[HN Gopher] One-Fifth of U.S. Beef Capacity Wiped Out by JBS Cyb... ___________________________________________________________________ One-Fifth of U.S. Beef Capacity Wiped Out by JBS Cyberattack Author : davidw Score : 157 points Date : 2021-06-01 18:53 UTC (4 hours ago) (HTM) web link (www.bloomberg.com) (TXT) w3m dump (www.bloomberg.com) | r00fus wrote: | Looks like the backup servers weren't impacted? Still unclear on | what this attack consisted of. | neonate wrote: | https://archive.is/2MasR | jl6 wrote: | The technical debt collector has arrived. This is going to get | worse before it gets better. | young_unixer wrote: | How will it get better? | jl6 wrote: | Possible outcomes from most to least likely: | | * Non-tech industry belatedly starts prioritising cyber | security; security gradually gets better while costs increase | and infosec consultants enjoy a Y2K-style boom. | | * Tech-competent startups outcompete non-tech industries | through avoiding ransom costs. | | * The international internet degrades into mostly-closed | national networks with end-to-end government control and | monitoring. | | * The US government starts treating these attacks as national | security threats and goes all War on Terror, probably | triggered by a hit on critical infrastructure that costs | lives. Heinous collateral damage. | nradov wrote: | Most small and medium enterprises will eventually have to | outsource their technology infrastructure to a few huge cloud | vendors that have sufficient scale and technical expertise to | build secure systems. | Raidion wrote: | Data security will get better as the risk calculus changes. A | lot of companies are mentally doing math: | | (Probability of cyber attack per year) * (cost of ransom + | costs of downtime) = X, (Overhead of additional cybersecurity | personnel)= Y | | If X < Y, it's basically just a no brainier to just eat the | costs and pay the X million if it happens. If Y > X, they | hire security personnel and it "gets better". | | If the government makes paying the ransom less attractive | (via basically labeling it as a financial transaction with a | sanctioned entity making it illegal) OR the probability of | the cyber attack goes up (as this becomes more lucrative), | risk calculus changes, security is improved, and it "gets | better". | whatshisface wrote: | Losses due to underinvestment will motivate investment. Some | companies will invest more wisely than others. Eventually | every company will be wisely investing in security, by | copying companies that got it right or by being replaced by | them. | yosamino wrote: | So this random article [0] I googled says it's ransomware. | | Can that really be called an "attack" ? | | JBS said: not aware of any evidence that any | customer, supplier, or employee data has been | compromised | | So the "attackers" didn't steal anything. Give them the finger | then, restore from backup, get upset about losing 25 minutes of | data and keep going. | | How are ransomware "attacks" still a thing ? Why is any of the | software that controlls meat-cutting/oil pipeline hardware not | air-gapped under normal operations? How is there no plan on how | to continue operating when losing power, so that stuff still | works? | | One of these "attacks" pops up every three days and I get that if | data is exfiltrated then the problem is not the same. | | BUT | | "someone encrypted all my data" and "oh shit, my harddrive | crashed" have almost the exact same recovery plan and we have | dedicated a complete international holiday called World Backup | Day[1] over ten years ago to remind people of the principles of | how that works that were known since at least when harddrives | where invented. | | It's not an attack, it's pure _negligence_. | | It's not special IT SuperHighTechnologyKnowledge either. It's a | simple principle: Things need to exist in at | least three places in case one of them breaks and the other | explodes/tornadoes/earthquakes. | | The _slightly_ advanced corollary is: Make sure | that the thing in the three places is actually the thing that it | should be. | | ... It's not like I do not understand how organizations fail at | this that or the other and that maybe the tradeoffs here were | made correctly, but it still boggles the mind. | | [0] | https://townhall.com/tipsheet/leahbarkoukis/2021/06/01/cyber... | | [1] http://www.worldbackupday.com/en/ | viraptor wrote: | > So the "attackers" didn't steal anything. | | It's always a weird phase. A proper one would be "we have no | records of data exfiltration, so we hope it didn't happen". | Attackers had the access, otherwise the data wouldn't be | encrypted. | | > restore from backup, get upset about losing 25 minutes of | data and keep going. | | Unless you want to be owned again in 30min, you need to first | analyse how did it happen the first time and how to mitigate | it, before getting everything back online. That takes time. | | > Why is any of the software that controlls meat-cutting/oil | pipeline hardware not air-gapped | | None of those were affected. The pipeline hack took their | billing system down, not the operations. I haven't seen the | details here, but it's not like the meat saws and trucks just | stopped - more likely the stock/communication/billing system | was stopped as well. | worik wrote: | "How are ransomware "attacks" still a thing ?" | | It is cheaper to build a shoddy system out of the pre-made | parts that software companies sell. A shiny very capable system | can be built quickly, and cheaply. | | To build a robust system, segmented, properly backed up, | maintained professionally... costs a lot more. | | To have staff on your payroll who understand your systems, who | can maintain your systems and recover your systems in a | disaster means having expensive professionals on the payroll | who look like they are doing nothing. | | When your whole business goes into a paralysis because of the | costs you saved, there will be some one to blame. Some clerk in | a office that "clicked on a attachment" - it is their fault.... | | Yes, it is cheaper in the long run to build robust maintained | systems. But in the long run we are all dead, and our bonuses | will be paid before the catastrophe, and anyway it is "some | body else's fault". | handrous wrote: | I think a lot of the "cost savings" and "efficiency" of | sticking everything on computers and putting them online | would evaporate if it all had to be secured properly, even | for fairly generous values of "properly". | watertom wrote: | I remember back in the 90's that there was talk about building | out a business focused Internet. | | I'm now starting to think that it's necessary. | | I know a lot of people will just say that these companies just | need to pay attention to security, but the problem is | asymmetrical. | | Focusing on security is like being a pacifist when dealing with a | hostile bully. You get your butt kicked a lot. | aaomidi wrote: | No one is forcing you to connect to the internet really. Plenty | businesses run their own private network. | corty wrote: | Business-focused? How should that do anything about security? | Do you want to charge an entry fee that evil people cannot | afford? Or just label it "serious business only"? Have things | audited somehow? I don't think any of that would do any good. | s5300 wrote: | Presumably operating at a much lower level in general so | attack vectors are greatly reduced. | paxys wrote: | How is a "business focused Internet" different from the | internet? Why would it not have the exact same flaws? | whatshisface wrote: | The business-focused internet: | | 1. Has enterprise-grade auditing and report generation. For | what? Doesn't matter, nobody reads them. | | 2. Has an account manager for every open port. | | 3. Has IBM/Oracle style exponential cost increases for | locked-in customers. | yosamino wrote: | A "business focused internet" is a security measure. | | That sounds a lot like "do not connect one's valuable and | vulnerabe machines to the open internet" which is something | _one should aready be doing in the first place_ and one can and | should be doing it right now with the current internet we have. | goatinaboat wrote: | _remember back in the 90 's that there was talk about building | out a business focused Internet._ | | They exist. Radianz, BPIPE and several more. | jerf wrote: | Almost every concrete way to manifest "building a business | focused internet" is something that the businesses can already | do, today. They aren't doing it. | | It doesn't do any good if your secretary needs access to the | "business focused internet" and also has to get mail from the | "normal" internet. The transitive nature of networks makes | things very hard to isolate in practice. People and businesses | are going to have to accept a lot more inconvenience to isolate | things better, and that inconvenience is real money, too. | | The problem is you end up with yet another manifestation of a | common business problem; if you take the time and money to | build a secure business, that carefully isolates everything | correctly, that hires good security engineers, that accepts | higher costs of doing business, you'll be in a position to | handle a cyberpocalypse better than your competitors and you | will reap the benefits when that day comes. The problem is, | you'll never survive to see that day come because you'll have | been utterly outcompeted by your competition that cut corners | and carelessly, but effectively, integrated their systems, and | _over_ -optimized their internal systems to function more | cheaply day-by-day. You may have taken the time to build on the | rock while they threw shacks up on the sand but they end up | killing you before the storm comes. | unclebucknasty wrote: | All true, and I think the solution is even harder than that. | That is, even the best-intentioned and well-resourced | companies would face severe headwinds in trying to "build [or | rebuild] on the rock". | | A lot of these businesses have been around for decades and | are working on mountains of technical debt. They built ad-hoc | systems over the years (before security was "a thing"), | employ tenuously-functioning integrations with acquired | company systems and more. To make matters worse, much of the | technical knowledge has walked out of the door over the | years. | | In my consulting days it wasn't unusual to find that no one | in a company really understood how systems worked (or even | why). And, in some cases, they actually didn't work. I've | seen billing systems that were unpredictable and relied on | customers to call to report billing errors. Not a single | person in the company even understood how it was _supposed_ | to work. | | And, these were sizable companies. Agile has only exacerbated | these issues as more software is built more quickly and with | scant documentation. | | All of that to say that it's difficult enough for many | companies to build functioning software, let alone to secure | it. And, the number of people who _truly_ understand what it | takes to secure networks /software is tiny relative to demand | for engineers. | | Throw in OSS, zero-days, social engineering attacks, etc. and | it starts to become clear that any realistic solution | includes a regime of deterrence through aggressive responses | at the nation-state level. Sure, we should require companies | to do more to secure their networks/systems, educate on best | practices, etc. But, it's easy to issue an off-handed "they | should've been more secure" response. The reality is that | many companies simply aren't. We need to appreciate the | difficulty and the protracted timeline over which any | hardening might happen (if at all), and deploy a multi- | faceted approach that also treats the problem as the national | security issue it represents. | Animats wrote: | The first step is reliable backups. Preferably to write-once | media. And both onsite and offsite. Hard backups aren't | expensive. | | Not of everything. Just the important stuff. Maybe a snapshot | of the whole business once a month in addition to transaction | backups. | | Any business doing financial transactions should be backing | them up to something like Blu-Ray disks. Preferably the | blanks with the 1000-year lifetime. US banks are already | required to do something like that, by the FDIC. | worik wrote: | That is _much_ harder than it sounds. | | For one thing backups are no use if you do not test them. | How often are you going to bring your systems down to test | restorinig from backup? If you do not how do you know they | work? | viraptor wrote: | You don't need to restore over your existing production. | (Since it's literally a "will it work" test) You do that | on a temporary environment. | tibbydudeza wrote: | First Covid - now the great hamburger shortage of 2021. | client4 wrote: | Hot take: the US is going to use these highly publicized hacks as | impetus for implementing our own "Great Firewall"...for our | safety, of course. | Roboprog wrote: | We need to ban all assault computers with more than 8 CPUs now. | Think of the subsidiaries, er, children!!! | | Does this fall under violating the First Amendment, or the | Second? | Jtsummers wrote: | Core count seems a less-than-useful restriction on its own. | Clock rate, cache sizes, and instructions per cycle need to | be limited for this to be effective. Then bandwidth has to be | constrained to avoid people building Beowulf clusters of | RISC-V systems (which we won't be able to buy in the US | thanks to "munitions" import restrictions from overseas | producers). | | RAM and disk capacities will also have to be limited for | similar reasons. As will their speeds. | procombo wrote: | CPU enthusiasts, builders, and overclockers would get put | on a government list, then shadowbanned from social video | platforms for encouraging domestic cyber terrorism. | Trisell wrote: | I bet their executives didn't view themselves as running a tech | company. Funny how that works these days. | lettergram wrote: | The U.S. needs to make it illegal to pay ransom. Then respond | with force, arresting people, targeting however you can. | | Further, this should be a wake up call. If you're a business | harden your network and make backups. | dahart wrote: | I think all of that has happened already, it is a wakeup call, | and the US is making it illegal to pay. | https://home.treasury.gov/system/files/126/ofac_ransomware_a... | paxys wrote: | Only if they violate existing international sanctions. | ransom1538 wrote: | "The U.S. needs to make it illegal to pay ransom." | | Ugh. So you get attacked through some old wordpress install, | freak out to get your company online, pay, now you also go to | jail for paying a ransom. Not a fan of this plan. | droidist2 wrote: | Or the attackers even use the fact that you paid to blackmail | you. | DesiLurker wrote: | more appropriately, it should be required to report ransom | payments on balance sheet under separate heading. | qbasic_forever wrote: | Even with backups we've seen companies are more than willing to | pay a modest ransom, like the pipeline last month. It takes a | long time to fully restore big infrastructure from backup-- | especially if it's something like old tapes. | | But yeah, companies should stop viewing security and IT as a | cost center and start paying up for good penetration testing | every few years. | miketery wrote: | Most adversaries are in non extradition regions. | tomschlick wrote: | If those countries take away the legal system route of | extradition for attacks on critical infrastructure, then in | my mind its justifiable to go the batman style of extradition | with a special forces team. | yaw13 wrote: | Because fixing the infrastructure couldn't possibly work, | we need renditions and live fire operations. Totally. | ncphil wrote: | Fixing infrastructure won't get done because the people | in charge are too stupid, lazy and greedy to fix it. Most | of them are so wealthy they're completely insulated from | the consequences of their actions (or inaction, as the | case may be). Folks need to wake up and realize they're | living in a global public-private idiocracy. | young_unixer wrote: | Or make hacking legal so that companies start taking | appropiate measures instead of labelling themselves as | victims. | Scoundreller wrote: | I believe it is illegal. But lacking enforcement. | | There's a reason people hire these intermediary "consultants" | to pay the ransoms. | zerocrates wrote: | It's generally not illegal to pay ransom, though with | ransomware you have the issue that the recipients may be | subject to US sanctions and it could be illegal to send them | money on those grounds. | LatteLazy wrote: | Or identify certain certain specific "hacks" and setup a bounty | program. If you can gain root access by guessing the CEOs | password, he should be punished not you. | | Edit: doubly so if the company is question is part of important | infrastructure (including food supply). | nyc_pizzadev wrote: | I seriously think one solution to this problem is for the US gov | to start designating some of these gangs as something similar to | enemies of the state and start taking military action against | them. If there were serious repercussions for these actions, like | serious jail time or even something more grave... then that | changes the calculus for people running these gangs. At minimum, | this shows the gov is taking this threat seriously. | | EDIT: ok bad idea, lets take it easy on my poor account :) | zdkl wrote: | Your intent is to drop US missiles or troops on Russia-Eastern | Europe/China-SE Asia? That may have different outcomes than | what you're imagining. | nyc_pizzadev wrote: | Right, that would be war. My understanding is that the gov | has more covert methods... We hunted enemies before in other | nations with some success. | f38zf5vdt wrote: | Why not? $40 trillion dollars in weapons spending would | easily save $10 billion dollars it would cost to hire | security professionals on an annual salary to patch | software and ensure that intrusion was more difficult. | Raidion wrote: | This is exactly what they're doing now, they're just doing | it with law enforcement agencies and not military. Military | is honestly going to be worse at all of this, as they don't | have the investigative capacity. This also ducks the very | thorny political problems where Ukraine (never mind | Russia!)are NOT going to allow US military involvement in | domestic affairs, but do have agreements with Interpol that | make this possible. Nobody wants extrajudicial military | extraction squads acting on their turf. | | I'm sure the various 3 letter agencies (NSA, CIA, etc) are | already involved to a degree that's not publicly known. | patrickdavey wrote: | Are you suggesting hunting enemies in countries like | Russia/China is going to go down well? | | How would you feel if they decided to declare some enemies | on US soil and start hunting them on your patch? | | Unless your assumption is that Russia/China would agree to | the hunting of course, but that does seem unlikely. | matz1 wrote: | >Are you suggesting hunting enemies in countries like | Russia/China is going to go down well? | | Anything has risk of course, any hunting need be covert | and expertly done. | | >How would you feel if they decided to declare some | enemies on US soil and start hunting them on your patch? | | I would assume they already did that. | sorokod wrote: | Military is a pretty blunt instrument, also, the US | government is not the only government that has military and | "more covert methods". | dcolkitt wrote: | There's a continuum of responses existing between "do | nothing" and "drop missiles". For example, it'd probably be | relatively easy for special forces to assassinate key | personnel, even deep within enemy territory. | ASalazarMX wrote: | This is implicitly accepting that other countries can also | assassinate Americans living in USA if they catch them | spreading malware. | babelfish wrote: | Do you really see nothing wrong with the US military | carrying out assassinations of foreign nationals, in | foreign territory, on behalf of private companies who can't | be bothered to just invest in a decent security team? | northwest65 wrote: | The United States invaded a country under false pretenses | and killed almost 300,000 of their civilians... is using | a B2 with a laser guided bomb to blow up a team of | hackers really all that bad? | yaw11 wrote: | The vast majority of participants on this forum work in | an environment where the shelf of footguns and gotchas | and stupid legacy cruft that is modern software | development inherently makes sense. Anyone fucking that | house of cards up gets attention not because of the state | of modern software development that led them here, but | because clearly something is wrong with the external | world and that should be handled with cops or whatever | the next step after that is. It is in no way an | indictment of modern software as practiced, from | toolchain on up. | | Reminder: Memorial Day was yesterday and this thread is | discussing killing human beings in _yet another war_ | because of holes in some stupid software that SV won't | lift a finger to fix. If you offer such a suggestion to | fix the woes of vulnerable infrastructure, I'm assuming | you're volunteering to go pull the trigger, right? Or | were you expecting someone else to do that for you? | | Put down the assault keyboard and Clancy novel and get | some perspective, subthread. Sheesh. Diddling around in | the network of a company you didn't know existed until | five minutes ago is suddenly a capital offense | because...Whoppers might run out? | unclebucknasty wrote: | > _is suddenly a capital offense because...Whoppers might | run out?_ | | We know the stakes are much higher. We all know there | have been attacks on hospitals, law enforcement systems, | government agencies, infrastructure companies, etc. And, | we know that none of us have a clue where the next attack | will be. | | > _and stupid legacy cruft that is modern software | development_ | | Yes, modern software development is stupid, crufty and | all of those things. But, these are actual attacks by | actual actors, not some self-imploding poor designs. In | many cases, these attacks are state-sanctioned, if not | outright state-sponsored. So, of course they should be | treated just as we treat other attacks. And, under what | other scenario do we respond to an attack by declaring | "Oh, you got us. We should have better protected that". | | These are clear national security threats and should, | accordingly, be subject to the full range of responses as | any other threats. That includes deterrence. It doesn't | necessarily mean dropping bombs. But, it does mean more | than blaming ourselves. | | > _Diddling around in the network of a company you didn't | know existed until five minutes ago_ | | I'd wager there are many companies that the average | person has never heard of that, if knocked offline, would | result in considerable disruption, economic costs, and | even physical danger to a significant portion of the | population. | toss1 wrote: | You are absolutely right about the footguns, legacy | cruft, and the joke-not-a-joke-it's-so-stupid that is | modern web software development. That all needs to be | fixed, and here at home | | However, it is also not merely about the Whoppers running | out - this is just this morning's example. | | When even major "security" vendors can be turned into | serious NatSec attack vectors, and much more critical | infrastructure can also be attacked with ease, and they | are doing it, it becomes a bona-fide NatSec issue. | | Like any other NatSec issue, this requires both serious | hardening actions at home, and serious threats against | bad actors abroad. Whether that involves, some kind of | diplomacy, economic sanctions, targeted software attacks, | targeted covert actions, or overt drone strikes, is up to | the experts in those domains, but we do need to treat | this as a serious NatSec issue that it is. | s1artibartfast wrote: | On a planet with seven and a half billion people becoming | more connected and tech-savy everyday, security by | intimidation simply isn't a viable solution, or a | meaningful component of a larger solution. | yaw11 wrote: | The entire computing apparatus of humanity ostensibly can't | figure out secure systems by default without fifty vigilant | FAANGineers on hand to rewrite everything quarterly, and then | spends _the day after Memorial Day_ arguing for drone strikes | and targeted assassinations against two-bit racketeering | operations calling them on it to avoid fixing the actual | problem. Video at 11. | joejerryronnie wrote: | Do we have ransomware credit default swaps yet? | jpmattia wrote: | In a perverse way, the recent attacks on infrastructure are a | good thing. Can you imagine if these all hit in a coordinated | attack during actual hostilities? | | Yes it's painful and interferes with the economy, but ultimately | this will harden up potential targets. And boy do some of these | guys need hardening up. | [deleted] | SketchySeaBeast wrote: | I guess I question if targets will actually harden up or not or | treat it like the price of doing business. | pradn wrote: | While this is one line of thinking, in another way of thinking, | we're just now in a perpetual cyber cold war. As long as there | are some rogue nations that turn their eyes away from | cybercriminals, or adversaries that actively promote them, | we're going to have an endless series of outages - every | possible thing from factories to toll roads to desalination | plants to illicit photos. | handrous wrote: | Nah, we're just gonna get every state having its own mini- | Great-Firewall and very limited access to non-friendly | states, at the routing level. There's a next gen Internet | protocol that makes this easy. Maybe also personal IDs with a | kind of Internet "credit score". We already do that, but with | IP addresses and machine fingerprints. I expect some | countries will adopt something like that, even in the "West". | | Either that or the cost of attacks will remain lower than the | benefit of being able to sell bits and bytes to your | adversaries. I do not expect this to be the case, but maybe. | | The open, global, semi-anonymous web is what's not going to | survive this fight, I'm afraid. I give it 20 more years, | tops, and maybe a lot less. | mortenjorck wrote: | Certificate authorities, but for the evil bit. | handrous wrote: | Sorta, but more like marking anyone's packets from | outside your (or a friendly and cooperative country's) | legal jurisdiction with the evil bit by default, and then | also tracking which person or company, not device or IP | address, originated every packet, so if they sent | anything that should have been evil-bitted you can track | them down. | | Again, I reckon it's either that or this problem never | gets much worse. Given trends, I expect we're gonna lose | the open, global Internet. | lallysingh wrote: | While I don't doubt the motivation of such a naked power | grab, it has almost no useful security effect. | handrous wrote: | How so? Can't attack from abroad if non-trusted states | have trouble even getting packets routed to the target | state, let alone the specific network you're trying to | breach. Very hard to attack from inside the "firewall" if | access is, as a condition of being considered a trusted | routing peer, gated by tying all traffic to a personal or | corporate ID that would cause all kinds of trouble for | the holder of same IDs should they route traffic on some | bad actor's behalf (as, say, through Tor or other means). | lallysingh wrote: | That's just a matter of finding a vulnerable ally county | to hop through. That's SOP now to hide your tracks. It's | not like current attacks from Iran to the US have Irani | addresses in the IP header. | handrous wrote: | That's fine until it's nearly impossible to route a | packet from (for example) Iran to _any_ IP in _any_ state | that 's legally unfriendly to hackers and scammers, or | otherwise operates outside the broad legal jurisdiction | of the hackers' target states. | heavyset_go wrote: | Your random Iranian hacker might not, but states will | find ways around it. Even smaller criminal organizations | find ways around such limitations. | handrous wrote: | Security does not have to be perfect to be effective. If | it did, we'd have no security, because none of it is both | useful /practical _and_ perfectly effective. | viraptor wrote: | That's why we have technologies like Tor which will | happily find a number of hops that do allow you to | establish that connection. | | Also IP-level blocks will never be perfect. See Hong Kong | proxies. Or people in traded IP ranges classified as | coming from another country. | handrous wrote: | Yes, the Internet as currently structured is resistant to | this. The Internet is not guaranteed to continue to have | that structure. I'm saying that if our choices are | "constant attacks such that the Internet is horribly | dangerous" and "don't have the Internet", the popular (at | the state level) solution will be "I choose neither-- | instead, we're changing the Internet". | lallysingh wrote: | It's not direct packets. You ssh into a box in, say, UAE, | then Cuba, then Canada, then USA. You're just uploading | and running scripts, so latency doesn't matter. | handrous wrote: | Yes, I know how the Internet works now. It doesn't have | to keep working that way, and if attacks get really bad | the result _will not_ be that we just live with them. The | Internet will be modified to reduce the threat to a | tolerable level. There 's already been some pretty | serious work put into what this will look like, if/when | it happens. | dublin wrote: | This is NOT a cybersecurity or network vulnerability | problem. That's just a symptom. | | The real problem is that here, like so many other places in | modern society, we've allowed consolidation to proceed far | beyond healthy levels - when a single company is | responsible for 20% of beef supply, it's time for antitrust | action! (Yes, I'm looking at you, too, Internet, Tech, | Media, Pharma, Aerospace/Defense, etc. companies...) | | Maybe just allow one merger per decade, only available to | companies with less than 10% of their market? | heavyset_go wrote: | The security state is willing to do anything, up to | kidnapping, torture and murder, in order to not change a | thing about the current economic order. | | I expect the problem to be addressed with technology, | treaties, extraditions and putting a lot of people in | prisons before the fragility of consolidation is | addressed. | aphextron wrote: | Consolidation leads to efficiency. Which in the case of | commodities, is the only way to ensure low prices. A new | slaughter company is not going to innovate a more | efficient means of producing a pound of beef. In theory, | a perfectly run state monopoly would be the ideal system. | But that rarely ends well. In the US we've worked out a | sort of half way between the two extremes, where large | private corporations are allowed to consolidate in the | name of consumer prices, while still maintaining just | enough competition for profit motive to keep things well | run. It's not perfect but it's the best we've figured out | so far. | unclebucknasty wrote: | There are many problems with over-consolidation, but this | isn't one of them. | | The primary problem here is criminals and criminal | organizations parading as nation-states. The secondary | problem is systems and networks that are insufficiently | secured. | viraptor wrote: | That could sounds interesting to to a lawmaker, but it | wouldn't change anything in practice. Those hacks don't | come directly from the authors nicely identified by their | affiliation and location. They'll come from a trusted node | in the US. Some many already do. | handrous wrote: | It would force the attackers to enter the jurisdiction of | a state that _will_ prosecute them if they 're | discovered, to carry out the attack, or else resort to | much more difficult and slower methods (sneaker-net | introduction of initial malware infections in the target | state, say). | viraptor wrote: | You don't have to enter a specific jurisdiction. There | are supply chain attacks, escalation through residential | connections, existing international botnets, and a | thousand other approaches. And of course, there's always | someone out there ready to open an email which will own | them. | handrous wrote: | > There are supply chain attacks | | Yes, some relatively slow, difficult, and expensive | attacks would of course still be viable. That does not | mean that, "it wouldn't change anything in practice." | | > escalation through residential connections, existing | international botnets | | Right--so how are you going to talk to your botnet from | outside the target sub-Internet when it won't even route | packets you send it, except _maybe_ to some hardened | commerce-and-propaganda-only subnet that may have limited | or no connection to the rest of the target state /bloc's | Internet (and again, even that part existing is a maybe)? | rlt wrote: | "The internet interprets censorship as damage and routes | around it" | | Even if you physically firewalled every connection into a | country all it takes is one little node connected via RF | (satellite, HF, etc) dropped near an open WiFi hotspot. | handrous wrote: | Wifi hotspot asks for personal or corporate/server ID of | the sender of packets coming from this new node, since | _it_ can 't route the traffic any farther without that. | Gets nothing. Drops that node's packets as either hostile | or malfunctioning, and, regardless, useless, since it | can't route them anywhere. OK, so maybe you manage to | steal an ID. See how this is making attacks harder? Now | you're stealing or forging identities just to get _any_ | packets routed, and if you do anything suspicious-looking | you 'll rapidly get your stolen ID on the automatically- | managed collective shit-list and it'll stop being very | useful. Because the volume of attacks is so much lower, | your drop-a-radio-near-a-hotspot trick might even trip | enough flags to get someone to come find the device, if | you use it very much--and if you can't use it much | without "burning" the hardware, then, well, sure seems | like it made your job as an attacker a lot harder, right? | | There is nothing that guarantees the Internet will keep | working the way it does now, and if an open Internet | causes enough problems, it _will_ be reigned in. How it | works now is a choice, not a law of nature. I 'm not | happy about it, but that's just how it is. Either these | kinds of attacks won't get much worse, or they'll get _a | lot_ worse and something like that will be what happens. | FridayoLeary wrote: | The 'splinternet' allegedly. | handrous wrote: | Right. I posit that _either_ we _will_ arrive at that | outcome, _or_ "cyber attacks" and various other forms of | Internet-enabled international abuse will never get bad | enough to justify it. I suspect we're in for the former. | bostonsre wrote: | Hopefully its not endless. I kind of view these attacks as | forced penetration testing of sloppy companies. They may not | have been hired or perform their work legally, but hopefully | their work results in changes similar to legal penetration | testers. Also, the more that these attacks happen, the more | that insurance companies will begin to increase premiums and | the more that they will push back on companies that practice | sloppy security. It may be painful in the near term, but | hopefully these attacks are a net good in the long term. | fakedang wrote: | Did anything happen after the Equifax hack? | | _awaits with bated breath_ | stingraycharles wrote: | I don't think a Cold War is a good description of what's | happening; it's not as if there's some arms race going on as | it is just a very public exposure of how bad our overall tech | / security infrastructure is. | | The question is whether the pains we're currently feeling are | enough to cause a change in the industries affected. | yaw12 wrote: | > The question is whether the pains we're currently feeling | are enough to cause a change in the industries affected. | | Considering downthread there are honest suggestions to send | special forces after the ransomware gangs, I'm gonna go | with "probably not". That type of denial is pervasive. | | The F500 and companies like JBS just need to move | essentially dataframes around from automation to | automation, but somehow the software ecosystem is still | building that with the same tools used to write Google. The | next answer is usually "they don't invest in a security | team, clearly," and I'm waiting for that subthread to kick | off, too, to continue the denial. | | Software complexity is the enemy, not the malicious actors | exploiting it. Fix one, fix the other. | Dylan16807 wrote: | I'm confused, why isn't a security team a good way to | make and enforce things like smaller attack surfaces and | network isolation? | viraptor wrote: | It is, but it's never going to be perfect. Nobody has | achieved that so far. Or at least not in an environment | where you have international distribution and thousands | of endpoints touching different areas of the system. | joemazerino wrote: | The arms race is in exploits and software development. The | country with the largest stockpile of the former and the | best talent in the latter will emerge the victor. | wyager wrote: | The good news is that cyber-war has a huge asymmetric | advantage for defenders. For modestly more money, we can stop | building absolute crap infrastructure that constantly gets | owned. A little bit of investment in quality drastically | raises the cost of an attack. | lallysingh wrote: | Basically we're waiting for regulation to make the | organizations responsible in a way that's useful for cost/risk | accounting | unclebucknasty wrote: | > _In a perverse way, the recent attacks on infrastructure are | a good thing._ | | Voluntary pentesting is a good thing. Costly attacks executed | by criminals is not. | nyokodo wrote: | > but ultimately this will harden up potential targets. | | Or they mop up, get bailed out, and then maybe make some minor | changes that don't really solve the problem that their insecure | corporate culture begins to undermine immediately. We need | companies to essentially go into a perpetual cyber-security | war-footing. I don't see that happening without business being | impossible to conduct without it. | nobleach wrote: | If this is the USDA we're talking about, they mop it up, and | have countless MEETINGS about what should be done. Then a | task force is convened. THEN they do nothing. | mhuffman wrote: | >but ultimately this will harden up potential targets | | I predict that it is going to be used to get rid of privacy and | anonymity features of the web and they aren't going to harden | anything! | Sparkyte wrote: | alright time to go vegan | bdamm wrote: | Impossible Meat is delicious. My trips to Burger King are now | entirely vegetarian. | istorical wrote: | It needs heavy funding or subsidizing, this sort of product | needs to be scaled up fast, because the price per lb of the | meat is so much more expensive than low quality chicken, | beef, pork etc. purchased at costco type bulk prices. | heavyset_go wrote: | Does BK separate its griddles and fryers between vegetarian | and non-vegetarian items? Because if they don't, then meat | products will leach animal fats and proteins while they cook | and your vegetarian items will pick them up. | xsmasher wrote: | That's not ideal, but doesn't cancel the health and climate | benefits of eating vegetarian. | ashtonkem wrote: | There's no reason to believe that the plants that produce vegan | products are any more secure; if veganism became the norm then | the infrastructure required to process that food would be as | valuable a target as meat processing is today. | throwaway1777 wrote: | Only a matter of time until any industry gets hit. Hospitals | have been hit already so it's not like moral conscience is an | important factor. | GnarfGnarf wrote: | I hope it's beginning to sink in to corporate America: you need | to get serious about security. Go Linux. Hire many permanent | security experts with continuous audit processes. Acknowledge the | true cost of IT. | tgsovlerkhgsel wrote: | Linux vs. Windows makes very little difference here. | swiley wrote: | > corporate America: you need to get serious about security. | | _USE OF MCAFFE INTENSIFIES_ | 7373737373 wrote: | Rather, go microkernels! (Recursive) sandboxing and resource | control have to become a thing: | https://genode.org/documentation/general-overview/index | | Permissions should be able to be set in a fine grained way, | capability security needs to become much more well known: | https://github.com/void4/notes/issues/41 | tibbydudeza wrote: | Probably their plants has some industrial equipment that is | still running on Windows 2000. | reilly3000 wrote: | Absolutely. Plenty of America runs on EOL Windows XP legacy | apps that have been too complicated to migrate. Sometimes | they run airgapped until someone realizes that isn't | practical. CEOs must demand better and be willing to pay | for it. Without leadership support these migrations almost | always fail. | 7373737373 wrote: | And (operating) system and programming language designers | must make security a foundational property of their | systems. Most modern languages will _never_ be secure, | because their semantics necessitate things like global | names. Trying to graft security extensions onto an | existing language that wasn 't built with them in mind | will be painstaking and will always lag behind and is | thus often abandoned: | https://en.wikipedia.org/wiki/Caja_project | a3n wrote: | I wonder if "ransomware" is merely a cover, and some of this is | Russia beta testing economic and infrastructure warfare. | bdamm wrote: | It could be, but that's something that only privileged elected | officials e.g. members of the intelligence committee, US | President, past presidents, etc, get to know. If you let | yourself get into conspiratorial thinking you'll soon find | yourself without any moorings whatsoever. | | It could also be many other countries or even private entities | that get excited about extracting money from big US companies. | The list of possibilities is very long. | ergot_vacation wrote: | Cyber attacks between major powers targeting important | infrastructure aren't conspiracy theories; we have plenty of | confirmed cases of it at this point. Whether this situation | in particular, or the recent oil disruption are targeted | attacks is hard to say. | | As with the "lab origin" situation, it's probably best to | avoid whatever the mainstream media is saying and try to find | the few rogue experts who aren't being paid to say the right | thing (or nothing at all) and thus have no incentives other | than the satisfaction of offering a frank assessment (with | any luck, you can find them before they're banned from all | social media platforms for "misinformation" (ie, disagreeing | with the party line)). It took years for any official | confirmation of Stuxnet being a state-sponsored attack. But | if you were paying attention to the right people, you knew it | had all the fingerprints of such an attack pretty early on. | Analemma_ wrote: | Targeting politically important industries rather than | _strategically_ important ones (no price increases get people | quite as fumed and likely to take to the streets as gasoline and | meat price increases) is an interesting development in quasi- | state-sponsored cybercrime. | dudleypippin wrote: | Interesting. My third thought was "Huh, perhaps we'll be eating | less beef until the inevitable price shock and hoarding | passes." | | (First thought was for the poor IT folks stuck in this mess and | the second was remembering a sensitive machine that was open to | all of AWS because the vendor's servers "needed access to push | frequent updates." and "nobody has ever pushed back on that | requirement before.") | briefcomment wrote: | Klaus Schwab of the WEF "predicted" this a year ago [1]. Either | the WEF and other NGOs are incredibly prescient on a number of | unrelated issues, or we may be getting taken for a ride. | | [1]https://m.youtube.com/watch?v=0DKRvS-C04o | neither_color wrote: | _gasoline and meat price increases_ | | These hackers sure are progressive. I wonder what they'll | target next: plastics, flights, or ammo? | mtalantikite wrote: | My first thought was imagining a hacker org taking | inspiration from the movie 12 Monkeys. | r00fus wrote: | In the case of the pipeline disruption, it was reported that | the USG disrupted the CCC of the ransomer and their crypto | accounts were drained. | | I wonder if a similar sort of reaction will happen here or if | the attackers will move more quickly? | | From a technical standpoint, why was JBS' backup chain a | workable solution for JBS and not for the pipeline operator? | Was it incompetence on the part of the attacker or just a | better defense, or luck? | nextstep wrote: | I hope this attack aims to destroy the infrastructure of an | environmentally disastrous industry and isn't just a ransomware | attack. | madcows wrote: | What's with all the cyber attacks on US infrastructure? | | I hope this is because of a self hardening mechanism and not what | it looks like, continued assault by adversaries. | briefcomment wrote: | Posted this on the related thread on the front page: Klaus | Schwab of the WEF "predicted" this a year ago [1]. Either the | WEF and other NGOs are incredibly prescient on a number of | unrelated issues, or we may be getting taken for a ride. | [1]https://m.youtube.com/watch?v=0DKRvS-C04o | tbihl wrote: | Because it always pays | [deleted] | buildbot wrote: | I imagine it happens everywhere, but tends to make bigger news | in the US. You can still find industrial control systems | exposed to the internet with password free VNC... | thatguy0900 wrote: | It's because none of it is secured, and the US has a shit load | of infrastructure that all has its own independent systems. | Even a tiny percent being hacked per lifetime will be constant | hacks in the news. | macinjosh wrote: | Independent systems have their own problems but also | benefits. The trendy word for this is 'decentralized'. IMHO, | I'd prefer we don't have one big system. At least when the | pipeline was shutdown it didn't affect the entire country. | kevin_thibedeau wrote: | None of it was on the internet 30 years ago and we survived. | All it takes is responsible corporate leadership to fix this | problem. | viraptor wrote: | Theory: running the same system in pre-internet style would | add overhead in salaries and delays that's more costly than | being down for a few weeks after a hack. | kolbe wrote: | It's because the US and Europe have shown there aren't any | repercussions to defrauding their governments or their | citizens. | gwright wrote: | > Capacity Wiped Out | | Overly dramatic and inaccurate as far as I can tell. | | Something like a contagion introduced into the facility might | warrant a "Wiped Out" description but "Production Paused" seems | more accurate and informative. | arrosenberg wrote: | The cyberattack and the fact that one company had 20% of the | country's beef processing capacity. A more distributed economy | with smaller operators means fewer, less valuable targets for | piracy, as well as more supply chain resilience when one company | is taken offline. | Animats wrote: | At least they don't have 60% market share. What happens when | FedEx or Union Pacific goes down? | dfsegoat wrote: | This was an interesting and valid point. Container ship based | freight looks to be a bit more fragmented: | | https://www.statista.com/statistics/198206/share-of- | leading-... | | https://shippingwatch.com/carriers/Container/article12930338. | .. | Animats wrote: | A few years, back, Maersk went down for almost a week due | to encryption-type malware.[1] Things happen slowly enough | in sea shipping that the impacts were mostly to Maersk | itself. It cost them about US$330 million. | | [1] https://www.reuters.com/article/us-cyber-attack-maersk- | idUSK... | mindracer wrote: | Crazy how they were saved by a domain controller that had | been knocked offline by a power outage before the worm | hit | midasuni wrote: | Why couldn't they restore from backup? | viraptor wrote: | And higher prices. I'm all for the smaller distributed | suppliers, but let's remember that scale makes things | cheaper/easier and there's a reason companies join up. Your | local delivery organised between a few farms will be beaten on | price by JBS. | dzhiurgis wrote: | Bloomberg missed opportunity to use kiwi slang word 'cooked' in | the title: | | >One-Fifth of U.S. Beef Capacity Cooked by JBS Cyberattack | mxuribe wrote: | Dear diary, | | Today, I was finally able to incorporate the "Where's the | beef!?!" catch-phrase into daily conversation! But, it just | didn't land as funny as I was expecting in my mind. | tonyb wrote: | Looks like I'll end up having to pull brisket off the menu again | this summer (I own & operate a BBQ food truck). | | Before this latest blow to the supply chain I have already seen a | 66% increase in brisket prices in the past 4 weeks ($2.99/lb | about a month ago, current price is $4.99). The restaurant | industry is already running on low margins so it will be | interesting to see how this is all going to shake out. | asdff wrote: | You could put brisket at market price like lobster roll food | trucks tend to do. People still happily pay $18 for a lobster | roll from a truck. | pie420 wrote: | That's because lobster roll customers are rich yuppies. BBQ | is for poor people who cannot afford good cuts of meat so | they resort to pulverizing bad cuts of meat with smoke heat | and sauce. | rootusrootus wrote: | > pulverizing bad cuts of meat | | Huh? The cuts are tough, yes, but they're also the most | flavorful. There's nothing bad about them. | | Go try and use a ribeye to make a cheeseburger sometime. | It's incredibly bland compared to the flavor you're used to | getting from chuck. | agogdog wrote: | You seem to be getting downvoted, but you're not wrong. | They're entirely different ends of the market. | jt2190 wrote: | > BBQ is for poor people... | | This is _really_ not true anymore. BBQ has become a high- | ticket item thanks to "Craft BBQ" and growing demand | | https://www.khou.com/mobile/article/news/brisket-prices- | are-... | tonyb wrote: | Raising prices is an option but that is very market | dependant. BBQ customers in general are more price sensitive | than lobster customers and I would lose sales at a higher | price point. | | There is a certain price (which I have generally found is | $4.50 - $4.99/lb, that is when my food cost for a brisket | sandwich hits 50%. Target food cost should be somewhere | around 30%) where it just isn't worth it to sell brisket. BBQ | is somewhat unique in that you have to estimate your demand | ahead of time - you can't just throw on another brisket if | you run out and I don't reheat/re-use leftovers. So even if I | raise my prices $2/sandwich to cover the increased cost my | risk is still higher because any unsold product is now a | higher loss. | koolba wrote: | Is it possible to purchase the cuts in advance and store | them frozen or does that noticeably effect the quality? | Seems straightforward to through some cuts in a deep | freezer to smooth out supply costs. I do that on the small | scale at home though obviously the capital costs would be | proportionally larger at scale. | tonyb wrote: | That's exactly what I did starting about a month ago - | I've got enough on hand to last about a month (most of | that is committed to catering jobs that already have a | set price - so my forecasting is much easier but if I | didn't lock in the price I would have to eat the | difference). | | As long as they are safely handled I've found no quality | difference at all when freezing stuff that is cryo-vaced. | More often than not it has already been frozen at least | once before it gets to me. | | I don't ever sell anything that has been re-heated after | cooking though. You can also do that with little to no | quality loss but I try to position myself as a premium | brand so everything is 'cooked to order'. There are also | a lot more food safety concerns (cooing it fast enough, | re-heating it fast enough, etc.) that I don't want to | worry about. I vacuum seal cooked BBQ at home and it's | just as good as fresh but you can't do that in a | commercial setting without special permits that aren't | available to food trucks (at least not in my area). | jasonwatkinspdx wrote: | I'm sure you know your business and market, but I'd just | through out an example from my back yard. | | Matt's BBQ is the best Texas style bbq in Portland by a | considerable margin. I've been a customer and friendly with | him since he started out in a pawn shop parking lot with | zero foot traffic and almost no road visibility. He charges | $13.50 for a 1/2 lb of brisket, similar prices for other | meats. Sides are typically around $3.50. | | He's up to multiple locations and his own commissary | kitchen that's like 2000 sq feet. | | He sells out every single day. | | It's been really fun to watch his business blow up. It's | all been from the strength of his product, and his personal | hustle to get the momentum. His customer base is loyal and | willing to pay a premium. | | He even has a side hustle selling smoker rigs, via a | partnership. | atc wrote: | Can you survey your customers? | robbmorganf wrote: | I'm just curious how you started following Hacker News? | qbasic_forever wrote: | A lot of folks work like mad in tech to build up a small | nestegg and then go pursue a passion. Starting with a food | truck is a great way to suss out and ease into eventually | owning and running restaurants. It's like the MVP of a | cuisine/restaurant idea. | wenc wrote: | Brisket prices have been going up for quite a while now, not | least since the pandemic started. This event is likely going to | be a blip. That said, typically one of the ways to hedge | against volatile prices is through forward contracts. If you | have a float, have you thought about pre-paying for brisket to | get a discount? I only mention this because I remember reading | a story told by Nick Kokonas, who co-owns Alinea, a famous 3 | Michelin starred restaurant in Chicago. When he discovered he | had a float, he decided to pre-pay his vendors instead of | taking net 120 and in the process got a 50% discount on beef. | (because pre-paying improved his vendor's cashflow and reduced | their risk, they passed it back to him in the form of savings) | | From: https://commoncog.com/blog/cash-flow-games/ | | "Food costs money. But the way that everyone (in the F&B | industry) looks at food costs, and paying for food is very | weird. When COVID started, every famous chef that went on TV | said, "This is the kind of business where this week's revenues | pay for bills from a month ago." So when we started to bring in | money from deposits and prepaid reservations, I suddenly looked | and we had a bank account that had a couple million dollars in | it -- of forward money | | "I started calling up some of our big vendors for the big, | expensive items -- like proteins: meat, fish; luxury items: | like caviar, foie gras, wine and liquor, and I said, "I don't | want net-120 anymore, I want to prepay you for the next three | months." And they had never had that kind of a phone call from | a restaurant before. | | So how much should they discount it? So let's say we're going | to buy steaks. We're going to pay $34 a pound wholesale for dry | aged rib-eye, we get net-120 (normally). So I call the guy and | say "I'm going to use 400 pounds of your beef a week for the | next 4 months, for our menu, which is about about $300,000 of | beef, what (would) we get, if we prepay you?" And he was like | "what do you mean?" I'm like "I want to write you a check | tomorrow for all of it, for four months." And he was like, | "Well, no one has ever said that." So he called me the next | day, he said "$18 a pound" ... so ... half. Half price. | | I went, "I'll pay you $20 if you tell me why." And he said, | "Well, it's very simple. I have to slaughter the cows, then I | put the beef to dry. For the first 35 days I can sell it. After | 35 days there's only a handful of places that would buy it, | after 60 days, I sell it $1 a pound for dog food." So his waste | on the slaughter, and these animals's lives, and the ethics of | all of that, are because of net-120! Seems like someone should | have figured this out! As soon as he said that, everything | clicked, and I went "We need to call every one of our vendors, | every time, and say that we will prepay them." | JPKab wrote: | I think you have a well-reasoned, thoughtful post here, but | perhaps the person who operates a BBQ food truck might not be | the best positioned to take futures contracts out on brisket? | | Scale matters. | tonyb wrote: | Prices had come back down to pre-pandemic levels up until | about a month ago. Nationwide easing of restrictions has | increased demand faster than the supply chain has been able | to keep up. | | That is an excellent idea (having more than just a | transactional relationship with you food vendor is a good | idea in general) but my volume is way too low to have that | type of leverage. The best I can do (and fortunately what I | did when I saw the prices increasing) is pre-buy and freeze | as much as I can to lock in the then-current pricing. Right | now food supplies aren't even able to fill many wholesale | orders because they don't have enough supply so I'm not sure | pre-paying would help if they can't even get the product. For | example one major vendor has changed their order cutoff time | from 11PM to 5PM so they can spend that extra time allocating | their available stock across all the orders because they | don't have enough for everyone. | | BBQ is my side hustle so I'll be ok either way - but if I was | paying my mortgage via food service I would be alot more | concerned. | secabeen wrote: | It would be very interesting to see a followup report from | Nick on what happened with COVID. Did they refund those | customers who pre-paid for dinners that couldn't happen? Were | they left holding the bag for the dry-aged ribeye that they | then couldn't sell? I would love to hear the story. | [deleted] | sorokod wrote: | Expect brisket futures to become a thing | nradov wrote: | Cattle futures already exist and prices are up on this news. | Guest42 wrote: | Would make for some tough storage if they got stuck not | selling them at expiry. | [deleted] | SAI_Peregrinus wrote: | > as hackers increasingly target critical infrastructure. | | Many attacks aren't truly targeted, they're blanket ransomware | attacks trying to hit any entity they can. | | Also, meat packing isn't critical infrastructure. It's important, | sure, but nobody is going to die if they don't get meat. Food | overall, yes, but meat is a luxury good. | admax88q wrote: | If meat collapses it will put strain on other parts of the food | pipeline which might not be able to pick up the slack. | | There's a lot of calories in meat. | deeblering4 wrote: | Are there a lot of calories in meat? I always looked at meat | by itself as pretty lean. | | By volume I think there are quite a few types of food that | are richer in calories, and a lot of times meats are rich due | to how they are prepared (fried, or drenched in butter, etc.) | akiselev wrote: | Depends on how lean the meat and how dense the fat but | generally only processed foods (like bread) are more | calorie dense than meat. Protein and sugar (carbs) provide | 4 kcal per gram while fat provides 9 kcal per gram and our | gastrointestinal tracts are better adapted to carnivorous | than herbivorous diets (compared to, say, cows or rabbits). | We're simply unable to digest a lot of the mass in fruits | and vegetables like the insoluble fiber and animal | husbandry's purpose is to convert that material to edible | food - it'd be pretty pointless if it wasn't more calorie | dense. | s1artibartfast wrote: | Yes, There are a lot of calories is meat, even without | additions. See bellow for calories in 100g of common foods. | The only things that are more calorie dense than meat are | primarily composed of sugar or fat. | | 271 Beef | | 265 bread | | 247 Roast chicken, skin on | | 130 black beans | | 110 rice | | 57 Apples | | 35 Broccoli | dahart wrote: | The calories in meat aren't relevant, it takes more calories | in animal food to produce meat than the calories in the meat. | | The meat industry is a strain on the food pipeline, losing it | would free up other parts of the pipeline and feed more | people. https://en.wikipedia.org/wiki/Environmental_impact_of | _meat_p... | | I eat meat, but the parent is correct, it's a luxury. | | *edit: confused by all the downvotes. Am I incorrect, or | being somehow offensive? | swiley wrote: | Beef is grown using cellulose which contains calories that | are unavailable to humans. | | Unless you've discovered a very neat chemistry trick that | would also make fuel much cheaper. | dahart wrote: | I wasn't suggesting that people eat hay. We could use the | same land to grow edible plants and vegetables instead, | right? | aparks517 wrote: | I imagine some grazing land could be converted, but I do | think most of it is used for grazing because that's about | all it's good for. My family used to graze a small herd | on land that could /almost/ be used to grow grain (with | lots of chemical help), but definitely not vegetables. | dahart wrote: | That is a very good point. I poked the internet about it | and got this interesting information back which backs up | your thought: https://www.ers.usda.gov/amber- | waves/2012/march/data-feature.... | | Maybe worth mentioning that poultry feed is grains and | "mostly" edible in theory (though maybe not in today's | practice), and poultry is the largest segment of meat in | the US? | | Also relevant are that per-capita meat consumption in the | US has gone up dramatically in the last 50 years, and so | has the average caloric intake. Looking at history, it | seems like we have room to downsize some, right? | aparks517 wrote: | > poultry feed is grains and "mostly" edible in theory | | Yeah, some of them definitely. We fed our chickens a fair | bit of wheat, which of course makes good bread. Plenty of | field corn too, which... I guess if you like corn chips | as much as I do... okay! Poultry and eggs might be better | for you than loading up on grains though. | | > per-capita meat consumption in the US has gone up | dramatically in the last 50 years, and so has the average | caloric intake | | Perhaps as little as double those fifty years ago it | would have been unthinkable that even the poorest among | us could be troubled by obesity. We live in an age of | riches and I guess we're still figuring out how that | works. What a problem to have, though! | | > it seems like we have room to downsize some, right? | | This is perhaps the most amusingly uncontroversial thing | I've read on the Internet lately. Thank you | redprince wrote: | If only that were still completely true. | | https://wwf.panda.org/discover/our_focus/food_practice/su | sta... | | You could completely strike meat from everyone's diet and | still feed everyone. | swiley wrote: | Just because you can do something and still feed/house | everyone doesn't mean it's optimal. | | Plants are mostly cellulose, not sugar. | viraptor wrote: | You're taking about long-term effects, which are true. But | that meat waiting to be distributed is already there. If | the deliveries disappear for a few days/weeks, you don't | suddenly get extra plants to distribute in that timeframe. | dahart wrote: | True. Yeah I thought the whole sub-thread here was | talking about long-term effects, not a short-term one- | time gap of unused supply. The top comment was talking | about the general necessity of meat to our economy, | right? | lainga wrote: | Well general and specific, and short- and long-term, are | orthogonal. Oil is also generally necessary in the US | economy in the short-term, if (conceivably) not in the | long-term. On the other hand electricity is not necessary | in the short-term specifically to aluminum foundries, but | in the long-term it is (or the crucibles solidify). | dahart wrote: | Sure agreed. I'm perhaps not understanding what part of | the above that this distinction clarifies. Sudden loss of | oil would bring the entire economy to a halt and | certainly result in mass loss of life. Sudden loss of | human edible meat would no doubt be a major blow and an | enormous waste, but would not generally result in a lot | of people dying or stop the economy. It would certainly | bankrupt and cripple the operations of meat farmers, but | loss of oil would bankrupt and cripple _all_ farmers, and | _all_ transportation and distribution of food. | redprince wrote: | As if there's a scarcity of food in the US so that missing | out on calories from meat could not very easily be | substituted. Incidentally that would also result in a diet | commonly regarded as healthier. | [deleted] | joemazerino wrote: | I'm curious as to how so-called cyber insurance plays out with | these attacks. | sparker72678 wrote: | > JBS's five biggest beef plants in the U.S. -- which altogether | handle 22,500 cattle a day -- have halted processing following a | weekend attack on the company's computer networks, according to | JBS posts on Facebook, labor unions and employees. | | It wasn't clear to me from the headlines that this is about meat | plants. | jokoon wrote: | This reminds me of the earlier cyber attacks on a pipelines. | | One could speculate that those are climate activist attacks. | titanomachy wrote: | This is being downvoted, but it seems like a reasonable theory | to me. I know a decent number of brilliant engineers/hackers | who are strong proponents of a vegetarian diet. | | Or maybe it's just a general attack on US food production, and | meat is the most vulnerable sector due to its complexity. | yaw11 wrote: | It isn't reasonable at all. | Arrath wrote: | As a prelude to Rainbow Six, it might be. | | Otherwise.. | gruez wrote: | Don't hacktivists/eco-terrorists usually claim responsibility? | Shutting down beef/oil production for a few days isn't going to | do much for the environment, if at all since demand basically | stays the same, so claiming responsibility and/or getting | awareness is the only reason for hacking. | simonw wrote: | Occam's razor says that the most likely reason for this is that | a ransomware group knew that they could extort a lot of money | from this company. | yaw11 wrote: | You could speculate that. Then you could ask yourself why a | climate activist would create a situation where cattle starve | at the plant and are put down and not used economically. | | There are thousands of cattle in transit to just one of these | facilities every hour of every day. Most are not equipped to | feed incoming cattle - they arrive hungry and with minutes to | hours to live. If you're annoyed about the climate, forcing a | manufacturer to throw out and waste hundreds of tons of | perfectly fine beef does what, exactly? Send a message? | | This isn't spiking trees. You're dealing with live animals. I | have a hard time believing an activist environmentalist would | be fine with _exacerbating_ an animal welfare situation they | already don't like. Putting thousands of cattle through even | worse experiences than usual. Yeah, no. | | Source: One degree removed from a foreman at an impacted plant. | What I'm describing is already happening - plant I'm aware of | has 14k head on hand with about 24 hours to figure it out or | kill and discard. The administration is already involved and | aware of the details, too, and _everyone_ should be vigilant | regarding speculation as to who's behind it (this is likely | misdirection, given who it actually is). | Arrath wrote: | >This isn't spiking trees. You're dealing with live animals. | I have a hard time believing an activist environmentalist | would be fine with exacerbating an animal welfare situation | they already don't like. Putting thousands of cattle through | even worse experiences than usual. Yeah, no. | | Animal rights activists aren't always known for thinking | about the consequences of their actions. | | https://www.independent.co.uk/news/freed-mink-bring-death- | to... | | https://slate.com/technology/2017/07/thousands-of-minks- | die-... | genericuser314 wrote: | "Thus, by a continuous shifting of rhetorical focus, the | enemies are at the same time too strong and too weak." ~ | Umberto Eco | hereme888 wrote: | Are there any details on whether it was ransomware? I'm | interested in following this story as it develops. | ChuckMcM wrote: | Is there any other kind of "cyber attack" with respect to | companies like this? This is a serious question, I can't | imagine someone DDos'ing or trying to "steal passwords" or | "private data" from a meat processor. But disrupting their | business and holding them hostage? Seems to be a thing these | days. | gizmo686 wrote: | 1) Cyber warfare. Taking down critical capacity like food | production weakens your enemy. I don't think hostilities are | anywhere near bad enough with anyone for this to be an issue | at this point; but it would not surprise me if the other | major countries are already in our systems and _could_ do | this with the push of a button if they wanted to. (Similarly, | it would not surprise me if we were in theirs as well). | Establishing the capacity to do this at the push of a button, | could have the effect of accidentally shutting things down. | Either because of a mistake from the attacker, or because the | attack is discovered and production is shut down out of an | abundance of caution while we figure out what happened. | | 2) Terrorism. Really, I consider this the same as warfare, | just coming from "terrorists" instead of "countries". With | this broader base of attackers, I think there are groups that | would be willing to do so. The only question is if they have | the technical know-how. Given how cheap these ransoms can be | ($4.4 mill for the pipeline hack), and the fact that a payed | randsom probably a good profit margin, in terms of raw | funding, these hacks seem within the range of terrorist | groups. | ChuckMcM wrote: | All valid if we were at war or there was an active anti- | meat terrorist group (I don't consider PETA to be | terrorists :-). Just using the process of elimination to | guess what is up and "ransomware" is highest on my survey | board at the moment. (weak hat tip to Family Feud) | gizmo686 wrote: | They do not need to be anti-meat. Simply anti-America | would suffice. | Veserv wrote: | Sure, you could have an attack whose goal is to cause damage | like what happened in the Sony Pictures hack in 2014 [1]. Or | follow through on a direct blackmail attempt of money for no | disruption. Even if we limit ourselves to financially | motivated actors there are plenty of ways to convert business | disruption to money other than ransomware such as stock | manipulation, competitive sabotage, etc.; they are just a | little more sophisticated in the non-technical aspects. | However, these tactics are quite rare currently because most | hackers are extremely financially unsophisticated, being | mostly young technically-minded people, so they focus more on | the technical aspect of just doing more hacks rather than the | business aspect of extracting the most value through solid | financial engineering. | | We can see this by the fact that just a few years ago they | would take down the same types of companies they are hitting | now and ask for a ridiculously low sum of like $10k, but now | they are asking for a much more reasonable, but still low | $1M. Nothing changed about who they were attacking, they just | slowly realized that they underestimated how much companies | would pay for their "services" by a factor of 100x. That is a | classic mark of a business amateur who has no idea just how | much money is involved in B2B deals. | | But to your underlying question, yeah, it is probably | ransomware. | | [1] https://en.wikipedia.org/wiki/Sony_Pictures_hack | ChuckMcM wrote: | FWIW, I'm not saying it _couldn 't_ have some other | motivation, I am saying that it is _unlikely._ | | And now Bloomberg is reporting it was a ransomware attack -- | _" It's unclear exactly how many plants globally have been | affected by the ransomware attack as Sao Paulo-based JBS has | yet to release those details."_ | pcthrowaway wrote: | The most obvious one to me, especially affecting a meat | producer, is activism. Disrupting supply chains for meat | production could very well drive demand for plant-based | alternatives, and if it becomes a cost of doing business, | perhaps it would balance out massive subsidies which keep | meat prices competitive with prices for plant-based meats. | ndespres wrote: | In terms of things that are not specifically targeted: | | I still see things attacks on open SMTP ports to relay spam | email, installing crypto mining software on PCs and servers, | scanning for insecure VoIP phone systems and racking up long- | distance phone bills.. | | The ransomware attacks makes a lot of headlines I think | because it's somewhat easy to sensationalize without a lot of | explanation of boring IT stuff, but there are still plenty of | other things happening regularly to compromise insecure | systems. | ChuckMcM wrote: | Sure, but those don't typically warrant telling anyone | right? I mean "our email server just sent a zillion spam | messages, we're working on it." would largely go under the | radar I suspect. | whatshisface wrote: | The big difference is that ransomware is a strike | directly against the people who got hacked, while turning | servers into bot farms at worst costs them a little | electricity. The victims of DDosSes, for example, aren't | usually the ones whose compromised systems are running | the DDoS. | milkytron wrote: | Yes. | | > A CNN White House correspondent reported on Tuesday afternoon | that JBS told the Biden administration it had received a ransom | request from a criminal organization "likely based in Russia." | skindoe wrote: | And we computer scientists believe political vague statements | with no evidence behind them why? It's not like there are | dozens of cases of "intelligence" being wrong in the past 15 | years... | haspoken wrote: | http://archive.is/52YQq | coliveira wrote: | Hackers are laughing at the idea of concentrating large amounts | of the economy at a single company. The whole internet will be | coming to a halt once this can replicated on at least one of the | big web companies. | adictator wrote: | Beautiful! | davidw wrote: | This seems like too much consolidation: | | > The U.S. meat industry is so consolidated that with JBS | basically offline due to a cyberattack, the USDA can't publish | wholesale price data without potentially revealing proprietary | information about JBS's competitors | | From https://twitter.com/sjcasey/status/1399822226313076737 | cupcake-unicorn wrote: | Good, I hope this encourages people to support plant based | alternatives and "vat meat" type stuff. The meat industry is | awful for two major disaster scenarios facing humanity: global | warming and antibiotic resistance. Meat isn't "critical | infrastructure", it's a luxury with health risks akin to other | luxury products that are taxed, and is propped up and subsidized | already in order to survive. This is not even beginning to talk | about the ethics of this situation. People like Noam Chomsky etc | have been behind this: | https://www.nationalobserver.com/2019/02/12/features/noam-ch... | | No one would be particularly choked up if this affected the | cigarette industry or the alcohol industry. | hourislate wrote: | Yeah, we should also take a stand against all the plants and | fruits we are farming. It is incredibly bad for the environment | (ex: pesticides, water usage,slave labor practices, etc). The | whole food sector is a major producer of Green house gasses and | farming whether livestock or grains, etc is extremely bad for | the environment. Lets save the planet and stop eatin. | 1cvmask wrote: | Although not a cyberattack it reminds me of the massive supply | disruption and culling that occurred in the UK because of the mad | cow disease. | | There is still no clue as to why these disruptions happened but | the educated guess mentioned in the article is ransomware. The | one that is almost always forgotten is how they they escalated | privileges through compromised passwords because most of these | organizations don't use multi factor authentication everywhere. | | https://en.wikipedia.org/wiki/Bovine_spongiform_encephalopat... | polskibus wrote: | Ransomware attacks were made more feasible (the ransom part) | thanks to cryptocurrencies commoditizing low traceability for | criminals. I'm pretty sure we're going to see more and more of | them, especially with all "digital transformation" going on. | goatinaboat wrote: | _Although not a cyberattack it reminds me of the massive supply | disruption and culling that occurred in the UK because of the | mad cow disease_ | | Still a form of information warfare attack, perpetuated by none | other than Neil Ferguson, operating in plain sight. If he was a | hacker he would be in prison but he does incalculable damage | again and again and gets away Scot free every time! ___________________________________________________________________ (page generated 2021-06-01 23:01 UTC)