undefined | Better HN

0 pointsredprince6y ago0 comments

> In a targeted attack, it's likely the foreign agency would be using a 0-day attack.

A targeted attack is also expensive and the victim would need to have something worth this kind of money and attention. "Nation state actor" just isn't a reasonable risk assumption for a great many organizations.

> The only way to protect against that is by reducing the OS monoculture, offline backups, and using network air gaps on critical data.

When the "nation state actor" comes looking for you with some motivation, all that and the air gap won't mean much. See Stuxnet.

Like J. Mickens said: "Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good pass-word and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT."

https://www.usenix.org/system/files/1401_08-12_mickens.pdf

0 comments

MrMorden6y ago

Nation-state actors can be deterred by nation states. If Vova believes that CNAing someone in the US will cause the US to bankrupt him and/or the people whose support he requires to stay in power, he'll make damn sure this doesn't happen. As long as the US does not demonstrate this capability and willingness to use it, he'll continue to misbehave.

j / k navigate · click thread line to collapse