Is the UK in danger from Russia?

[hereforalongtimenotagoodtime]

Keep receiving conflicting information. I am sick to my stomach and quite simply hate the unknown. So a simple question - is it likely that the UK will be in danger from Russia? And if so what does that look like? Cyber attacks, bombs being dropped?

I feel we are wasting our time on that one. She has said she doesn't want to learn, just help those who do.

I'd question whether they are posting in good faith, personally. Dismissing the hugely disruptive Wannacry attack as a "two day annoyance"

@JimmyDurham Just because you disagree with somebody's opinion, that does not give you the right to declare it as "rubbish"

I think the Irish health service (HSE) would argue that Russian cyber attacks are extremely damaging, and dangerous for patients. People had life saving treatments cancelled/postponed and the after effects lasted for months.

These things would be annoying but it is not a catastrophe for a shop to need to accept cash only for a day or two until systems are back (which they quickly would be).

They wouldn't be back quickly. They really wouldn't. Log4j was a level 10 critical vulnerability found in December last year. That is the highest level of vulnerability seen and - fortunately - was not being very actively targetted (it was relatively unknown). We're at the end of February and there are still many technologies that have not properly 'closed the loophole' on it. Because even fixing something when you know what the weakness is, when you have all your normal reosurces to hand and what you are not under attack is STILL taking this long.

This stuff is complex and, having worked in the industry now for 20 years, I can promise that a proper attack will not be resolved in days.

Probably @RedToothBrush but it is kinda impossible for one human to know about everything there is to know. We've jumped from the medical implications of Covid and lockdowns, to BLM and racism and critical race theory, to the social / moral implications of covid mandates and human rights, to a war with Russia that has history before many of us were born and all the potential of that in the space of two years. All while many people are trying to deal with juggling working, keeping themselves safe and sane, school closures and isolation periods etc. With economic uncertainty, energy price rises, and climate change around the corner too.

Also, even if it were possible to keep up, some people just don't want to think about it. And there can be valid mental health reasons for that too.

There's examples all over MN (and even on this thread) of people who should have probably stepped away from certain problems the country / world has because it's doing them more harm than good. Especially when Joe and Josephine Bloggs on the street just aren't going to make much of a difference even if they DID spend hours every day researching and trying to keep up with it all.

@Ereshkigalangcleg

I feel we are wasting our time on that one. She has said she doesn't want to learn, just help those who do.

I'd question whether they are posting in good faith, personally. Dismissing the hugely disruptive Wannacry attack as a "two day annoyance"

Yes but it's these kind of people that let the hackers in unfortunately. Because they won't listen. Clicking on links in emails that they don't know who it's from is such an easy way for them to get in. But try telling them not to click on every link in emails that come in.

As someone else said, it's basically just good luck that we haven't been compromised yet. The amount of shove back I've had in my job from other it professionals is bad, and they should know better.

I think really though, if Russia is going to do this to us, they are in already and sitting in the code quietly, waiting. Breaking in takes months, it's not something they can easily accomplish next week unless they are already in. They've been planning this for months, let's not assume they don't already have back doors.

Two of parts of his threat jumped out at me - the measures of which have never been seen before…which we’re all speculating about, but the key to that, for me was his use of ‘immediately’. That for me is the worrying bit.

Cyber? Huge bombs that aren’t nuclear - they exist? Bio weapons? He’s seen how the west bumbled through Covid? I suspect Cyber, and I suspect they’re far ahead of what we can imagine. Unlike us they’ve quietly progressed their military capabilities, instead of slashing and burning to make sure rich shareholders don’t have to pay towards public services.

Yep, for years they have been sniffing, sniffing, sniffing.

I imagine all that sniffing has uncovered vulnerabilities they have not released or exploited yet. Whilst the Log4j vulnerability I talked about was not very actively/effectively targeted, even that still saw state-level activity from Russia (among other places). It is entirely possible (likely) that the activity was not designed to take advantage of that vulnerability at that time, but to increase knowledge and arsenal for a future cyber attack.

Some posts on this thread really do give credence to the axiom that ignorance is bliss.

If one has little understanding of a concerning issue one cannot be troubled by it.

Over 20 years ago I was in a very large B&Q when their till systems and payment machines went down. The chaos that ensued was unbelievable - there were 3 or four staff members at every till, writing down bar codes for manual input later, furiously using calculators, advising on nearest cash points etc etc. That was a tiny internal systems failure...... multiply that exponentially in the context of our far more digital society, and that's just "straightforward" commerce....

We are almost complete dependent on technology for all aspects of our lives, going back to bartering and carrier pigeons is not really an option......

@EpicMugs

Yep, for years they have been sniffing, sniffing, sniffing.

I imagine all that sniffing has uncovered vulnerabilities they have not released or exploited yet. Whilst the Log4j vulnerability I talked about was not very actively/effectively targeted, even that still saw state-level activity from Russia (among other places). It is entirely possible (likely) that the activity was not designed to take advantage of that vulnerability at that time, but to increase knowledge and arsenal for a future cyber attack.

They have been definitely. I used to work for a company that got daily hits from Russia and China. This is not new to them at all and god knows how far they got into it.

As @Bunnyfuller said, his use of the word immediately is the worrying part. Nuclear is obvious what will happen. If its cyber then they are already in our infrastructure waiting for the go ahead. You can't pull that off immediately otherwise.

Either way we're fucked as a society. No matter what action they take. And I doubt (although I don't know for certain) that we are in their infrastructure like that.

What harm would a cyber attack really do though? A day or two of systems down..it would just be an annoyance

Yep, so annoying to have our water supply contaminated, planes grounded, patients life support switched off, transport infrastructure fucked, bank accounts emptied/frozen, shops unable to open, supply chains fucked, energy supplies disrupted etc for as long as those who had control fancied.

I'm not sure you understand what 'systems down can really mean.

@Applesonthelawn

Western countries off cyber attacks from Russia and China every day even before Ukraine. It is nothing new for countries to successfully fend off those attacks.

Our ability to fend off these attacks isn't what it should be. The public sector (that includes GCHQ) doesn't pay the going rate for the best at this.

The specialist skills are very much the preserve of the private sector and contractors in the UK.

Both are struggling to recruit enough people with good enough specialist skills at junior roles. For senior roles, its actually quite frightening.

If we had several major cyber attacks at the same time, we simply don't have enough people to deal with it quickly. We have far too many weak points in our infrastructure because of poor skills and practice.

We are not nearly enough scared by this nor anywhere near at a level where we have adequate protection.

Think about stuff like DeepFakes and how they could be employed too in a war scenario.
hacked.com/what-are-deepfakes-and-why-are-they-dangerous/

Many people have expressed fears over nukes. Why do that? Nukes have side effects that can literally blow back in your face.

If you want to cripple someones ability to resist and fight you, in the past you would do a blitz bombing hoping to take out their resources, manufacturing and infrastructure. Now you can do that remotely. Its much less messy for your domestic policy because you dont tend to have leaked images of body bags upsetting your citizens.

We should be almost as scared of military level cyber attacks as we are of nukes imo.

We are talking about the potential to have a complete breakdown of just about any service, manufacturing or distribution organisation.

You don't have to target government institutions either. Take out Tescos stock system for a day or two. How do they know what goes on what lorry, where it goes, how many they need to order etc etc?

This is stuff that certainly wont have military level defence.

@MistressoftheDarkSide you're correct. To me it's not even the direct effects (which I admit I wasn't AS clued up on as I could have been but thanks to PPs have learned they are clearly destructive enough). Even without knowing that, it was obvious the sheer chaos would be enough to damage us beyond comprehension.

How many people are waiting for their child benefit to clear on a Monday before buying milk and bread for the week?

I don't even carry cash. Made worse by the fact places stopped accepting it during covid. I'd be raiding the kids piggy banks for their birthday money, sad as that sounds.

I will however take a couple hundred out and stash it under the mattress just so I can kid myself into thinking I'm prepared. But really, it's not going to make much difference if communication is down and people are looting etc.

In all honesty - I've worked with a major supermarket and I now work with critical government systems.

I think the supermarket took security far more seriously and was far more diligent. It's not just the paying rate issue (though there is that), it's that government agencies suffer especially from (some) people joining and staying forever, being promoted through internal politics than skill. Their thinking is 10-20 years behind where the world is.

A bit like the saying that the army is always fighting the last war. Not this one. Government agencies are always responding the last attack - not looking for the next one.

Also, even if it were possible to keep up, some people just don't want to think about it.

I think the first part is irrelevant. You don't need to keep up. You just need to be capable of googling 'what are the risks of a cyberattack' or similar.

I do agree with the second part massively. Its people who don't want to find out and use google to mitigate their lack of knowledge thats the problem.

However I had hoped that everyone would have at least grasped that things that happened in China, affected what they saw on their shelves here though. Everyone got it when they couldnt find bog roll or pasta or when they queued for petrol.

This maybe a stupid question, but does the U.K. have the capacity to cyber attack back? Otherwise how would we retaliate, in a conflict situation?

Also, even if it were possible to keep up, some people just don't want to think about it.

Surprising which threads they choose to post on, then.

@Ereshkigalangcleg

This maybe a stupid question, but does the U.K. have the capacity to cyber attack back? Otherwise how would we retaliate, in a conflict situation?

I don't think so. But maybe gchq does more on that than we are aware of.

@EpicMugs

In all honesty - I've worked with a major supermarket and I now work with critical government systems.

I think the supermarket took security far more seriously and was far more diligent. It's not just the paying rate issue (though there is that), it's that government agencies suffer especially from (some) people joining and staying forever, being promoted through internal politics than skill. Their thinking is 10-20 years behind where the world is.

A bit like the saying that the army is always fighting the last war. Not this one. Government agencies are always responding the last attack - not looking for the next one.

God don't get me started on overpromoted managers not understanding tech and instead playing politics. The culture of jobs for life and skill degradation in IT in the public sector is a real issue.

It puts off those who do have the skills, even if the money didn't.

The whole sector is an utter shit show.

The nuclear threat is part of the psychology if modern warfare, and we have been primed for it for years.

Propaganda has the potential of such sophisticated levels due to technological advances we could potentially never know the truth about anything. Lack of trust in corrupt and allegedly bumbling governments adds to the mix.

I've said it before - the collapse of civilisation as we currently know it is most likely to be from collective nervous breakdown than nuclear annihilation. This situation could trigger civil unrest in any country if infrastructure collapses and also civil opposition to government.

It's very difficult behave faith or optimism for any sort of sensible resolution any time soon.

@Ereshkigalangcleg

This maybe a stupid question, but does the U.K. have the capacity to cyber attack back? Otherwise how would we retaliate, in a conflict situation?

Yes. But whether we have enough is a point of national security.

My own guess would be, we are way behind where Russia, China and maybe even Iran are on this. We have not given it the focus or money, though that is changing.

Like we haven't with food and energy security.

The US, on the other hand is likely to be much further ahead. And may help.

@Usou

The chances of the UK coming under attack from Russia while not negligible are quite remote for a variety of reasons.

Although Vlad is acting the hard man, Russia's capacity to wage war on multiple fronts would be limited. Western Europe would be a different proposition. Any attacking forces would have to get past multiple hostile NATO powers before they reach us. We can also fight back. Russia does have the nuclear option, but so does NATO, and Russia would suffer terribly in a reprisal (MAD). They also have limited manpower.

A serious escalation cannot be discounted, but the greater likelihood is for a limited, if incredibly unfair, regional conflict.

The reality is that Vlad would never have attacked Ukraine if he didn't have a good chance of winning, however this will damage Russia's International standing for a long time.

This is worth repeating as @Usou is speaking a lot of sense, unlike some of the other posts on this thread.

Fucking hell I hope no one feeling anxious about this clicked on to the thread in the hopes of rational perspectives. Some posts are shit ya pants scary, and deliberately so.

@Ereshkigalangcleg

This maybe a stupid question, but does the U.K. have the capacity to cyber attack back? Otherwise how would we retaliate, in a conflict situation?

Yes we probably do. But we are likely to have to withstand and deal with a 'preemptive strike' first.

I would be highly surprised if denable low level black ops weren't already in progress. As others have pointed out Russia and China have likely planted 'cyberbombs' in our system in case they ever need to activate them.

Israel certainly has developed and actively admitted using this type of technology and is a NATO member. Its inconceivable the US dont have it, and given we tend to be world leaders in this area, we are unlikely not to have it.

GCHQ will have this in its arsenal I'm sure.

Its the defence thats the problem. We know that Russia and China have much bigger operations than we do and perhaps arent as societies so dependant on the technology in the first place.