Comment on St. Paul, MN, was hacked so badly that the National Guard has been deployed
sp3ctr4l@lemmy.dbzer0.com 2 weeks agoSure. But VPNs were around long before the consumer-oriented VPNs were a thing.
No argument there, you’re right.
Or they just had one person handling their IT and needed help, and didn’t want to pay an outside contractor.
Nah, read the links I provided.
It went from the normal IT department, to the city level Emergency Response Team, to the Nat Guard and FBI.
Cities, larger ones anyway … often have their own sort of mini-FEMA, who have their own capacities to order around other local agencies, but also have a whole bunch of protocols for… when something exceeds the capacity of everything they can more or less order around.
I’m honestly surprised the National Guard was called at all. If If anything, that shows how backwards Minnesota is, or at least the mayor of St. Paul.
I am not in particular familiar with St.Paul specifically… but …
-
It could overall make sense given the capacities of the city (the Twin Cities, St. Paul + Minneapolis), and them knowing their own constraints.
-
It could also make sense if they rather rapidly at least suspected a very sophisticated, foreign threat actor.
That second half is kinda most of my argument:
Why would you start up the Military chain of escalation unless you either suspected a potential foreign nation state actor, and/or, critical infrastructure systems were breached, so critical that they’d been previously deemed an actual national security risk, should that happen?
I am not certain of what happened, nor certain of the validity of this logic… but this is my logic, from the original comment.
Sure, they could have just panicked. I don’t know that they did or did not.
But I have worked with people who’ve been employed by, led things like FEMA and City level emergency response teams, their specialities being the cybersec/netsec variety, and… this seems like actually following a previously outlined set of steps to me.
I’d expect that if my state government got hacked, they’d call in a local cyber security firm to come audit things, and we have plenty of them here (I’m in Utah, so not even a big state).
Ahahah, two things here:
-
Basically, see what I just wrote above.
-
Really? Utah, prime recruiting ground for the CIA, Utah, with the largest NSA data center complex in the country, possibly the world, that is archiving essentially all US internal communications they can so they can search through them later if need be, Utah, with more and more corporate datacenters all the time… you don’t class Utah as a big state, in terms of the tech sector?
Perhaps I am misunderstanding you, but I just find that silly.
sugar_in_your_tea@sh.itjust.works 2 weeks ago
In terms of military, we have:
That’s it. We have ~3.5M people (~1/100 of US population), and only ~3 metros that matter (SLC, Utah County, St. George). Minnesota has ~5.7M people, so it’s almost twice as big, and the Twin Cities cities area (includes St. Paul) is bigger than the entire population of Utah.
So while Utah punches above its weight in tech, St. Paul area absolutely dwarfs it in population. Surely they have a robust cybersecurity industry there…
The National Guard just seems like a desperate move. When they’re deployed, they take orders from the the federal military, and at peace, monitoring foreign threats seems like a federal thing. You call in the National Guard to put down a riot or something where you just need bodies, not for anything niche. The only way that makes sense is if they think there will be an invasion (angsty/Canadians?) and they need boots on the ground for physical protection. Otherwise, just call a local cybersecurity firm to trace the attack and assess damage.
sp3ctr4l@lemmy.dbzer0.com 2 weeks ago
…optimizely.com/…/fa9be256b74111efa0ca8e42e80f1a8…
Utah, #1 projected tech sector growth in the next decade, of all 50 states.
Utah, #8 for tech sector % of entire state economy, of all 50 states.
Minnesota?
Doesn’t crack top 10 for any metrics.
Utah may not be the biggest or techiest state, but it is way more so than Minnesota.
Again, this is my argument, but you are only seeing desperation as due to incompetence, not due to… actual severity.
Not actually true unless the Nat Guard has been given a direct command by the Pentagon.
… which is why the FBI were called in, in addition to the Nat Guard being able to report up the military CoC.
I mean, you yourself have explained that the Nat Guard does have a CyberSec ability, and I’ve explained they also have the ability to potentially summon even greater CyberSec ability.
I guess you would be surprised how involved the military is / can be in defending against national security threatening, critical infrastructure comprimising kinds of domestic threats.
Remember Stuxnet?
Yeah other people can do that to us now, we kinda uncorked the genie bottle on that one.
It is not everyone’s instinct or best practice to immediately hire a contracted firm to do things that government agencies can, and have a responsibility to do.
If this was like, Amazon being comprimised, yeah I can see that being a more likely avenue, though if it was serious, they’d probably call in some or multiple forms of ‘the Feds’ as well.
But this was a breach/compromise of a municipal network… thats a government thing. Not a private sector thing.