[HN Gopher] The attack against Danish, critical infrastructure [...
___________________________________________________________________
The attack against Danish, critical infrastructure [pdf]
Author : ano-ther
Score : 69 points
Date : 2023-11-12 13:06 UTC (9 hours ago)
(HTM) web link (sektorcert.dk)
(TXT) w3m dump (sektorcert.dk)
| ano-ther wrote:
| > Report about the largest cyber attack against Danish, critical
| infrastructure we know of.
|
| The attack happened in May 2023. The publication is from November
| 2023.
| johncoltrane wrote:
| That comma is maddening.
| HPsquared wrote:
| I can't understand its function. Is this a Danish language
| thing that was carried over in translation?
| mrkeen wrote:
| Usually you do put a comma to separate two adjectives that
| modify a noun.
|
| Native speakers know not to include it here, and I don't know
| why.
| azangru wrote:
| See "coordinate adjectives" vs "non-coordinate adjectives".
| civilitty wrote:
| _> Native speakers know not to include it here, and I don
| 't know why._
|
| Native speakers would phrase it as "critical Danish
| infrastructure." Commas are only used to separate
| coordinate adjectives that are equal in importance. Here,
| "Danish" gives us an immutable property of the noun which
| is more important that "critical" which is a statement of
| quality.
|
| "Broken critical Danish infrastructure" is also
| grammatically valid since it's "(condition) (quality)
| (national association) (noun)"
| plugin-baby wrote:
| > Native speakers would phrase it as "critical Danish
| infrastructure."
|
| As a native speaker, I'm not convinced by this.
| brookst wrote:
| As a native, speaker I am.
| dkjaudyeqooe wrote:
| I agree with it, how would you phrase it?
| thomasahle wrote:
| I don't think "critical is a statement of quality". In
| the security industry "critical infrastructure" is
| basically a noun in its own right. I wouldn't be
| surprised if they started spelling it with a dash.
| yokoprime wrote:
| Could it be danish and critical infrastructure as in two
| different entities?
| mistrial9 wrote:
| Danish is used as an adjective
| plugin-baby wrote:
| It could be, presumably implying an attack against the
| danish people or language, and which critical
| infrastructure implied by context. In which case the comma
| would make more sense, but the situation would be quite
| weird!
| ethbr1 wrote:
| Core servers supporting the Danish language were
| compromised!
|
| 'Sla til Soren' possibly corrupted.
|
| People named Soren suspected.
| dkjaudyeqooe wrote:
| Language yes, people no, that would be 'Danes' or perhaps
| 'the Danish'.
| dkjaudyeqooe wrote:
| It reads as an attack against a pastry and critical
| infrastructure.
|
| It's very upsetting, I love Danishes, so delicious.
| mannykannot wrote:
| I thought I knew the answer, but it is a tricky question, at
| least in English. Firstly, there is the order of adjectives:
|
| https://dictionary.cambridge.org/grammar/british-
| grammar/adj...
|
| Secondly, whether to separate them with a comma:
|
| https://getitwriteonline.com/commas-between-adjectives/
|
| These two principles together seem to suggest "The attack
| against Danish critical infrastructure" (you would not put an
| "and" between them, and place comes before type), but to me,
| "The attack against critical Danish infrastructure" feels
| slightly better. I'm not sure why, but it might have
| something to do with my feeling that when I hear about an
| attack on infrastructure, perhaps the question of how serious
| it is puts any other adjective in context.
|
| One could also say "The [May, 2023] attack on Denmark's
| critical infrastructure" or "The/An attack on critical
| infrastructure in Denmark."
| ethbr1 wrote:
| The attack against Danish critical infrastructure
|
| Feels maximally neutral. Critical infrastructure was
| attacked. That infrastructure was Danish.
| The attack against critical Danish infrastructure
|
| Conveys more of an emphasis that the infrastructure was
| critical to Denmark (with a very slight flavor that maybe
| it's not generally accepted critical infrastructure?).
|
| In practice, as a southeastern US English speaker (if that
| matters?), adjectives closer to the noun rank higher in
| emphasis. I'm sure there are exceptions (ugh, English), but
| increasing-emphasis ordering if it's a generic bag-of-
| adjectives.
| brookst wrote:
| FWIW as a northwest USian, "Danish critical
| infrastructure" reads like the attack was against
| critical infrastructure of Danish origin, wherever it
| might be now.
|
| "Critical Danish infrastructure" tells me it is critical
| infrastructure perhaps made anywhere but deployed in
| Denmark.
|
| It is surprisingly ambiguous though.
| dboreham wrote:
| Modem noise?
| tokai wrote:
| Yes its a Danish comma thing. Even in Danish its a bit too
| much though. But that is what you get for making some commas
| optional.[0] Use of commas is generally a mess in danish.
|
| The whole report is full of wrong commas, for written
| English. Quite embarrassing.
|
| [0] https://dsn-
| dk.translate.goog/ordboeger/retskrivningsordboge...
| jacquesm wrote:
| Use of commas is a mess in other EU countries as well,
| especially when it comes to numbers. Some countries -
| including my own - use the , for a . and vice versa in
| numbers. So 1.000(nl) => 1,000(uk/us etc). This causes a
| ton of trouble with students who will consume all kinds of
| information online where the '.' is used as a decimal point
| and then have to correctly answer questions on their exams
| where it uses a ',' and a '.' is simply ignored leading to
| what are in principle correct answers flagged as errors.
|
| This is super annoying because at the same time school
| mandated computers and calculators will use a confusing
| mixture of the two depending on whether you are using local
| software or online software or a physical device intended
| for another market.
| mmastrac wrote:
| I would love it if we could move to thin-line thousands
| separators and middle dot for decimals [1].
|
| I know it won't happen, but that would be amazing.
|
| [1] https://academia.stackexchange.com/questions/117982/c
| entral-...
| jacquesm wrote:
| I'd read that as multiplication instead...
|
| This is what you get from using inconsistent symbols for
| important functions, I would not be surprised at all if
| people died over '.' vs ',' in a piece of medical gear or
| avionics.
|
| I'd use a completely new symbol before repurposing an old
| one. And in a way the '*' that computer languages tend to
| use for multiplication serves as a nice way to avoid
| mixups (as opposed to 'x').
| Lio wrote:
| I didn't notice until you mentioned it. Now I just hear it in a
| caricature William Shatner voice.
| globalise83 wrote:
| If in doubt kick it out. You only live, once.
| nine_k wrote:
| But what if the comma is the attack? Imagine all the mental
| energy it has drained.
| dkjaudyeqooe wrote:
| On HN? People don't come here to be productive (if it
| happens, it's by accident) so that energy was headed to the
| drain anyway.
|
| To the contrary I envisage many ESL readers will learn about
| comma usage today.
| thomasahle wrote:
| In Danish we separate adjectives with comma. I don't actually
| know the English rules.
| mmastrac wrote:
| Ideally it would be "critical Danish infrastructure" with no
| comma, but the comma probably disambiguates the headline
| quite a bit making it clear that two adjectives apply to the
| noun "infrastructure".
|
| The frustration in native English speakers probably comes
| from the fast the comma-less version would probably be
| unambiguous and that comma causes our brains to skip a beat
| for what we subconsciously believe is an unnecessary purpose.
|
| If all English headlines were written to be clear rather than
| as easy as possible to read, the overall state of news would
| probably be better....
| marky1991 wrote:
| I think it makes it more unclear, not less. I parse it as
| "attack against danish and critical infrastructure",
| matching the standard usage of commas in english. "Critical
| danish infrastructure" only has one possible interpretation
| in standard english imo.
| Rufus_Tuesday wrote:
| I bet Miles Davis would be annoyed by that comma also...
| motohagiography wrote:
| The key facts appear to be that there was an IKE vulnerability in
| Zyxel firewalls that allowed for a single packet compromise. The
| attacker used this simulataneously across all targeted companies.
| The report says the infra under attack didn't appear in Shodan,
| so the attackers would have used some other scanning to develop
| the attack surface, and they attribute it to a state actor.
|
| While I was involved in a lot of critical infrastructure work
| over the years, there is so much mutually assured destruction on
| 'cyber' now that I don't see the economics of it anymore.
| Personally, I have doubts NATO can afford to act directly in a
| kinetic military capacity anymore and it has to operate through
| proxy parties because its members' infra is so exposed that no
| elected government survives a cyber retaliation against its
| energy and other infra services that derails its civil society.
| That said, I've held that belief for over a decade and haven't
| had it tested.
| jjoonathan wrote:
| Angell famously published a book with a similar thesis in 1909,
| right before WWI. He was right about industrialized war being
| highly destructive and unprofitable, but he was wrong to think
| that this would stop the belligerents.
|
| [1] https://en.wikipedia.org/wiki/The_Great_Illusion
| codedokode wrote:
| Why is war unprofitable? The value of the land in a long run
| tends towards infinity, especially if it is populated with
| taxable people and factories.
| jjoonathan wrote:
| The money that you spent fighting could have been spent on
| other activities that also tend towards infinity. At higher
| rates. Without a huge initial setback.
|
| Of course, you only control your own choices not your
| competitors/opponents' choices, so game theory makes the
| outcome of "everyone chooses peace" nontrivial to achieve.
| FirmwareBurner wrote:
| War was profitable back when you'd use horses, swords, bows
| and arrows to conquer more fertile arable land and slave
| labor, as that was the most value back then.
|
| In the industrial era, the value is the profitable
| industry, which you just blew up with bombs to win the war,
| or had blown up loosing the war.
|
| Either way, you spent an insane amount of money going to
| war offensively or defensively, not winning anything of
| value other than some barren land which is now worthless,
| and now you're also broke from the debt you took to fight
| an industrial war.
|
| Advanced industry means wars are less likely to be
| profitable, not that they'll never occur.
| kossTKR wrote:
| Being a huge history nerd war is almost always about
| profiteering, nothing has changed but propaganda.
|
| The US is one big imperial war machine that protects its
| ownership class assets with their foreign policy, like
| any other superpower would.
|
| "War profiteering", forceful opening of markets, huge
| contracts being made after all major wars, resource
| control?
|
| The forever wars happening from the second world war up
| until now to keep the West on top. What "we" did to South
| America, to Iran, to African countries when they wanted
| their surplus?
|
| Empire logic, game theory, nerdy statistical perspective
| even if you played a bit of civilisation or read Guns
| Germs and Steel.
|
| Classical geopolitics 20 years ago was all about these
| game theories, propaganda, that it's all a big game of
| Risk, acquiring the most while dominating others like
| literally all of history.
|
| What is war about today suddenly then? Beautiful
| philanthropic benevolence of the enlightened western
| peoples done very reluctantly but with great compassion
| for the future of the world despite immense expenses?
| KineticLensman wrote:
| > War was profitable back when you'd use horses, swords,
| bows and arrows to conquer more fertile arable land and
| slave labor, as that was the most value back then.
|
| But maintaining large armies to do such conquering was
| massively expensive, and consider the extent to which
| various kings over the years have had their military
| ambitions crushed because their country or people could
| no longer tolerate the sacrifices required. The so-called
| slave labour still has to grow food to primarily feed
| itself, and this is a fairly full-time occupation in a
| pre-industrial state. There isn't a lot left over to
| sustain an occupying force in any sort of comfort (which
| incidentally isn't farming _its_ home fields when it is
| doing the occupying).
| wongarsu wrote:
| The idea that war is unprofitable and best avoided if
| possible was already a big theme in Sun Tzu's Art of War.
| War is insanely expensive, both in terms of the people,
| resources and infrastructure lost, and in terms of the
| opportunity cost of what you could have done instead.
|
| Sure, in principle putting in some fixed amount of
| resources to get a piece of land forever is worth it
| eventually. But that's not how it usually works out. If you
| conquer land from somebody, they don't roll over and accept
| that. Chances are you will be back on the same battlefield,
| fighting over that same land a couple decades later. Or if
| it's large enough empires fighting each other you fight
| over a different piece of land in a couple years. But
| either way, the country that can maintain peace without too
| many concessions and focus on their economy tends to be
| better off. The only major exception is colonization, where
| you fight against people who don't have a cohesive country
| that could retaliate later on.
|
| The cost of war has arguably gone down a lot in the last
| two centuries or so, since we can now fight total war _and_
| have farmers ploughing the field at the same time, due to
| the insane efficiency gains in agriculture. At the same
| time the benefits of gaining land have gone down. Doubly so
| the benefits of gaining bombed-out land where the
| population was displaced by said war.
| throw0101b wrote:
| > _The value of the land in a long run tends towards
| infinity, especially if it is populated with taxable people
| and factories._
|
| The taxable people often end up dead and the factories
| destroyed.
|
| Since about the (Second) Industrial Revolution going after
| land really hasn't been a good way to gain wealth. Sarah
| Paine, Professor of History and Strategy at the US Naval
| War College has some interesting ideas in "The Geopolitics
| and History of Continental and Maritime Power":
|
| * https://www.youtube.com/watch?v=x0QrOjqXx8U
|
| * https://www.youtube.com/watch?v=YcVSgYz5SJ8
| nonrandomstring wrote:
| > That said, I've held that belief for over a decade and
| haven't had it tested.
|
| MAD was possible because both cold war adversaries could
| verify. Satellite photos and espionage kept the score and the
| mutual decision was "Let's not". Cyber enjoys no such
| legibility, so there's a very real danger that one actor thinks
| "We'll get away with it, they won't/can't retaliate".
| pnw wrote:
| Grammar aside, the TLDR is that most of the Danish energy
| infrastructure was protected by a particular Zyxel firewall, and
| they got hacked by a state actor a couple of weeks after a
| published vulnerability, and ten days after being warned
| explicitly to update their firewalls.
|
| Anyone else find it alarming that critical infrastructure is
| being protected by a fairly low end Taiwanese networking vendor
| and not a more well known firewall brand?
| jalk wrote:
| I laughed a little when reading the info box "24x7" (stating that
| SektorCERT can't respond to attacks outside of business hours).
| I.e. "We told you fucking so"
___________________________________________________________________
(page generated 2023-11-12 23:00 UTC)