This is a text automatically translated from Italian. If you appreciate our work and if you like reading it in your language, consider a donation to allow us to continue doing it and improving it.
The articles of Cassandra Crossing I'm under license CC BY-SA 4.0 | Cassandra Crossing is a column created by Marco Calamari with the "nom de plume" of Cassandra, born in 2005.
About the Damn Hackers from last week...
This article was written on February 6, 2023 from Cassandra
Cassandra Crossing 531/ Cybersecurity, Generals and Infantrymen
In the world of cybersecurity, everyone knows what's going on. They suck! What could be done to change them?
Also this weekend the “Damn Hackers” have conquered the prime time news, moved the Prime Minister and even caused sleepless nights for the members of the National Cybersecurity Agency (with a “y”, and thanks to DataKnightmare for the catchphrase!).
Cassandra, on the other hand, was completely unaware. She spent Saturday and Sunday morning disconnected and without a TV. And when, in the evening, the first big headline appeared on the news at 8.30pm, those around him rightly asked him, "What's happening?"
Legitimate question, because the reading of 10 minutes of news, press releases and declarations, even from the Prime Minister, if subjected to the Asimovian analysis technique (see "The Foundation cycle"), revealed themselves to be empty of any content or information.
Since the aforementioned person has the highest authority over the undersigned, he did a quick Google around, and discovered that a specialized malware had affected a particular type of server (VMWare ESXi) which, when exposed on the internet and missing patches for two years, had a vulnerability, which specialized ransomware had begun to exploit. Note that the manufacturer had identified it and immediately corrected it for, in fact, two years ago.
He also discovered that the phenomenon had already started 24 hours earlier in France, where the equivalent of the ACN In France, the local CERT and the ANSSI — Agence Nationale de la Sécurité des Systèmes d'Information (also over there with the “y”, but using words from the French vocabulary) — had issued an ordinary statement without excessive alarmism, which reported the phenomenon and the necessary countermeasures.
Yes, because it was enough to insert a patch and nothing would have happened.
Now even Cassandra knows that patching an ESXi server is not trivial, because you would have to have two in load balancing, move all the load to one, turn off the second and patch it, and then repeat the operation with the roles reversed, with probable disruption to customers and sleepless nights for system engineers. Having redundant systems costs a fortune, but it's useful.
Or you had to have bought the specific VMWare software module for applying hot patches, which seems to cost quite a bit, but again, it is evidently useful.
And in any case, it would have been necessary to have sufficient technical personnel to keep the situation under control (in Italian it is simply called "manage servers”), and none of this would have ever happened. And, for that matter, neither are most cyber incidents of the past.
Now, the fact that these are specialized servers for managing virtual machines can explain why not even the very few journalists with any knowledge of IT understood anything. And this had the consequence that unruly computer security professors from correspondence universities were put in front of a camera and raped for a long time until they said that yes, it could have been Russian hackers.
Please, immediately give a "damn hacker" to these poor journalists, who insistently ask you; they need it so much so they don't have to understand the facts and can talk about something else, not important news!
The fact that it was Sunday can explain why the media and politics exaggerated a significant but not extraordinary or blocking problem. The Lazio Region and ACEA, for example, were brought down with much less fanfare and tearing of clothes, yet it was a problem with consequences at a national level and for the entire population, which lasted for weeks.
After this long introduction, Cassandra can explain and prophesy.
If we want to keep the media happy and talk about the "War Against Russian Hackers", the cause of everything is a war being fought with an army made up only of Generals and a few Officers. Where there are more air force generals than planes, army generals than tanks. Where the soldiers, not those of the special forces but the humble infantrymen in the trenches, are very few or none, like soldier Nemecsek in "The boys of Paal street”.
Even the ACN recruitment notices with a "y" are formulated in such a way that without a "cover letter" from an "authoritative" person it is not even possible to submit an application, just as it is not possible if you have great experience but it took too much time and years to accumulate it.
Cassandra, but also at least a hundred other people from the Italian "scene", could indicate to anyone and without effort at least twenty names of people to be included in both graduate and enlisted roles (no generals, for goodness sake). Provided obviously that he was offered adequate positions and salaries (yes, it is also necessary to think about vile pecunia)
Would the state want them? Apparently not, they are not officials, the state is used to hiring only officials or pseudo "technicians" who can't wait to become one.
Would companies want them? Never mind, computer security and well-made information systems are just costs to be cut, especially as there are insurance policies to cover damages.
There is no political solution. There is no technical solution.
A legislative solution could work.
A GSPR along the lines of the GDPR or 626. A law that places a priori responsibility for the consequences of any unimplemented IT security problem at the expense (even criminal, if there is fraud) of the top management of state bodies and companies private, and which could cost them 4% of the global annual gross turnover.
Otherwise the painful status quo of Italian cybersecurity, which everyone knows except journalists and politicians, and which is widespread not only at an Italian but global level, is destined to last forever.
In any case, the consequences, in terms of inefficiencies, damages and costs of the consequences of the damages, will always be paid by the usual ones.
Marco Calamari
Video column “A chat with Cassandra”
Cassandra's Slog (Static Blog).
Cassandra's archive: school, training and thought
Join communities
If you have found errors in the article you can report them by clicking here, Thank you!