Iranian cyberspies exploited Log4j to break into a US govt network Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA. In an alert posted Wednesday, the US cybersecurity agency said it …
So, an eye for an eye?
How much spying on you does the USA do?
The obvious difference is that you're not a sovereign state. But what if an individual attacks/offends an individual? Okay to retaliate?
Sovereign states have no overseeing legislature (see: Country that still uses fax machines... for an example of how this will remain the case for a long time!). But we as individuals do. What if our legislature is broken or corrupt, or our aggressor is another sovereign state? ECHR? Okay....
I've no probs with your witticism. All sovereign states (that can do) spy on each other. I'm just saying tit-for-tat doesn't end if there's no overseer with a bigger gun.
Personally, I'm all up for a "Cyber Day of the Triffids". Down with the establishment! I wanna be anarchy!
Because in the US spying is done by government organizations like the NSA and CIA, and they like their spying to be done as invisibly as possible. We've all seen the toolkits they've used, they take every measure possible to hide their existence from people using/managing the compromised computers. Running a cryptominer flies in the face of that, as the excess resources it consumes makes it far more likely to be noticed than a stealthy rootkit.
Whereas these spies are either not government employees but hackers sort of 'encouraged' to direct their enterprise towards targets Iran's government wants information on, or are government employees who are not paid well and risk their spying being more easily detected to scratch a few pennies on top of their salary via CPU based cryptomining.
that the said IT mules unofficially installed the crypto mining software in order to leverage more income from their activity. Who would know ?
If the "Man" in charge is as clued up as our politicians and their per IT psuedo scientists, we as individuals wouldn't know if someone Carp Diemed (sieze the day) the COVID testing app, or the NHS 111 app, or your EV charging app, or the doorbell camera app, or the security camera app, or any other available "app" - until the ORGs involved got around to notifying their customers.
FFS ! If the Iranians are using Microsoft OS, then surely all this skull duggery is just to draw our attention away from those MACROS or wanting to PRINT, where we all know that Microsoft rules this roost.
ALF
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
