Beijing tells Chinese firms to stop using US and Israeli cybersecurity software - https://news.ycombinator.com/item?id=46618949 - January 2026
I know 2 companies in that list that have done that very thing because otherwise it would have put their FedRAMP and CMMC pipelines at risk.
I initially was in the Huawei client engagement where they wanted copies of all of our source code. We said “no, nobody gets that”. They just keep asking over and over.
Seems like a situation where getting the interests to align is just very difficult.
I understand it's a good way to make money but it comes with some tail risk.
That said, most companies decide not to operate in the Chinese market - the TAM is too small for the headaches that it entails (losing Gov and NATO+ defense procurement opportunities).
and Venezuela govt is not corrupt?
So saying "every government is bad" is simply a bad faith argument and you should shamefully sink towards the planet core for using it. Andorra is not as bad as russia or iran.
Just yesterday there was a video where russian soldiers tie an anti tank mine around the torso of a black African mercenary soldier from Mali before forcing him on a suicide meat assault towards Ukrainian positions. Some countries are evil on another level.
"So rape isn't?!"
Come on.
Actually, poor countries can leverage cyber to pose a much bigger threat than they could traditionally.
Or in other words: Cyber can be used for asymmetric warfare. In relative terms, poor countries cause a lot more damage than rich ones.
> The power failures caused sporadic outbursts of looting and unrest, bringing the government close to collapse.
IIRC both Texas and California had widespread power outages in the last few years. I am not convinced that US power grid is much better defended than the one in the EU.
Didn't russia claim to have the full Epstein files, so how did they get them if not by hacking US government?
Attribution of cyber attacks is extremely difficult, and US seems to notoriously under invest into infrastructure. Unlike other countries, most of the power grid is above ground. How can you be so sure that it is safe?
I didn't say it was safe by virtue of defensive capabilities, but it's safe by virtue of the US will very likely come bomb you or use its own cyber capabilities if you do something to the US. This is in contrast to the EU which was the comparison point, which is unable and unwilling to do much against cyber attacks.
If the damage is done, of course the US can massively retaliate. But ideally no damage is done :)
I feel the answer to this is that most of what we call NSA offensive capabilities are not "real" offensive capabilities in terms of vulnerabilities and exploits, but simple backdoors in US equipment and US tech companies.
And I think they got really complacent because analyzing Facebook, Google and Apple data combined with credit card payments, phone call and browser history is doing the job just fine in 90% of the cases.
Due to large size of US traditional military, they have advanced capabilities in terms of physical network tapping that many other countries don't possess. Maybe they have super binoculars to spy on people typing in their passwords through the window from space. But in the end it is again white-collar "analysts" going through the data instead of clever people actually finding novel vulnerabilities in software, which is also the skill that is rewarded in bug bounties such as HackerOne.
Why invest into learning how to reverse engineer a cisco router if you can just call your buddy at Cisco and tell them to commit a new backdoor to the code.
By not using these skills they atrophy and once you hit a "real" adversary who is not on Windows and permanently uploading their data to Facebook and iCloud while using a credit card with apple pay, they might struggle very much.
I recall things like omg cable being a revolution in red team pentesting. Of course they had prototypes before, but I don't think it was widely utilized. Because why invest into such fancy hardware gimmicks if you can get the data directly from a US tech company who is forced to provide access for you anyways. It's much cheaper and more reliable.
Edit: I just noticed that due to this significant reliance on backdoors in US equipment they also hurt the defensive posture much more. It's difficult to have different versions of firmware floating around and to ensure they are deployed for your own companies. It's much easier to add backdoors to companies from your own country than to add backdoors to foreign equipment. This is totally in line with what we observe with endless CVEs and backdoors in US networking equipment.
Swap the US/China here and you can see for yourself why you're making a poor argument.
But if one of those countries shut down the US power grid we absolutely would respond and you're naive to think that the US would not respond out of some "fear" about only fighting very asymmetric wars.
Amongst some there seems to be this idea that because the US has taken military action in other countries over the years, more recent being more important, and because those countries "couldn't fight back" that the US is unable or unwilling to take further action against other nation states that theoretically could fight back (India could not, for example as a weak military power with nuclear weapons), but instead I'd caution you look at those action with respect to the ability of other countries to take action.
In other words, it feels good to throw in zingers like the US only beats up on weaker countries or something which, let's be frank would be every country or bloc except China, but you're missing the fact that those countries are not even able to project power to or willingness or ability to attack other countries.
Yea that's obviously dumb, but the difference is you hear about America's problems, but not the problems in other countries. Russia has its oil facilities regularly bombed. China has institutionalized corruption down to the local level. It's not all peaches and rainbows in every country on earth.
> It'd be great progress to actually detect what caused it in a timely manner and then do a proper cyber attribution.
Who says we aren't?
> Generally I think you are using a lot of big words to compensate for the fact that the US ignored the Minsk agreement.
Can you elaborate? What's the broader point you want to get at here?
> The russian government has been publicly joking about Trump, broadcasting nude pictures of the first lady and boasting about possessing the Epstein tapes. Before that was the hack of Hillary's mail server and fake news campaigns. No kinetic repercussions, even red carpet for putin's visit in Alaska.
Yes, totally. The United States should have bombed Russia for publicly joking about Donald Trump. Give me a break. Why even post stuff like this?
> Apart from all this a modern drone war would be a big problem for the US, and countries like Ukraine, russia and china are much better prepared for such a scenario.
Who do you think is operating in Ukraine and advising the Ukrainians and learning from their drone warfare techniques and capabilities? Do you really not know how this stuff works? Are you not aware that the United States is actively testing weapons in Ukraine to prepare for drone warfare? Is that why you're saying stuff like the US should have a kinetic response against Russia for posting pictures and joking about Donald Trump?
Heh ok. I guess so. The US was a "bitch" about weapons deliveries (quick hide the numbers) therefore every single country is incentivized to pursue nuclear capabilities. Great argument you have there.
> They started with the public humiliation after they felt empowered because there was no credible US response to all the previous hacks that you glossed over in your response.
Name the hacks that were glossed over and what you feel is the appropriate response.
> Yes, the US stopped credit card payments and destroyed some payment terminals. I imagine they weaponized the apple and android devices, maybe this still continues. For a couple of days, we had those impressive russian rockets which turned around and destroyed their launcher. And of course the geofenced US weapon systems. But was US able to shut down any vital russian systems except starlink and McDonald's?
Sanctions seem to do the trick. But you probably aren't reading about and paying attention to the state of the Russian economy, or what equipment they're sending their soldiers to war in Ukraine with. Well, when they're not supplied by China that is.
How many Russian energy and oil facilities have been targeted by Ukrainian drone and missile strikes, and who do you think helped with the targeting?
> Old lavrov still walks around openly with his apple watch just to farm payloads.
Sure, why isn't the EU arresting him then? Why don't they launch operation Lavrov and go capture him? There's got to be a reason right? What reason do you think that is? It can't have anything to do with the US though, you can only explain why the EU isn't doing it.
> There are observers from many countries on the ground in Ukraine, and US might even be testing some weapons.
Yes, there are, but the relevant ones are from the United States and the United Kingdom. There's no "might" about the US testing new weapons, it's just a simple fact. And they're testing those weapons, both offensive and defensive, against drone warfare. Ukraine shares intelligence with the US.
> However US efforts are overshadowed by better performance of European weapons systems, both old and new.
What specific US efforts are overshadowed by better performance of European weapon systems?
> Meanwhile the US artificially limits supply for US systems, so they get destroyed because they need to preserve ammo.
Which ones?
> There is a lot of empty posturing and the results are really not speaking for the US.
Well we took down Iran and Venezuela, both Russian allies. Cuba is not looking good either. We're seizing Russian shadow fleet tankers (we've seized more in a month than the EU has since the start of the war), we've upheld sanctions and increased sanctions while Putin and his henchmen's kids galavant around Europe and the US continues to provide intelligence sharing to help Ukraine with targeting, advice, materials and equipment, and more.
The EU of course has helped too, but unlike you I'm not downplaying one party's involvement and participation and instead defending one party, as I would defend the EU if someone claimed they weren't doing anything either.
If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.
So unless someone from German intelligence goes on the record I'd be very reluctant to believe any of these anti-Ukraine claims leaked to the press.
There's an interesting book called "BND: Bedingt Dienstbereit" which talks about German intelligence headquarters in Munich. The eastern German spies from the Stasi had their offices right across the street and they used that location to train new spies.
At some point BND learned that the Stasi was actively monitoring their offices, but they could never figure out where the Stasi was located in Munich. The BND always suspected a Turkish national who rant he vegetable shop at the ground floor of their building to be a foreign spy, but never noticed the Stasi offices used for training purposes right across the street.
So while I'm confident German intelligence has improved from those days it shows that the variance in skill level is quite high.
If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it.
1. You don't actually know what actions the US has taken.
2. The only country outside of one using nuclear bombs that could theoretically "hit back" is China.
3. Flying some balloons across the US doesn't necessarily necessitate some sort of massive response. There's levels.
> Yes, you're missing that if you mess with the power grid the US will go and kinetically strike back (read: bomb your country) or attack you with its own cyber warfare capabilities, unlike the EU.
Bare minimum it gives chinese tech suppliers a great pitch to convince buyers to choose their products over US suppliers. Even if theirs are also full of backdoors, at least they have no history of taking advantage of them to kidnap heads of state far away.
Ha. Someone else wrote:
> USA is only willing to fight very asymmetrical wars.
I say:
> China is only willing to kidnap defenseless people
"why doesn't the US go after these hackers and designate targeting civilian infrastructure as a crime?"
To which the response was essentially "The US would like to reserve those types of cyber attacks for their own uses"
These quotes are very loose, I read it last year, but essentially, the US didn't make a stink about older grid attacks in order to save face when the US does it.
Additionally, much of VZ's difficulty was due to the massive sanctions against the nation. Sanctions are effectively attacks on a nation's citizens to pressure the government. Disabling power infrastructure is absolutely in-line with the motives of sanctions and embargos.
I feel like Mother Goose had a cautionary tale about killing your golden goose that perhaps Venezuela’s leadership ought to read up on.
In this case, it fits squarely in with American foreign policy, especially their orientation towards Venezuelan chavismo.
I understand the US's foreign policy is a global threat, but let's not let that be an excuse for the atrocities and corruption of tyrants in Venezuela and other places.
https://en.wikipedia.org/wiki/Energy_crisis_in_Venezuela
The Derwick one seems pretty light too, at least the article here just mentions an accusation from a journalist. And even then, if we are using corruption/overbilling with regard to a government contractor as an "atrocity" now.. That's going to have wider repercussions than here.
And ok, Venezuela took bribes from another government contractor, along with many other countries. I wouldn't call that an atrocity, but if that's what it is I guess I will give you the benefit of the doubt about it.
I give you benefit of the doubt about everything really! I just don't know if you have packaged your case here well is all.
As for the attrocities I meant the Maduro (and current) government in general. There are currently over 1000 political prisoners in the country, a mix of protesters, politicians, reporters, etc. A lot of them have been tortured and many have died in custody. Most of the sources from NGO are in Spanish but the Wikipedia is a good start, specially the section about the Maduro government [1]
If you check the news right now you'll see that only in the past month about 50 have been released. There's a huge effort in the country right now to get the hundreds of others out.
Ultimately, what I want to say is that while we can express disdain for the US government we can do the same for the Venezuelan one, even if they claim to be against each other. Maduro and his gang are not the victims here, they've oppressed the Venezuelan people for 27 years, let's not give them an easy out
Perhaps there's more at play here than pretending like Maduro is a uniquely bad guy but also so hilariously incompetent his corruption scheme blacked out the country.
Let's be clear here, there are many evil states in this world. But Maduro isn't exactly Mohammed bin Salman or Donald Rumsfeld.
Just showed you an article describing all the human right abuses, tortures and forced disappearances done under the Maduro regime and this is your take away? I can only assume you're not arguing in good faith.
Check the news right now, about the prisoner releases happening as we speak and the hundreds still to go. One died only last week in captivity. Guess we can tell their families at least Maduro is not bin Salaman. Such cruelty, man
[1] https://en.wikipedia.org/wiki/Energy_crisis_in_Venezuela
> New construction on thermoelectric power plants and other hydroelectric plants has been stalled for years, and localised power cuts are a daily occurrence around Venezuela.
> There have also been problems with the supply from the Guri dam in the past.
> In 2010, Maduro’s predecessor, Hugo Chávez, declared an “electricity emergency” after a drought caused by the El Niño weather phenomenon left waters at the dam dangerously low.
> Six years later, Venezuela’s worst drought in four decades again affected the Guri dam, which then provided about 70% of the country’s electricity.
> In May last year, a union leader representing workers in the state power corporation, was arrested by Venezuela’s intelligence service, Sebin, after warning that poor maintenance and systemic problems meant that a blackout was likely to happen.
I will use an extract from the Spanish Wikipedia article[2] about the 2019 blackouts because it summarizes the situation pretty well:
> On March 9, Ángel Javier Sequea, head of office and operations in Guyana, was found dead after being detained by SEBIN.[3] Ángel Javier left a recorded audio message about the lack of maintenance on high-voltage power lines. He worked for 13 years in the powerhouse next to the turbines at the Caruachi Plant.
> Between the night of March 11 and the early morning of March 12, 2019, SEBIN agents arrested and raided the Caracas home of journalist Luis Carlos Díaz, who was then transferred to the Helicoide.[4] Díaz was accused of inciting the blackout.[5] On the night of March 12, 2019, he was released after a hearing in the Caracas courts, in which, according to the organization Espacio Público, he was charged with the crime of “incitement to commit a crime” and was required to appear in court every eight days and prohibited from leaving the country, speaking to the media, and participating in public demonstrations[6]. On March 22, Francisco Alarcón Orozco, secretary of the Corpoelec union, was found hanged under strange circumstances[7]. Govany Zambrano, a Corpoelec worker, was arrested after participating in a press conference[8]. “Our infrastructure at the national level is in a state of neglect, vandalism, abandonment, and terrible conditions...” The government never accepted failure due to lack of maintenance as the main cause, as explained in 2010 by José Aguilar, an expert in electrical risk and international advisor[9].
As a Venezuelan, I can say that the national electrical system is in a terrible condition, with constant blackouts and power surges that damage household appliances and industrial equipment. Depending on the time of year, blackouts become more and more intense. It's very common to see news reports of areas that have lost power, and it can take weeks for CORPOELEC (the national electricity company) to fix the problem and depending on the location, even months.
No one here doubts that the blackouts of 2019 and all those that followed have been the government's fault due to lack of maintenance, failure to renew equipment, and failure to build new power plants.
Years ago, there were plans to install renewable energy sources such as windmills on the coast, but all the money disappeared thanks to the typical corruption around here[10].
[1] https://www.theguardian.com/world/2019/mar/13/venezuela-blac...
[2] https://es.wikipedia.org/wiki/Apagones_de_Venezuela_de_2019
[3] https://www.aporrea.org/ddhh/n339228.html
[4] https://www.europapress.es/nacional/noticia-detenido-caracas...
[5] https://elpais.com/internacional/2019/03/12/actualidad/15523...
[6] https://www.elmundo.es/internacional/2019/03/13/5c888f29fc6c...
[7] http://www.venezuelaaldia.com/2019/03/23/muere-otro-trabajad...
[8] https://web.archive.org/web/20190713213240/http://puntodecor...
[9] https://web.archive.org/web/20100816181129/http://www.el-nac...
[10] https://climatetrackerlatam.org/historias/la-paralizacion-de...
Their human intelligence is much better prepared to "convince" someone to act against their own interest if they can look at your last ten years of communication, family pictures, and web browsing history before they even meet you.
Imagine working in a foreign country where death penalty is applied to certain crimes, like blasphemy or homosexuality. They just need to find one person in the target organization who has a secret twitter account that talked badly about god and then they hit them up and tell them to plug in a certain USB stick to a certain system. Cyber operation succeeded because they have a shell.
and then the rest of the comment just explains why the user you’re replying to is correct.
Even when it comes to superiority of physical military forces, different people (with a range of different biases) have different opinions on stuff like whether a hot, all-out (but non-nuclear) war between USA and China would prove one or the other to be stronger, and while you may read that and think "I know which side is better and anyone who disagrees is just buying into delusional propaganda" at least to form that view you've had the ability to follow a lot of publicly available details on military developments over the years, learning about current and next gen fighter jets, drones, ships... etc.
But when it comes to cyber stuff, both offensive and defensive, it's generally a lot more secretive in terms of stuff that's actually been done (see for example the speculation in this thread that US power grid failures in recent years might have been caused by foreign adversaries - there's no evidence that's true, but if the US and China had both spent the last decade trying to take offline as many of the other country's power grids as possible we likely wouldn't have heard about it). Yet alone for hypothetical but saved for war capabilities. If a hot WW3 broke out tomorrow, who actually knows what hacking tools any country (from superpowers to smaller players) actually has, waiting to be used? Presumably they all spend a lot of effort trying to learn about each other's capabilities, and maybe they're successful enough that they actually do all know most of what everyone else can do - but they don't then announce that the way we hear about North Korea testing a new missile or about America developing a new fighter jet. I feel like we the general public just have no idea how advanced or not wartime capabilities might be. Am I wrong? (I may well be, as I'm in no way an expert in this field; I just believe that things like the document you linked are massively influenced by both the politics of the authors and the information available to them.)
Also: Why is India on your list? "Biggest", certainly, but in what way are they a threat?
The country has its hands full enough coping with its state of quasi-chaos and belligerent nuclear-armed neighbors without taking on the worlds leading superpower for absolutely no reason at all.
Extraordinarily wrong on the first part.
Some countries have even outsourced some of their cyberattack capability to Indian companies in the past, and not for cost reasons.
They are good enough that they have to actively hide in order that they are not killed, literally, in the cross fire their work has caused. This has been the situation for over a decade.
Consider how big the Indian software universe is and how utterly implausible it would be for them not to have any capacity. That would be the extraordinary claim.
zarflax•3w ago
deanc•3w ago
tempodox•3w ago