28 votes

One-fifth of US beef capacity wiped out by JBS cyberattack

17 comments

  1. [15]
    Comment deleted by author
    Link
    1. [7]
      arghdos
      Link Parent
      This one has already happened: https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2021/03/10/florida-hack-exposes-danger-to-water-systems
      11 votes
      1. [7]
        Comment deleted by author
        Link Parent
        1. [6]
          teaearlgraycold
          Link Parent
          Why isn't that system air-gapped?!

          Why isn't that system air-gapped?!

          11 votes
          1. [2]
            Gaywallet
            Link Parent
            If I had to venture a guess, the design of the system was contracted out. This means that the lowest bidder typically wins, and it becomes a race to the bottom. As a third party contractor, how...

            If I had to venture a guess, the design of the system was contracted out. This means that the lowest bidder typically wins, and it becomes a race to the bottom. As a third party contractor, how can I design a system that is as cheap as possible? Well I start by throwing security out the window and by contracting out to a eastern European or Asian company for the actual coding.

            In the off-chance that it wasn't contracted out, this is what happens when your funding is minimal. We've been de-funding infrastructure for ages (see: all of our crumbling bridges) and if you're going to need to justify every job at a water facility, it's hard to justify more IT professionals when you're arguing for a slice of the same pie that's going to people physically maintaining the facilities. Both are necessary, it's just that if you're lucky one isn't needed.

            17 votes
            1. nukeman
              Link Parent
              One other explanation I’ve seen on the IT subreddits: the contractor builds a secure system, but the users demand remote access, and either the contractor acquiesces or the users put it in themselves.

              One other explanation I’ve seen on the IT subreddits: the contractor builds a secure system, but the users demand remote access, and either the contractor acquiesces or the users put it in themselves.

              17 votes
          2. ImmobileVoyager
            Link Parent
            Because we've just spent the last 25 years arduously networking all the things ?

            Because we've just spent the last 25 years arduously networking all the things ?

            6 votes
          3. [2]
            joplin
            Link Parent
            Maybe a better question is why isn't there a redundant system for when a non-air-gapped system inevitably fails? Even if the system goes down, if you can just switch over to another and keep...

            Maybe a better question is why isn't there a redundant system for when a non-air-gapped system inevitably fails? Even if the system goes down, if you can just switch over to another and keep going, you minimize down time while you analyze what went wrong with the first system. But you have to be careful about how data gets into each system because you don't want to replicate corrupt or malicious data, for example. And redundancy is expensive so it's often not considered.

            2 votes
            1. teaearlgraycold
              Link Parent
              Yeah that seems harder to pull off than just an air-gapped main system.

              Yeah that seems harder to pull off than just an air-gapped main system.

              2 votes
    2. [5]
      Comment deleted by author
      Link Parent
      1. [4]
        teaearlgraycold
        Link Parent
        I'm surprised we haven't seen more of this with the oil industry. It seems highly automated. You have a lot of oil all in one place. It's an easy target ideologically. And once you have hundreds...

        Imagine if this was done as an act of eco-terrorism.

        I'm surprised we haven't seen more of this with the oil industry. It seems highly automated. You have a lot of oil all in one place. It's an easy target ideologically. And once you have hundreds of millions dead from the tropical zones of Earth becoming uninhabitable there will be plenty of motivation.

        6 votes
        1. [3]
          ImmobileVoyager
          Link Parent
          I'd guess that very few software engineers are also eco-warriors. I wonder how many fellow engineers have a soul at all. The above comment inspires me to try and develop a bit further. Let's start...

          I'd guess that very few software engineers are also eco-warriors. I wonder how many fellow engineers have a soul at all.

          The above comment inspires me to try and develop a bit further. Let's start with the assumption that petroleum is an easy ideological target. Is it really ? Save for a few bushmen, each and every one of us eight billion bipeds benefit from the cheap, densely packed and handy energy contained in petroleum products. If you own it, it was brought to you by some petroleum-propelled vehicles. This, incidently, is one of the many reasons why we haven't yet managed to mitigate climate change despite more than three decades of being aware of it. Petroleum isn't a matter of ideology. It is a matter of geology and a matter of how, we feeble clawless toothless hairless primates are empowered by fossil fuels.

          Before this century is over, hundred of millions, or perhaps billions of human beings will have died an untimely and violent death because of climate change. Will those deaths happen first in tropical zones ? I don't know. Sea level will rise uniformly around the world, and coastal zones will be impacted first, including ports, leading to severe disruptions of maritime trade.

          Hopefully though, by the time we get there, fossil fuels will have been successfully phased out.

          Now, those ransomwares are apparently available for hire, so an eco-terrorist action maybe isn't completely out of scope ?

          6 votes
          1. [2]
            spctrvl
            Link Parent
            The deaths in tropical zones thing is likely referencing an increase in wet bulb temperature, a measurement of the effectiveness of evaporative cooling. Past wet bulb 95F/35C, equivalent to those...

            The deaths in tropical zones thing is likely referencing an increase in wet bulb temperature, a measurement of the effectiveness of evaporative cooling. Past wet bulb 95F/35C, equivalent to those temperatures at 100% humidity, or higher temperatures at lower humidity, the human body has no way of removing heat, and people just straight up die without active cooling. Those temperatures don't really happen on Earth yet, but we come close, and climate change of only a degree or two could push many densely populated tropical regions over the edge.

            5 votes
    3. skybrian
      Link Parent
      It’s not just expert warnings, but fairly common real-world attacks. I’ve shared a fair number of news articles about them. The scale seems to get bigger every year.

      It’s not just expert warnings, but fairly common real-world attacks. I’ve shared a fair number of news articles about them. The scale seems to get bigger every year.

      4 votes
    4. ImmobileVoyager
      Link Parent
      In the mid 1980s, junior high-schooler me wrote an essay about some supermarket chain being closed down because of some computer glitch. I don't remember exactly where I took my inspiration from,...

      Experts have been warning of this for at least a decade

      In the mid 1980s, junior high-schooler me wrote an essay about some supermarket chain being closed down because of some computer glitch. I don't remember exactly where I took my inspiration from, but the idea was definitely in the air.

      So, much longer than a decade, and definitely not only experts.

      2 votes
    5. Octofox
      Link Parent
      It’s all calculated risks. Yes we have always known this will be a risk like how we know that international air travel is really bad for the environment but we do it anyway. There is some hope....

      It’s all calculated risks. Yes we have always known this will be a risk like how we know that international air travel is really bad for the environment but we do it anyway.

      There is some hope. Computing now is way way more secure than it has ever been. It’s just the value stored on these systems and the amount connected to the internet has also sharply grown.

      Modern programming languages like Rust and automatic updates will bring us a long way towards safer computing by default. With automated containerised deployments and immutable OSs, you can realistically have a setup that updates itself safely without incurring any downtime. For now these kinds of setups are used only by tech companies but soon this will filter down to the average IT team.

      1 vote
  2. [2]
    ras
    Link
    My mind immediately goes back to my days in retail when we'd drill on what to do if the credit processing system or the power went out. Out came the old credit card slides and carbon paper. I know...

    My mind immediately goes back to my days in retail when we'd drill on what to do if the credit processing system or the power went out. Out came the old credit card slides and carbon paper. I know it's probably not feasible on the scale of these systems, but it does seem like a back-up plan should be in place for crises like this.

    6 votes
    1. Octofox
      Link Parent
      Credit card slides wouldn't even work now with so many people using phone payments. I think the current plan is to just accept that on a rare occasion the system will go down and you just have to...

      Credit card slides wouldn't even work now with so many people using phone payments. I think the current plan is to just accept that on a rare occasion the system will go down and you just have to stop. The losses in profits are likely less than that from counting cash and accepting counterfeit notes.

      5 votes
  3. skybrian
    Link
    From the article:

    From the article:

    JBS’s five biggest beef plants in the U.S. -- which altogether handle 22,500 cattle a day -- halted processing following a weekend attack on the Brazilian company’s computer networks, according to JBS posts on Facebook, labor unions and employees. Those outages wiped out nearly a fifth of America’s production. Slaughter operations across Australia were also down, according to a trade group, and one of Canada’s largest beef plants was idled.

    5 votes