- Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming “please hack me”. - Project manager: at least I can blame the vendor - Entirely seriously, yes. - Most project managers I’ve ever met or known or worked with are basically incompetent technically, and very insecure / in denial about that, and thus vastly prefer the ‘safe’ option of someone else being responsible over the ‘risk’ of… hiring actual quality people that can make/support their own quality product. - Did you consider that project managers often have to follow all sorts of company standards, have to figure out a way to get a dozen departments with conflicting standards together, on top of that have to catch the stupid ideas from the upper-management and marketing without telling the upper-management that they have no idea what they are talking about, on top of getting something actually done in the project? - Because often the level of tech competency has very little to do with the decision corridor that the project manager has, given everything else. - Yep. - I’ve been one. - Thats how I know what I am saying. - Like you’re not even challenging what I’m saying really, you admit that most PMs are technically incompetent, because their job is mainly playing office politics. - It didn’t used to be this way. - And it still doesn’t have to be. - A good PM is someone who actually knows their relevant field, and can also do some office politics, but much more importantly, is a responsible and helpful team leader. - A person with only an MBA just has a degree in how to play office politics and gaslight people. - It’s always been that way, and always will be. Most people are mediocre at most things. 
 
 
 
 
- 🤣 should we get a list of foss projects that have had security issues? Or how about how someone slips some shit in upstream every few weeks it seems? - Stop this nonsense. You can hate Microsoft for legitimate reasons. - I mean… For real, I’ve never heard of Linux systems being hacked this way. I’m sure it’s possible, but it certainly seems rarer. - Slipping shit in upstream also certainly doesn’t happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can’t automate those kinds of attacks. (I imagine. Correct me if I’m wrong.) - It does happen occasionally, from time to time, but, because everything is gasp open source, it tends to get caught, identified, blocked/quarantined and then fixed considerably more rapidly, with decent fallback instructions/procedures in that interim period. - Like apparently it actually just recently happened with some asshole uploading bs malware libs/sources to the AUR… even still, got caught pretty quickly. - Also, you can basically describe the entire CrowdStrike fiasco as exactly this kind of upstream oopsie doopsie. - Doesn’t really matter in the big picture if it was intentionally malicious or not, when you Y2K 1/4 of the world’s computer systems. - Exactly. - When there’s a high profile bug in an important FOSS project, everyone and their dog is looking for a fix. Usually it’ll be patched within days, if not hours, of being reported. - When there’s a high profile bug in a closed size source project, the company backing it will deflect and delay until they’re forced to fix it, and they can sometimes get away with it for years or even decades. - All software has bugs, which remain strategy do you prefer? - I mean, myself personally, I prefer to simp and fanboy for my favorite exploitative corperate overlord, because I’m sure there are good reasons everyone uses them, despite their well documented history of massive fuckups and fuckovers of all possible kinds! - /s 
 
 
- Absolute opposite. The majority of successful attacks you see today are identity management and supply chain attacks. If you walk into any OCIO office supply chain will be a top 3 concern. - I know of one successful supply chain attack in FOSS. - So still points for using it. - AUR has had multiple Trojans just this week - I’m sorry, Dave, but AUR does not count. - Precisely. The AUR is just a somewhat organized script dump. There’s no release process, and any user can upload any script they want. If you’re not capable of auditing scripts yourself, don’t use the AUR, there’s no expectation of quality or safety at all. 
 
 
 
- I… Don’t understand what you said here 🫤 
 
 
- Microsoft is getting hacked every other week. - As well as FoSS projects. 
 
- Mate have a look at the SharePoint vulnerability. It’s embarrassingly bad. Like really really bad, and btw so bad that it’s very easy to understand and exploit. And prevent too, if a jr in my team did this I’d get them in trouble. - No no, you don’t get it. - Random Windows ‘Powerusers’ obviously know more about programming and cybersecurity than people who actually do that for a living, as a professional line of work, duh! - See, I wrote a bash file once, so I basically know everything about software dev, especially on linux as well, which is basically just the whole OS is powershell, right? - /s/s/s 
 
 
 
- https://techxplore.com/news/2025-07-fbi-national-st-paul-cyber.html - So, this actually was first detected on Friday July 25, escalated all the way up to the Emergency Operations Center on July 28 (Monday), state of emergency / near total intranet shut down (they are quarantineing the whole system) on July 29 (Tuesday). - It seems to me that some kind of rather sophisticated threat actor managed to get into the core … this techxplore article calls it a ‘VPN’, but it isn’t technically a VPN, its a secure access tunnel system that city-gov systems and employees use to talk to each other, it almost certainly is not intended to be geared toward broad internet access/usage, beyond accepting user input from public facing government web portals, such as say, people paying their utliity bills online or trying to submit a business liscense application online, things like that. - This system is sounding like it got fully compromised (as in, low level/high privilege level access was secured), and was either sending data out/in through improper IP addresses, and/or was possibly being hijacked to do some kind of DOS attack … on itself? - I am having a really hard time finding any exact details on this, but this is my best guess. - Given that the EOC essentially immediately shutdown everything and called in a National Guard Cybersecurity team, it seems to me that there is a high chance this was done by basically a nation-state level threat actor. - It also at least seems like the systems, the data, the hardware, have at least not yet been locked down in a ransomware style move, which… could be largely due to their just quickly pulling the whole thing offline, or could be because that wasn’t the goal of the attackers… or some combination of both. - Yeah that’s a vpn - Removed by mod - The primary purpose of a VPN is to create a tunnel between two networks, hence the name “virtual private network”. I’m very familiar with them as I work with these systems for a living. - I’m guessing some people don’t know (or forgot) that site-to-site and remote access VPN’s are a thing, and was the initial purpose of VPN’s. Masking or hiding your location became a benefit after the fact, and todays more common client VPN is technically a remote access VPN with a new purpose. - Remote access VPN’s are a very common attack vector for companies, look up companies compromised with Fortinet gear and its typically through the firewalls VPN. - In fact, a primary purpose of a VPN, spoofing your IP/geolocation, pretending you are someone you aren’t… is pretty much antithetical to a highly controlled system of users with varying levels of access to specific, private areas of that system. - Most modern remote access VPN’s do exactly that, so it is not antithetical at all and is how most client VPN’s keep you from accessing other users data. I would encourage you to read up on WireGuard and the like, they are fun to learn about and awesome tools when configured properly. - Also, we removed the above comment because the last sentence was fairly rude and violates rule 3 @sp3ctr4l@lemmy.dbzer0.com 
 
 
 
- but it isn’t technically a VPN - It is. Others have given some details, but I’ll keep it simple. - A VPN makes remote devices seem like they’re on the same network. You can have all traffic be routed through that virtual network, or just some of it. Common use cases: - consumers - make yourself appear to be somewhere else; basically replaces old SOCKS proxies (all traffic routed)
- workplace - provide access to internal, protected resources to those that need them (only relevant traffic is routed)
- home lab - expose internal services publicly (reverse of workplace use case)
 - Those are all VPNs, though the first is acting more like a proxy than the others. - National Guard Cybersecurity team - This isn’t some crack team of experts, it’s mostly part-time soldiers who likely have a relevant day job. My brother-in-law is a mechanic at the National Guard, not because he’s an expert, but because they paid for his 4-year degree and only expect a few hours of work each month. A lot of people join for inexpensive medical insurance. - This cybersecurity team is probably just a handful of locals who work in IT locally and have had training on systems commonly used by the military. - If this was a high profile attack by a state actor or something, they wouldn’t call the National Guard, they’d call the NSA, CIA, or something similar, as in an actual crack team. The National Guard is mostly there to provide structure in emergencies, like organizing rescue efforts in a flood or help firefighters with labor in fighting wildfires. They’re just weekend warriors, not experts. - I guess my confusion here comes from trying to reconcile the broad, colloquial understanding of a VPN, and the actual, precise, technical definition. - When a news article runs with VPN in a wide audience usage… 95% of people think SurfShark or Nord or PIA or whatever, something that is consumer oriented, that accesses/fancy proxies the broad internet, as you give in your first example, where it basically functions as a more elaborate set of proxies than what most people could probably manage on their own. - So… yes, it technically is a type 2 VPN as you’ve listed, but it technically isn’t a type 1 VPN, which is what 95% of people think a VPN is. - I’ve worked remote for a decently long while, and most other remote workers I’ve known… they do not have really any understanding at all that their work login thing… is fundamentally the same kind of VPN as Surfshark, just configured differently. - My goal was to emphasize this difference, but yeah, I could have used better wording. - And yes, I know as well that Nat Guard CyberSec are by no means the creme de la creme of cybersec specialists, but the fact that a top level Municipal agency went ‘oh fuck’ and basically escalated the issue to the next level of IT support, the State Nat. Guard… that means they got pretty fucking spooked. - Also, the FBI is involved as well, they’d be the ones to pass it up to NSA and/or Homeland Security, I think… and the Nat Guard would be the ones capable of passing it up to… Army CyberCom… and I think if it makes it up to either Army CyberCom or the NSA or Homeland Sec, well at that point, its theoretically possible that any member of the alphabet soup could be called upon, or at the very least, have it come up on someone’s desk. - I am not exactly sure what the CoC of escalation pathways is here, but it seems like this got escalated to as many people as the Municipal Emergency Response Team could, quite rapidly. - Its ‘the emergency response team looked at this for 24 hours and then called in another emergency response team’. - So… yes, it technically is a type 2 VPN as you’ve listed, but it technically isn’t a type 1 VPN, which is what 95% of people think a VPN is. - Sure. But VPNs were around long before the consumer-oriented VPNs were a thing. - spooked - Or they just had one person handling their IT and needed help, and didn’t want to pay an outside contractor. - I’m honestly surprised the National Guard was called at all. If anything, that shows how backwards Minnesota is, or at least the mayor of St. Paul. I’d expect that if my state government got hacked, they’d call in a local cyber security firm to come audit things, and we have plenty of them here (I’m in Utah, so not even a big state). This isn’t a National Guard situation, it’s an independent cyber security audit and FBI situation. - Here’s how I expect this happened: - St. Paul’s small IT team escalated the issue to the mayor because they were overwhelmed
- Minnesota Governor (Tim Walz) didn’t know what to do, so he called everyone, including the National Guard
- everyone responded
 - Sure. But VPNs were around long before the consumer-oriented VPNs were a thing. - No argument there, you’re right. - (technically =P) - Or they just had one person handling their IT and needed help, and didn’t want to pay an outside contractor. - Nah, read the links I provided. - It went from the normal IT department, to the city level Emergency Response Team, to the Nat Guard and FBI. - Cities, larger ones anyway … often have their own sort of local mini-FEMA, who have their own capacities to order around other local agencies, but also have a whole bunch of protocols for… who to contact when something exceeds the capacity of everything they can more or less order around with their own authority. - I’m honestly surprised the National Guard was called at all. If If anything, that shows how backwards Minnesota is, or at least the mayor of St. Paul. - I am not in particular familiar with St.Paul specifically… but … - 
It could overall make sense given the capacities of the city (the Twin Cities, St. Paul + Minneapolis), and them knowing their own constraints. 
- 
It could also make sense if they rather rapidly at least suspected a very sophisticated, foreign threat actor. 
 - That second half is kinda most of my argument: - Why would you start up the Military chain of escalation unless you either suspected a potential foreign nation state actor, and/or, critical infrastructure systems were breached, so critical that they’d been previously deemed an actual national security risk, should that happen? - I am not certain of what happened, nor certain of the validity of this logic… but this is my logic, from the original comment. - Sure, they could have just panicked. I don’t know that they did or did not. - But I have worked with people who’ve been employed by, led things like FEMA and DHS and City level emergency response teams, their specialities being the cybersec/netsec variety, and… this seems like actually following a previously outlined set of steps to me. - I’d expect that if my state government got hacked, they’d call in a local cyber security firm to come audit things, and we have plenty of them here (I’m in Utah, so not even a big state). - Ahahah, two things here: - 
Basically, see what I just wrote above. 
- 
Really? Utah, prime recruiting ground for the CIA, Utah, with the largest NSA data center complex in the country, possibly the world, that is archiving essentially all US internal communications they can so they can search through them later if need be, Utah, with more and more corporate datacenters all the time… you don’t class Utah as a big state, in terms of the tech sector? 
 - Perhaps I am misunderstanding you, but I just find that silly. - you don’t class Utah as a big state, in terms of the tech sector? - In terms of military, we have: - one major Air Force base (Hill)
- some storage and testing facilities
- refueling facility for the Army
 - That’s it. We have ~3.5M people (~1/100 of US population), and only ~3 metros that matter (SLC, Utah County, St. George). Minnesota has ~5.7M people, so it’s almost twice as big, and the Twin Cities cities area (includes St. Paul) is bigger than the entire population of Utah. - So while Utah punches above its weight in tech, St. Paul area absolutely dwarfs it in population. Surely they have a robust cybersecurity industry there… - The National Guard just seems like a desperate move. When they’re deployed, they take orders from the the federal military, and at peace, monitoring foreign threats seems like a federal thing. You call in the National Guard to put down a riot or something where you just need bodies, not for anything niche. The only way that makes sense is if they think there will be an invasion (angsty/Canadians?) and they need boots on the ground for physical protection. Otherwise, just call a local cybersecurity firm to trace the attack and assess damage. - So while Utah punches above its weight in tech, St. Paul area absolutely dwarfs it in population. Surely they have a robust cybersecurity industry there… - https://lecbyo.files.cmp.optimizely.com/download/fa9be256b74111efa0ca8e42e80f1a8f?sfvrsn=a8aa5246_2 - Utah, #1 projected tech sector growth in the next decade, of all 50 states. - Utah, #8 for tech sector % of entire state economy, of all 50 states. - Minnesota? - Doesn’t crack top 10 for any metrics. - Utah may not be the biggest or techiest state, but it is way more so than Minnesota. - The National Guard just seems like a desperate move. - Again, this is my argument, but you are only seeing desperation as due to incompetence, not due to… actual severity. - When they’re deployed, they take orders from the the federal military, - Not actually true unless the Nat Guard has been given a direct command by the Pentagon. - and at peace, monitoring foreign threats seems like a federal thing. - … which is why the FBI were called in, in addition to the Nat Guard being able to report up the military CoC. - You call in the National Guard to put down a riot or something where you just need bodies, not for anything niche. - I mean, you yourself have explained that the Nat Guard does have a CyberSec ability, and I’ve explained they also have the ability to potentially summon even greater CyberSec ability. - I guess you would be surprised how involved the military is / can be in defending against national security threatening, critical infrastructure comprimising kinds of domestic threats. - Remember Stuxnet? - Yeah other people can do that to us now, we kinda uncorked the genie bottle on that one. - Otherwise, just call a local cybersecurity firm to trace the attack and assess damage. - It is not everyone’s instinct or best practice to immediately hire a contracted firm to do things that government agencies can, and have a responsibility to do. - If this was like, Amazon being comprimised, yeah I can see that being a more likely avenue, though if it was serious, they’d probably call in some or multiple forms of ‘the Feds’ as well. - But this was a breach/compromise of a municipal network… thats a government thing. Not a private sector thing. - EDIT: - Also, you are acting like either you are unaware of the following, or … don’t think its real? - https://en.wikipedia.org/wiki/Utah_Data_Center - Kind of a really big deal in terms of Utah and the tech sector and the Federal government and… things that were totally illegal before the PATRIOT Act. - Exabytes of storage. - Exabytes. - Utah literally is where the NSA is doing their damndest to make a hardcopy of literally all internet traffic and content. - Given how classified this facility is, I wouldn’t be surprised if their employees don’t exactly show up in standard Utah employment figures. 
 
 
- 
 
 
 
 
- The national guard here is looking around for men in black masks in front of computers throughout the city. Its crazy - Is this a joke or are you serious? - Goddamn it, I can’t tell anymore - They found him  - It’s a joke… 
 
 
- What’s Saint Paul gonna do about it? - Complain to Jesus? - 🙄 - …your lack of faith is, disturbing… 
 
 
 
- but at least Abilene was insured against such an attack - Oh, well that’s great. I hope the people, whose identity, medical records, or whatever else was stolen will be compensated accordingly. Would be a shame if the money went into building a new, just as unsafe system. - Not that anyone gives a fuck. At this point the argument is “your data had probably already been stolen somewhere else”… 
- Had to read the article to realise st Paul is a city name. 😅 - Also, could it be a 'the call is coming from inside the house " situation? - I remember pedo party hating this mayor. It was all over lemmy during simpler times. - Also, could it be a 'the call is coming from inside the house " situation? - I think this is far more likely than China, North Korea, Iran or Russia having a sudden interest in St Paul Minnesota (a city that most people in the US don’t even think about). - Who benefits more from the crippling of city-level liberal governments and stealing their data, Trump or China? If we see ICE conducting surgical raids within St Paul in the coming months, I think we’ll have our answer. 
- Probably not the mayor, the governor of the state was the VP candidate for Kamala Harris. 
 
- Isn’t there an upcoming election in St. Paul? - Minneapolis and St Paul (Cross-River sister cities, St Paul is the State Capital) both have mayoral elections on November 4, 2025. The one you’ve been seeing mentioned more likely is the Minneapolis one where the DFL (State Democratic Party) endorsed a candidate for the first time in a bit and it was the challenger to the incumbent Democratic candidate, so it’s been in the news. 
 
- With no ransom demand it’s gotta be a state actor probing defenses and testing responses, right? I think first guesses would be Russia, China, Iran or maybe North Korea. - first guesses - Not so sure. Arent they known for being a queer friendly town? - Yes we are - So probably some fuckers you paid for with fed taxes. We should really stop doing that. 
 
 
- Or some bored teenager somewhere - That sounds much more likely. I don’t care about St. Paul and I’m American, why would China or Russia care? Also, state and city governments all handle things differently, so the only takeaway is that St Paul’s IT is probably incompetent. 
 
 
- …perhaps the U nited S tates should handle that… 
- What are the chances this took place during working hours in China? - The article says it started on a Friday morning in Minnesota. It’s clear that that’s when the attack started and not a case of the first guy starting work that day discovering that it happened, because the article also says that they tried to contain it as it was going on, but ultimately failed. - Minnesota is at UTC-5 and China is at UTC+8, meaning when it’s morning in Minnesota, it’s already 13 hours later in China, i.e. middle of the night. - I don’t see anything in the article that states the attack started that morning. It says that i was “first noticed” early Friday morning: - According to remarks by St. Paul Mayor Melvin Carter, the attack was first noticed early in the morning of Friday, July 25. - I’m not arguing it’s China, just that I didn’t see anything indicating they know when the attack started 
- It’s probably a local. 
 
- Or maryland. The feds are not friends right now. Arguably ever, but definitely not right now. 
 
- Loving the completely unfounded speculation that it must be - EurasiaRussia or- EastasiaChina in this thread.- Y’all are so deep in propaganda you don’t even know it. - https://en.m.wikipedia.org/wiki/Political_geography_of_Nineteen_Eighty-Four - https://www.bbc.com/news/articles/c2kgndwwd7lo - https://www.bbc.com/news/articles/ce8vedz4yk7o - https://www.ncsc.gov.uk/news/uk-condemns-chinese-cyber-attacks-against-businesses-governments - https://thesoufancenter.org/intelbrief-2025-january-10/ - https://cybermagazine.com/articles/chinas-cyber-espionage-surges-150-says-crowdstrike - Yeah. Definitely propaganda. - You poor thing. - Also: - https://www.bbc.com/news/world-us-canada-68659095 - https://www.semafor.com/article/07/23/2025/chinese-state-hackers-breach-us-nuclear-agency - https://www.ted.com/talks/laura_galante_how_and_why_russia_hacked_the_us_election - https://cyber-peace.org/wp-content/uploads/2018/11/rpt-apt28.pdf - https://services.google.com/fh/files/misc/rpt-redline-drawn-china-espionage-en.pdf - https://en.wikipedia.org/wiki/Cyberwarfare_and_China - I guess it’s all just propaganda, huh. We’re just a bunch of gullible buffoons. 
- Oh honey, don’t you see the irony of posting the BBC and the government’s cyber security centre to refute claims of propaganda? - Do you believe the most technologically advanced country in the world, with the power of silicon valley, an unlimited budget for the military and CIA, currently being run by an outright fascist, is innocent? - https://en.wikipedia.org/wiki/Operation_Olympic_Games - “We have stated our position many times regarding such groundless accusations that lack evidence,” ministry spokesperson Mao Ning was quoted as saying by the AFP news agency. - A spokesperson for the Chinese embassy in the US, Liu Pengyu, denied the department’s allegations. “We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber-incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he said, according to a BBC report. - “The US needs to stop using cybersecurity to smear and slander China and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.” - It’s always China, Russia, North Korea, and Iran that is jumped to because that is the main adversaries of the west. Never India, or Brazil, or Israel, or Saudi Arabia, all capable countries. With not a shred of evidence it’s always China, Russia, North Korea, and Iran that are speculated. - No speculation that perhaps Mexico and Canada, two countries currently having beef with the US could be to blame. No speculation that it’s a false flag by the US federal government. No, straight to China. - When the Spanish power grid went down straight away the speculation was to Russian or Chinese hacking, investigations aren’t finished yet but it appears to have been nothing of the sort, but instead frequency oscillations in the power lines. - https://en.wikipedia.org/wiki/2025_Iberian_Peninsula_blackout#Misinformation - It could very well be China etc but straight away with no evidence there’s comments like “What are the chances this took place during working hours in China?”. - At best it’s bigoted, at worst it’s U.S. sponsored Lemmy propaganda. 
- Yes. There are quite a few completely unfounded pieces stating it is Russia or China or North Korea behind thing X with no proofs whatsoever. - These do not go to prove your point. - Now, there were some proven cases, but attributing every attack to one of these now without judge and jury is nothing but blatant and bold propaganda. - Did you get lost on the way to Lemmy.ml? - 1.5 billion in crypto isn’t something you can spend without attracting attention, of course it was them. - People got so deep into their allegiance games that they cannot comprehend anyone standing for the truth. - Fuck .ml China fappers, and fuck .world Russia-guilty-of-everything fans. You’re equally terrible in enabling atrocities. - As I said, some cases are confirmed, some are wild speculations. And latter are commonly used in future arguments as confirmations, despite them being mere speculated assumptions. - You can have a barrage of “something-bad” confirmations like these out of thin air, and this is a common propaganda tactic. 
 
 
 
- Would you like to name other likely suspects? It’s not standard criminals, there have been no ransom demands. And they’re unlikely to piss off the govt to this extent. Which leaves state actors. Gee, wonder who it might be. - Literally anyone until proven guilty? - So we can’t guess who’s responsible? Not even the most prominent ones? - Nope, guess not. Trump’s Lemmy account is here to gaslight us. 
 
- Nobody’s passing sentence, it’s just speculation about guilty parties. Last I checked that was legal and in fact common discussion. 
- Checks out, it was probably New Zealand. - Fucking dumbarse. 
 
 
- How long does it take you to put on your clown make up every morning? Attack was made possible with info stolen by doge, which was handed over to Russia, at that point they probably worked with North Korea for the operation - How long does it take you to put on your clown make up every morning? Attack was made possible with info stolen by doge, which was handed over to Russia, at that point they probably worked with North Korea for the operation - DrFistington@lemmy.world
 - Saving this for posterity. Hahahaha. And I’m the supposed clown! - Fucking hell. - Can I see your evidence or do you just telepathically know these things? 
 
- We’re at war with East Asia. We’ve always been at war with East Asia. George Orwell, 1984. 
 










