermine it, corrupt it, dump it, close doors to it. 2) the Mossad approach. Start assassinating wizard spider and everybody like them. On the street, in their cars, in their homes. Spread panic, fear, confusion. These ****ers live in far too splendid an isolation in Russia, they want a War by destroying the healthcare support of thousands of people? Well they've got one.

Larbre34 · 19-05-2021 1:01pm

lawred2 wrote: »

what would guns and bombs do for us?

Thats a churlish dumbass question which deliberately ignores the challenge at hand and the capacity of NATO resources. Resources we don't have.

lawred2 · 19-05-2021 1:01pm

Larbre34 wrote: »

I'm inclined to agree.

Make no mistake, if this was a State actor, it would be an act of War. The fact that Russia shelters this activity is almost as bad.

If nothing else, NATO would allow us to access shared resources both to prevent this stuff with greater success and to go after the gangs.

I've said on other fora, there is a two pronged approach to shutting this stuff down. 1) kill cryptocurrency. Undermine it, corrupt it, dump it, close doors to it. 2) the Mossad approach. Start assassinating wizard spider and everybody like them. On the street, in their cars, in their homes. Spread panic, fear, confusion. These ****ers live in far too splendid an isolation in Russia, they want a War by destroying the healthcare support of thousands of people? Well they've got one.

I'd agree this has to happen

Dohvolle · 19-05-2021 1:47pm

Reasons for cryptocurrency:
Launder money
Buy controlled drugs
Buy guns
Buy child pornography.
Until it is brought into the mainstream it funds the black market in everything. It must be shut down.

19-05-2021 1:50pm

Dohvolle wrote: »

Reasons for cryptocurrency:
Launder money
Buy controlled drugs
Buy guns
Buy child pornography.
Until it is brought into the mainstream it funds the black market in everything. It must be shut down.

You are aware all of that **** occurred before the invention of cryptocurrency.

Dohvolle · 19-05-2021 1:59pm

Deleted User wrote: »

You are aware all of that **** occurred before the invention of cryptocurrency.

Cryptocurrency has made it easier to hide.

Larbre34 · 19-05-2021 2:07pm

[Deleted User] wrote: »

You are aware all of that **** occurred before the invention of cryptocurrency.

Certainly.

However the criminal world have become used to it as a medium to transact. If it could be destroyed now, it would both disrupt them and erase a lot of their wealth.

Yes, they would of course revert to sovereign currencies and look for new and more perverted ways to make money but that doesn't add up to a case for not doing it.

lawred2 · 19-05-2021 2:21pm

Larbre34 wrote: »

Thats a churlish dumbass question which deliberately ignores the challenge at hand and the capacity of NATO resources. Resources we don't have.

https://ccdcoe.org/news/2019/nato-cooperative-cyber-defence-centre-of-excellence-grows-to-25-members/

Whatever happened to our application to join ccdcoe?

papu · 19-05-2021 2:23pm

I don't understand why people are derailing threads about this cyberattack with Crypto nonsense.

To the topic at hand. Cyber attacks have been potentially linked to state actors numerous times, they are not taken as acts of war, far more destructive and damaging attacks have been carried out on far more powerful countries..

I don't see what advantage membership of NATO would give us and if it changes our neutrality I would be opposed. I imagine a referendum would be required.

Dohvolle · 19-05-2021 3:10pm

papu wrote: »

I don't understand why people are derailing threads about this cyberattack with Crypto nonsense.

To the topic at hand. Cyber attacks have been potentially linked to state actors numerous times, they are not taken as acts of war, far more destructive and damaging attacks have been carried out on far more powerful countries..

I don't see what advantage membership of NATO would give us and if it changes our neutrality I would be opposed. I imagine a referendum would be required.

Why would you think a referendum would be necessary? Our neutrality is not enshrined in any law, or is it mentioned in the constitution, it is merely a matter of government policy since 1940. (Done in response to a large majority of Government and the Defence forces having been involved in a war against one of the allies, just 20 year previous).
In fact, the current policy tying any military activity into the Triple Lock is the actual opposite of Neutrality in that it prevents us from militarily acting alone. Instead we first get approval from the EU and the Super powers who are permanent members of the UNSC.

hmmm · 19-05-2021 3:53pm

papu wrote: »

I don't see what advantage membership of NATO would give us and if it changes our neutrality I would be opposed. I imagine a referendum would be required.

For me it gives us two things:
1. It gives us access to resources and mutual aid. We hear all about how Interpol are involved, as if that helps. The police know where these people are - one of the leaders of a notorious Ransomware gang drives around Moscow in a Lamborghini. It is being treated as a criminal case when the reality is that this is a verging on a state-level attack.
2. It makes us a more dangerous target if the potential of mutual military aid is available from other NATO countries. I'm not talking drone strikes, but the ability to both provide cyber-defense and offensive capabilities.

There are other cyber-attacks happening against Irish ISPs right now, and the concern is that the country is going to be seen as a soft (and wealthy) target. I wouldn't like to be the person running IT in the HSE, as even when they get the network back up you can't fix years of under-investment leading to security vulnerabilities.

Larbre34 · 19-05-2021 3:56pm

Absolutely, every word correct.

Neutrality is a policy, just like any other competence of the Government of the day and by extension, Oireachtas Éireann. It always amazes me how many default lefty box tickers have no idea about that.

And anyway, neutrality is now a complete misnomer for what we are. As a leading EU member and free and democratic nation of the Western World, there are no doubts as to where our loyalties lie, we are just militarily non-aligned, i.e. we factually do not belong to any specific alliances, yet we are an active member of NATO Partnership for Peace and a non permanent Member of the UN Security Council, so make of that what you will.

If the Government of this State need to take a military or security related action to defend the interests of this State directly, they need only get the ascent of Dáil Éireann. If they want to carry out a black operation on foreign soil, they don't even need that. And in this case we aren't dealing with a Nation, we're dealing with unprincipled criminal scum who should be exterminated.

timmyntc · 19-05-2021 4:19pm

Surely more cooperation at an EU level would make more sense than joining NATO.

As part of PESCO there is a very large cyber-security contingent, but I'm not sure if Ireland cooperates much on that front.
So instead of joining NATO and all the cons that involves, why not just make use of the organisation we are already in?

Also even if we were in NATO or closely aligned re: PESCO cybersecurity, the HSE attack would still have happened. Its a problem with organisations not taking security seriously. Cyber attacks can and will get through - its not like conventional warfare at all.

hmmm · 19-05-2021 5:22pm

timmyntc wrote: »

Cyber attacks can and will get through - its not like conventional warfare at all.

I think you're stuck in a guns and bullets mindset - the (in)actions of certain countries is aimed at achieving much the same impact as normal conventional war on those they see as their adversaries/competitors. These ransomware cyber-attacks are on an entirely different level because there is no normal policing response which can combat them when the criminals are protected by a state.

If some other country was firing missiles at our hospitals we'd both criticise our defenders, but also put blame on those firing the missiles. In this case a lot of people seem to think that we only blame the defenders, and we should passively accept cyber-attacks.

Short of perhaps some actions during the troubles, I can't think of a more devastating attack on our country than what we are seeing currently - and certainly not one from another state. And it's a warning for the future - criminals who disable our hospitals would be more than willing to go after our electricity or water systems etc.

sparky42 · 19-05-2021 6:10pm

Membership of NATO is pretty much irrelevant in this, it’s only a couple of weeks since the major disruption in the states due to hacking an oil company, not too mention the massive cyber breach they discovered last year, same for the U.K. with the NHS attack a few years ago.

The issue is as always the Irish people an politicians have feck all interest in funding cyber defence (or any defence), as mentioned the national risk assessment has been highlighting this for years and the situation has only got worse. There’s no way anyone is going to support a 2% spend on defence so forget NATO (hell even 1% is politically impossible), this attack won’t change anything, there will be a few sound bites for effect and then it’s back to “sure we’re Irish, nobody will attack us”.

knucklehead6 · 20-05-2021 6:04am

Larbre34 wrote: »

I'm inclined to agree.

Make no mistake, if this was a State actor, it would be an act of War. The fact that Russia shelters this activity is almost as bad.

If nothing else, NATO would allow us to access shared resources both to prevent this stuff with greater success and to go after the gangs.

I've said on other fora, there is a two pronged approach to shutting this stuff down. 1) kill cryptocurrency. Undermine it, corrupt it, dump it, close doors to it. 2) the Mossad approach. Start assassinating wizard spider and everybody like them. On the street, in their cars, in their homes. Spread panic, fear, confusion. These ****ers live in far too splendid an isolation in Russia, they want a War by destroying the healthcare support of thousands of people? Well they've got one.

Larbre34, you might want to change your password. I think Johnny Bigwallet got hold of your account

timmyntc · 20-05-2021 8:57am

hmmm wrote: »

I think you're stuck in a guns and bullets mindset - the (in)actions of certain countries is aimed at achieving much the same impact as normal conventional war on those they see as their adversaries/competitors. These ransomware cyber-attacks are on an entirely different level because there is no normal policing response which can combat them when the criminals are protected by a state.

If some other country was firing missiles at our hospitals we'd both criticise our defenders, but also put blame on those firing the missiles. In this case a lot of people seem to think that we only blame the defenders, and we should passively accept cyber-attacks.

Short of perhaps some actions during the troubles, I can't think of a more devastating attack on our country than what we are seeing currently - and certainly not one from another state. And it's a warning for the future - criminals who disable our hospitals would be more than willing to go after our electricity or water systems etc.

So you expect us to go to war with the Russians/Chinese/etc based on the actions of some of their citizens?

What happens when attackers start to spoof their IPs or simply operate with VPNs through Russia but theyre really based somewhere else? We still assume its Russia and go to war?

Cyberattacks are a minefield of complexity, the NATO approach would not cut it. At the end of the day it comes down to having the necessary protections in place against various exploits. Whether you get retribution for their actions is irrelevant - the damage will still have been done. Killing people wont remove ransomware.

hmmm · 20-05-2021 10:37am

timmyntc wrote: »

What happens when attackers start to spoof their IPs or simply operate with VPNs through Russia but theyre really based somewhere else? We still assume its Russia and go to war?

Attribution is difficult, but in general most of the major ransomware gangs have now been geo-located, particuarly thanks to the work of groups like Mandiant. Some make it easier than others by driving around Moscow in a Lamborgini.

At the end of the day it comes down to having the necessary protections in place against various exploits.

We're heading into a place where simply patching and having protections in place won't stop these gangs. They are wealthy enough to purchase zero-days which will bypass current protections. One group reverse-engineered the code on file-sharing systems used by some major institutions and wrote their own zero-days. We've seen with the Solarwinds attack that these attackers were inside the networks of major institutions and firms for months without being detected - thankfully in this case it was military intelligence and not a ransomware group.

Ireland cannot protect itself in this new world on its own. That will become apparent over the next few years.

timmyntc · 20-05-2021 10:39am

hmmm wrote: »

Attribution is difficult, but in general most of the major ransomware gangs have now been geo-located, particuarly thanks to the work of groups like Mandiant. Some make it easier than others by driving around Moscow in a Lamborgini.

We're heading into a place where simply patching and having protections in place won't stop these gangs. They are wealthy enough to purchase zero-days which will bypass current protections. We've seen with the Solarwinds attack that these attackers were inside the networks of major institutions and firms for months without being detected - thankfully in this case it was military intelligence and not a ransomware group.

Ireland cannot protect itself in this new world on its own. That will become apparent over the next few years.

And we are not on our own - we are part of the EU, we have signed up to PESCO. Our govt should cooperate closer on the cybersecurity aspects of PESCO.

There is no need to join NATO. Its not like NATO membership would deter these gangs anyways - didnt they hack a US oil pipeline recently?

hmmm · 20-05-2021 10:53am

timmyntc wrote: »

There is no need to join NATO. Its not like NATO membership would deter these gangs anyways - didnt they hack a US oil pipeline recently?

Yep, and the group that did this realised their mistake and have been running ever since (possibly disbanded, claiming to have been attacked in response). The group who hacked the HSE are laughing at us. Biden has been on the phone to Putin as a consequence, and it has been raised in yesterday's US-Russia talks. Russian ransomware hackers will not be deliberately targeting US infrastructure again any time soon.

Jim2007 · 20-05-2021 11:13am

hmmm wrote: »

If this had happened in a small NATO country you'd have seen some consideration of invoking the mutual protection clause. There's a diplomatic element to this (drawing up the rules of what is acceptable in cyberwarfare) and it also would have given them the ability to draw on the resources of other states.

This is just nonsense. The EU treaties include a similar clause, which could have been invoked and brought most of the NATO countries into the game. But what good would it have done, what resources would they have brought to the table? The only experience most of them have is failure and an ability to pay the ransom quickly.

Unfortunately for us we now have a problem as we've been marked as relatively weak and this will encourage more attacks (that's not to denigrate the hard work being done by people to try and recover from this).

On the contrary Ireland is far from weak when it comes to this kind of stuff, this represents the third failed ransom attempt on public services there are not many public services that have managed to do so well.

We can very rapidly end up on the front line of what will be a new form of warfare. We need to seriously consider whether we have the ability to protect ourselves in this new environment, and if not what we do in response.

We are already on the front line and have been for sometime. And we are actually doing very well as the most recent failed attempt shows. No doubt lessons will be learned and adjustments will be made to improve the defenses.

On average a personal website gets hit 8 to 1o times a week, but there is usually nothing of interest and most owners are not monitoring for it anyway. Our financial institutions are being hit 7x24 and most companies are probably hit a couple of times a day at least.

You need to learn how the game is played and NATO is irrelevant.

Jim2007 · 20-05-2021 11:17am

hmmm wrote: »

Yep, and the group that did this realised their mistake and have been running ever since (possibly disbanded, claiming to have been attacked in response). The group who hacked the HSE are laughing at us. Biden has been on the phone to Putin as a consequence, and it has been raised in yesterday's US-Russia talks. Russian ransomware hackers will not be deliberately targeting US infrastructure again any time soon.

You have absolutely no idea who this game is played. Every minute of the day hackers around the world are hitting every single company with an internet presence and it does not matter who Putin or Biden speak to.

hmmm · 20-05-2021 12:47pm

Jim2007 wrote: »

You need to learn how the game is played and NATO is irrelevant.

I know how the actual epidemiologists on the Covid threads feel now. :rolleyes:

timmyntc · 20-05-2021 12:53pm

hmmm wrote: »

I know how the actual epidemiologists on the Covid threads feel now. :rolleyes:

Are you an actual diplomat? :pac:

sparky42 · 20-05-2021 2:08pm

timmyntc wrote: »

And we are not on our own - we are part of the EU, we have signed up to PESCO. Our govt should cooperate closer on the cybersecurity aspects of PESCO.

There is no need to join NATO. Its not like NATO membership would deter these gangs anyways - didnt they hack a US oil pipeline recently?

Or as I pointed out the U.K. NHS attack a few years ago. Our basic issue is that as with anything defence related we invested feck all in the area on the assumption that nothing bad would happen. Being part of NATO won’t change that unless we change our mindset on defence, I mean hell we’re currently just basically signatures on PESCO projects to be seen to be there, rather than actually engaging with them.

Jim2007 · 20-05-2021 2:54pm

sparky42 wrote: »

Our basic issue is that as with anything defence related we invested feck all in the area on the assumption that nothing bad would happen. Being part of NATO won’t change that unless we change our mindset on defence, I mean hell we’re currently just basically signatures on PESCO projects to be seen to be there, rather than actually engaging with them.

Like every other country, we are spending a very large percentage of IT budgets on this. This is not a military matter it's industrial espionage and it is taken very seriously by us all.

sparky42 · 20-05-2021 3:49pm

Jim2007 wrote: »

Like every other country, we are spending a very large percentage of IT budgets on this. This is not a military matter it's industrial espionage and it is taken very seriously by us all.

Companies are taking it seriously, without question government and its agencies like the HSE are not. The investment at state level just hasn’t happened.

Dohvolle · 20-05-2021 4:16pm

Jim2007 wrote: »

Like every other country, we are spending a very large percentage of IT budgets on this. This is not a military matter it's industrial espionage and it is taken very seriously by us all.

Theft of the medical history of the state's citizens is not industrial espionage. Closure of the State's health IT infrastructure is not industrial espionage.
It's a level above that.
It's just Electronic Espionage carried out in an unfriendly state. Not really different to saudi terrorists based in Afghanistan carrying out a terrorist attack on the US financial district.

The HSE cyberattack should prompt us to join NATO

Comments