Globaali Cybersota


Supreme Leader
BBC video linkin alla, mutta pidän tätä esimerkkinä laajenevasta cybersodasta. En tiedä miten käsitellä tätä kokonaisuutta vaimon kuoleman takia, joten tarvitsen tiedän apuja ymmärtämään tätä.

A Norwegian aluminium producer is recovering after hackers took 22,000 computers offline at 170 different sites around the world.
Norsk Hydro refused to cave in to the cyber-criminal's demands for money and have spent £45m trying to restore their business to full strength.
The attack comes as evidence grows that hackers are getting paid off in secret by large organisations who want an easy way out.
Cyber-security reporter Joe Tidy reports.

Aiheen alla siis keskustelua globaalista cybersodasta
Kathy Hutson, the senior strategist for industry and academic engagement at the NSA, said the Codebreaker Challenge has become one of the best ways to attract the next generation of talent to the federal government... NSA launched the Codebreaker Challenge in 2013 as a way to further connect with students and professors, who are focused on technology and cyber issues. Over the last six years, the annual initiative has become a much-anticipated challenge with professors making it a part of their classes and students testing their mettle against NSA's cyber experts...

The initiative provides students, professors and anyone else who is interested "with a hands-on opportunity to develop their reverse-engineering /low-level code analysis skills while working on a realistic problem set centered around the NSA's mission," said Eric Bryant, a technical director in the crypto analysis organization at the NSA. The 2018 challenge focused on ransomware and blockchain, requiring participants to solve eight separate, but related challenges... Bryant said a group of NSA cyber experts develop the challenge each year on top of their regular duties. He said they try to focus on areas that are either up-and-coming or current cyber threats and attack vectors. For the 2019 Codebreaker Challenge, Bryant said it likely will focus on mobile security threats, probably using an Android operating system...

Bryant said he reaches out to all of the students who solve the challenge and NSA sends them letters of recognition and a memento for participating. "We reach out to these students to figure out what year they are in, how could they come here to do internships or hire them full-time, so we are definitely on that from a hiring and recruitment perspective," Hutson said.
The NSA keeps a leaderboard ranking the participating colleges. (Last year Oregon State had over 100 students participating.)
With tensions between the US and Iran on the rise following the downing of a US military drone last week, the director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency is warning that Iran is elevating its efforts to do damage to US interests through destructive malware attacks on industrial and government networks.

In a statement issued on Saturday, June 22, CISA Director Christopher C. Krebs said:

CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. Iranian regime actors and proxies are increasingly using destructive "wiper" attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.

Krebs urged businesses and agencies to take steps to improve their security hygiene, including implementing multi-factor authentication for user credentials to prevent brute-force attempts to connect to exposed network and cloud applications.

A brief history of Iranian(?) wipers

There have been allegations of Iranian-backed wiper attacks in the past—the most infamous of which is Shamoon, a family of malware that first emerged in an attack against Saudi Aramco in August of 2012.

Shamoon, which in its first outing took down approximately 30,000 workstations, was launched after a state-sponsored wiper attack against Iran in April of that year. It's believed to be connected to the same (US-Israeli) state-sponsored development team that built the Stuxnet malware that attacked Iranian nuclear labs. Tied to the suspected Iranian "threat group" APT33, Shamoon was refreshed for another attack against multiple Saudi targets in December 2016.

Other wiper attacks from Iran have been somewhat less sophisticated. In January of 2014 after Las Vegas Sands Corp. majority owner Sheldon Adelson called for a nuclear attack on Iran, Iranian hacktivists used a Visual Basic-based malware attack to wipe the drives of Sands' computers.

Most other recent Iran-attributed attacks have focused on data theft—including attacks focused on aviation and energy companies. In 2015, a group tied to the Iranian Revolutionary Guard Corps used spear-phishing attacks to compromise computers at the US State Department, stealing data that may have led to the arrest of multiple Iranians holding dual US citizenship. Other attacks attributed to Iran have focused on taking down Web servers at financial institutions.


While President Donald Trump called off a planned military strike last Friday in response to the downing of the drone, the Department of Defense has reportedly gone ahead with cyber attacks against an Iranian intelligence group connected to attacks against oil tankers in the Persian Gulf. Another cyber attack reportedly targeted Iranian missile fire control systems.

It's not clear the form these attacks took. And in a post to Twitter today, Iran's Minister for Information Mohammad Javad Azari Jahromi claimed that the cyber attacks were unsuccessful, Reuters reports.
Early Sunday morning, all of mainland Argentina lost power in an “unprecedented” blackout event that left most of the country’s 44 million citizens in the dark until the evening. The blackout also extended to Uruguay (which is connected to Argentina’s power grid) and limited parts of Chile. Although the exact cause of the blackout is still being investigated, Argentina experienced heavy rains over the weekend, and there is reason to believe that the inclement weather played a starring role in the largest blackout in recent history.

Extreme weather events are a leading cause of blackouts around the world, and the blackout in Argentina is a reminder that our electric grids aren’t ready to handle the increasing intensity of storms resulting from climate change. Although the United States isn’t likely to see a nationwide blackout like the one that hit Argentina, localized blackouts in the United States have increased in both frequency and duration in recent years. This is due in no small part to massive forest fires, snow storms, tornadoes, and hurricanes that cause localized blackouts often affecting tens of thousands of people.

“There is clear evidence that extreme weather events have increased over the past 20 years, and so have the number of outages and the number of customer hours out of service,” says Alison Silverstein, an independent energy consultant and previous advisor to the chairman of the Federal Energy Regulatory Commission. “We need to accept this and do a better job at helping customers and communities survive these growing outages and threats.”

Modern electric grids are designed like a web, which helps isolate blackouts as much as possible. If a high-voltage line between generation stations goes down power can be rerouted through other pathways. But as Silverstein points out, the vast majority of blackouts Americans experience are due to failure in distribution networks, the “last mile” in the electric grid, not failures at generation stations or the transmission lines. While the transmission system is web-like, the distribution system is designed like a tree. This means that if a failure occurs at any one of the nodes in the tree this can disrupt the rest of the local distribution system.

“Extreme weather events are becoming much worse and there are more of them,” Silverstein says. “We need to be planning the distribution system and modifying recovery processes to deal with those things, not just wringing our hands and acting like this is normal. What is ‘normal’ has changed and it’s getting worse.”

The United States got a taste of massive grid failure in 2003, when an overgrown tree in Ohio tripped a transmission line and a software bug failed to alert the utility. This mundane event triggered a series of failures that left 55 million people in the northeast without power for several hours, with some areas waiting days for the lights to go back on. The economic cost of the blackout was estimated to be about $6 billion, and it contributed to the deaths of at least 11 people. In the aftermath, the US government enacted a number of policies designed to prevent blackouts of this magnitude from happening again.

Those reforms have helped make widespread blackouts of the type seen in Argentina exceptionally rare in the United States, says Ross Baldick, a professor of electrical and computer engineering at the University of Texas, Austin. He says resilience against these types of events is also baked into the design of the US grid at the transmission and generation layer. For example, the operators of modern grids adhere to an “N-1” standard, which means that the system operates normally following an outage of a single generation station or transmission line (the ‘N’) by routing around the crippled entity.

Even in the event of multiple transmission failures, grid operators can perform controlled shutdowns of the grid to prevent further damage from overloaded transmission lines and confine the extent of the outage. Furthermore, the US grid is divided into three major regional grids—the Eastern, Western, and Texas interconnections. If one of the regional grids was knocked offline, Baldick says the other two grids would have enough capacity to keep functioning.

In other words, the only way the entire US grid or even an entire interconnection is going down is through cyberwarfare, a coordinated attack on key infrastructure points, or via the Trump administration’s favorite energy bogeyman, electromagnetic pulses. Each of these scenarios is relatively unlikely to occur. The US ramped up cybersecurity for its energy infrastructure after it became clear it was being targeted by foreign hackers, physical security at key transmission sites and generating stations has been bolstered post-2003, and the grid can probably survive an EMP just fine.

This means that the key to energy security in the United States is less about the bulk power system and more about hardening the grid at the level of local distribution. Silverstein says that many electric customers, utilities, and policy makers are already taking steps to make the distribution system more resilient, like operating microgrids or having onsite energy generation and storage. But there’s still more to be done. Planning distribution networks to incorporate more smart microgrids and switches between local networks will make it easier to survive a blackout and restore power; building energy efficient buildings will reduce strain on the grid; moving equipment out of current and future flood zones will decrease blackout times; or simply building tougher electric poles can all contribute to decreasing outages in the future.

So while America may not face a threat of large-scale blackout anytime soon, there is little doubt Americans will see increasing localized blackouts in the future. The time to start planning for this eventuality is now, before the lights go out.
The US has responded to a recent rise in Iranian cyber-activity and the shooting of an unarmed drone last week by launching cyber-attacks against Iran's military IT systems.

The cyber-attacks were carried out by US Cyber Command with the direct approval of US President Donald Trump, the Associated Press reported on Sunday, citing two inside sources, and confirming the report through a third Pentagon official.

US Cyber Command targeted the Iran military's computer systems used to control some of the country's rocket and missile launchers.

The systems are managed by Iran's Islamic Revolutionary Guard Corps (IRGC), a branch of Iran's Armed Forces, which the US Presidency designated as a terrorist organization last year.

Secondary solution
The AP reported that the US cyber-attacks were the second go-to measure after President Trump backed off from launching a military strike against Iranian military and radar bases last week, on Thursday.

The White House initially planned to strike back against Iran using military kinetic force after Iran used a surface-to-air missile to shot down an expensive US surveillance drone (RQ-4A Global Hawk) last week. The US claimed the drone was in international waters, while Iran claimed it had broken into its air space.

The US cyber-attack was first reported by Yahoo News shortly after President Trump called off the military strike, with the AP revealing the targets of this attack on Sunday.

The cyber-attack also came after news broke that Iranian hackers had increased their efforts in targeting US critical infrastructure following rising political tensions between the two states over the past few months.

Over the weekend, the Department of Homeland Security cyber-security agency (CISA) warned US businesses to take protective measures to protect against the go-to tactics of Iranian hackers, such as the use of data-wiping malware, credential stuffing attacks, password spraying, and spear-phishing.

Last week's cyber-attack aimed at Iran is not the first time that the US' cyber forces have hit the Middle Eastern country. In 2010, the US and Israel deployed the Stuxnet worm against Iranian nuclear facilities and successfully delayed the country's nuclear weapons program by sabotaging uranium enrichment infrastructure.

Hackers infiltrated the networks of at least ten cellular telcos around the world, and remained hidden for years, as part of a long-running tightly targeted surveillance operation, The Register has learned. This espionage campaign is still ongoing, it is claimed.

Cyber-spy hunters at US security firm Cybereason told El Reg on Monday the miscreants responsible for the intrusions were, judging from their malware and skills, either part of the infamous Beijing-backed hacking crew dubbed APT10 – or someone operating just like them, perhaps deliberately so.

Whoever it was, the snoops apparently spent the past two or more years inside ten-plus cellphone networks dotted around the planet. In some cases, we're told, the hackers were able to deploy their own VPN services on the telcos' infrastructure to gain quick, persistent, and direct access to the carriers rather than hop through compromised internal servers and workstations. These VPN services were not detected by the telcos' IT staff.

"It is straight up brazen," Cybereason principal security researcher Amit Serper told El Reg hours earlier. "They figured out there was a lot of lag in using hacked machines, and said: let's install a VPN and get it over with. I don't know if there is even [networking monitoring] coverage of those connections going in and out."

Following a trail of suspicious digital crumbs left in cloud-based systems across South Asia, Kaspersky Lab’s security researchers have uncovered a steganography-based attack carried out by a cyberespionage group called Platinum. The attack targeted government, military, and diplomatic entities in the region.

Platinum was active years ago, but was since believed to have been disarmed. Kaspersky’s cyber-sleuths, however, now suspect that Platinum might have been operating covertly since 2012, through an “elaborate and thoroughly crafted” campaign that allowed it to go undetected for a long time.

The group’s latest campaign harnessed a classic hacking tool known as steganography. “Steganography is the art of concealing a file of any format or communication in another file in order to deceive unwanted people from discovering the existence of [the hidden] initial file or message,” says Somdip Dey, a U.K.-based computer scientist with a special interest in steganography at the University of Essex and the Samsung R&D Institute.
Hackers operating on behalf of the Iranian government have turned destructive, the US Department of Homeland Security has claimed.

A statement issued over the weekend by Cybersecurity and Infrastructure Security Agency (CISA) director Christopher Krebs describes how Tehran-backed miscreants have gone from simply attempting to harvest blueprints, sensitive data, and account credentials from American systems, to actively working to wipe clean Uncle Sam's PCs, servers, and network infrastructure in their wake.

The attackers are, it is claimed, targeting the IT infrastructures of US government agencies and their private-sector contractors. While cyber-raids by Iran are nothing new, the aggressive deleting of data from hard drives and other storage gear is apparently cause for concern.

We're not at all surprised by it. Rather than covertly and silently snooping on Western computers, Iranian hackers are, we're told, just going for broke and making their presence known loud and clear, by trashing file systems, and thus sending a message to the White House.
Pidän mahdollisena globaalia cybersotaa, missä eri valtiolliset toimijat pwnaa (owning) laajoja kokonaisuuksia. Kukaan ei ole pistämässä jarruja, ja viime vuoden aikana tapaukset ovat koventuneet kerta toisensa perään. NSAn työkalujen julkaistamisen jälkeen asiat eivät korjaantuneet. Itseasiassa ne eskaloituivat, ja maailma rupesi näkemään laajamittaisia cyber kiristyksiä, missä toimija spear phissasi madon sisään ja se vain laajeni.

Mietin että mitä tapahtuu jos cyberkonflikti esim Iranin ja Jenkkien välillä laajenee. Mitä jos toiset toimijat liittyvät samaan idean alle? Uskon, että Suomi pystyy hanskaamaan mitä tapahtuu meidän fyysisten rajojen sisällä, mutta miten on muiden maiden laita?

En missään tapauksessa halua herätä päivään missä yhteydet on tukossa, sähköt pätkii ja verkotetut laitteet muodostavat ongelmia. Tiedän että tuo on hypoteettinen skenaario, mutta pidän sitä mahdollisena.

Kysymys onko mahdollista että valtiolliset toimijat liittoutuvat esim jenkkejä taikka five eyes organisaatiota vastaan? Voiko se johtaa fyysiseen konfliktiin?

Once the threat actor mapped the network and obtained credentials, they began to move laterally. They were able to compromise critical assets including production servers and database servers, and they even managed to gain full control of the Domain Controller. The threat actor relied on WMI and PsExec to move laterally and install their tools across multiple assets.

Loppupelissä tämä valtiollinen toimija olisi voinut omia koko maan tietoliikenteen ja päättää kuka pääsee sieltä ulos ja mitä ne tekee. Taikka käyttää systeemiä laajamittaiseen vakoiluun. Tälläiset esimerkit saavat minut ajattelemaan mitä jos ne haluaisivat omia esim koko afrikan itselleen? Taikka muita maita mitkä eivät ole kehittyneet kuin me?
On kyllä mielenkiintoista pohdintaa. Uskon että nyt ainakin lähiaikoina vielä cyberhyökkäykset tulevat yleistymään entisestään sillä ne ovat hyvä keino vaikuttaa ilman että esim annetaan perusteita sotilaalliseen voimankäyttöön. Nyt tämä Jenkit+Israel vastaan Iran+Venäjä+Kiina tulee todennäkoisesti lähiaikoina näyttämään mihin suuntaan lähdetään. Uskoisin että cyberoperaation tulevat yleistymään ja laajenemaan mutta uskoisin kuitenkin että kaikki osapuolet yrittävät vielä välttää eskaloitumista sotilaalliseen konfliktiin.

Mutta mene ja tiedä kun en tässäkään asiantuntija ole, toivotaan että vältytään laajemmalta cybersodalta en usko että siinäkään erityisemmin voittajia olisi.
Mutta mene ja tiedä kun en tässäkään asiantuntija ole, toivotaan että vältytään laajemmalta cybersodalta en usko että siinäkään erityisemmin voittajia olisi.
Valitettavasti itse ennustan että seuraava isompi sota lähtee käyntiin juurikin eri osapuolten käymästä "cybersodasta" joka vain eskaloituu aijottua isommaksi
Valitettavasti itse ennustan että seuraava isompi sota lähtee käyntiin juurikin eri osapuolten käymästä "cybersodasta" joka vain eskaloituu aijottua isommaksi
Joo niin minäkin uskon. Vaikka osapuolet yrittäisivätkin välttää ns sotilaallista voimankäyttöä mahdollisimman pitkään niin eiköhän se jossain vaiheessa eskaloidu. Tietenkin on myös mahdollista että cybersota pysyy vain cybersotana jos osapuolet tulevat siihen tulokseen että sotilaallinen konflikti olisi molempien liian haitallinen kummallekkin mutten tätä pidä kuitenkaan erityisen todennäköisenä.

Onhan siitä jo vähän aikaa isommasta sodasta. Äkkiä se ihminen unohtaa
A new report from the threat research firm Recorded Future finds that activity from APT33—the Iranian "threat group" previously tied to the Shamoon wiper attack and other Iranian cyber-espionage and destructive malware attacks—has risen dramatically, with the organization creating over 1,200 domains for use in controlling and spreading malware. The research, conducted by Recorded Future's Insikt Group threat intelligence service, found with some confidence that individuals tied to APT33 (also known as "Elfin") had launched attacks on multiple Saudi companies, including two healthcare organizations—as well as an Indian media company and a "delegation from a diplomatic institution."

The majority of these attacks have involved "commodity" malware—well-known remote access tools (RATs). According to the report:
APT33, or a closely aligned threat actor, continues to control C2 domains in bulk. Over 1,200 domains have been in use since March 28, 2019, alone. Seven hundred twenty-eight of these were identified communicating with infected hosts. Five hundred seventy-five of the 728 domains were observed communicating with hosts infected by one of 19 mostly publicly available RATs. Almost 60% of the suspected APT33 domains that were classified to malware families related to njRAT infections, a RAT not previously associated with APT33 activity. Other commodity RAT malware families, such as AdwindRAT and RevengeRAT, were also linked to suspected APT33 domain activity.
After Symantec revealed much of the infrastructure used by APT33 in March, the Iranian group parked a majority of its existing domains and registered over 1,200 new ones, with only a few remaining active. In addition to the collection of RATs, about a quarter of the domains are tied to unknown activity—and a half-percent are connected to StoneDrill, the upgraded Shamoon wiper first seen in 2017.

Can’t tell the players without a scorecard

The use of publicly available malware is a common part of APT33's operations, as is the operation of massive command and control infrastructures. Much of Iran's cyber-operations are apparently contracted out through a hierarchy that is managed by the Nasr Institute, Iran's state organization overseeing computing and networking. The institute acts on behalf of the Iranian Government and Iranian Revolutionary Guard Corps.

According to the Insikt Group research, operations are divided into compartmentalized operations across about 50 different contracted organizations. As a result, there's some overlap between APT33's activities and other Iranian state-sponsored threat groups. These organizations "conducted activities such as vulnerability research, exploit development, reconnaissance, and the conducting of network intrusions or attacks," according to data from an Iniskit Group source, and "each of these discrete components, in developing an offensive cyber capability, were purposefully assigned to different contracting groups to protect the integrity of overarching operations," the researchers reported.

One of these contractors, the research determined, is the Kavosh Security Center, an information security organization tied to the "Muddywater" threat group responsible for espionage against a Turkish military supplier.

The use of commodity malware makes many of these operations technically indistinguishable from criminal activity aside from infrastructure—and intent. Many of the attacks are based on phishing, brute-force attacks such as "credential stuffing" and other common criminal tactics.

"Organizations in industries that have been historically targeted by APT33"—such as aviation, military, and energy companies—"should be increasing the scrutiny of operational security controls focusing on detection and remediation of initial unauthorized access, specifically from phishing campaigns, webshells, and third-party (vendor and supplier) relationships," the Iniskit researchers noted. That statement matches up with the warnings issued recently by the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA).
Washington DC has been hit with yet another discouraging assessment of the Uncle Sam's IT management and security practices.

The bi-annual grading of federal organizations [PDF] was released this week, and, by and large, they show America's government bureaucrats have a lot of work to do when it comes to securing, updating, and managing their networks and data.

The grades were presented following a probe by the House Oversight Committee's Subcommittee on Government Operations into the progress of FITARA, known in its long form as the Federal Information Technology Acquisition Reform Act of 2013, which tries to get Uncle Sam's pen pushers to up their IT game.

Two bodies in particular turned in low marks this period. Both NASA and the Department of Homeland Security were handed a D- in their reports. Good thing they don't handle anything important, eh?

Sidebar: for those unfamiliar with America's grading system, marks in high school are traditionally given as letter grades, typically the highest being A+ and the lowest passing mark being a D-, with an F indicating a failing grade.

For Homeland Security, the biggest blunder was not giving its chief information officer (CIO) enough power and scope to get the job done right. The department was given an F for not gradually increasing the CIO's authority, and thus making information security more of a priority, and for its failure to let the CIO position report directly to the head of the department.

On the other hand, Homeland Security did get an A grade in keeping up with software licensing – and its compliance with the Federal Information Security Modernization Act (FISMA) was among the best of the 24 federal bodies tested. FISMA requires officials to comply with existing security industry standards.

Meanwhile, NASA got a failing mark for its transparency and risk management practices, while its FISMA compliance only warranted a D grade. The space boffins were also shamed for their inability to let the CIO reports directly to the agency's head.

However, NASA did manage to earn A grades in portfolio review and software licensing.

While none of the 24 bodies were able to get an overall A on the assessment, all at least passed and seven did receive a B+: the Department of the Environment, the Department of Housing and Urban Development, the Veteran's Administration, the General Services Administration, the National Science Foundation, the Small Business Administration, and the Social Security Administration.

"For the second scorecard in a row, there are no agencies receiving a failing grade," noted committee chairman Rep Gerald Connolly (D-VA). "While there are no A grades on this scorecard, the Department of Labor (B-) and the US Agency for International Development (B-) would have each received an A+ if they had changed their reporting structure to allow for their chief information officers to report to the head or deputy head of the agency."

The report comes as federal government officials find themselves under renewed scrutiny amid reports of heightened attacks from foreign state-sponsored hacking groups such as those in Iran. Earlier this week, a review of ten years' worth of audits of US government bodies concluded that many were neglecting to address even the most basic of cybersecurity requirements. ®

When Glastonbury Festival comes to Worthy Farm, it turns the normally-sleepy patch of Somerset countryside into a temporary city, population circa 200,000. “You’re looking at a city the size of York that all needs to be set up in the space of two or three weeks,” says Tom Bennett, EE’s mobile innovation director.

EE has provided mobile network coverage to Glastonbury for 19 years, which means building the on-site infrastructure each year from scratch to support festival-goers and their growing data demands. No longer are people content to bring along a dumbphone for the week; now they expect full connectivity, not just to make calls and send messages but increasingly to upload images and stream video to social media too.

In 2010, data usage over the Glastonbury network reached 0.11 terabytes. In 2013, the first year of 4G at the festival, it jumped to 12.3, and at the last event in 2017 (2018 was a fallow year) it rose to 54.2 terabytes. The busiest time for data uploads was during the “legends” slot on Sunday afternoon, when Bee Gee Barry Gibb took to the Pyramid Stage. This year, EE predicts that data usage will pass 60 terabytes – with 5G being brought to the festival for the first time to take on some of the load.

The main challenge is not coverage but capacity, given the tight geographic space people are packed into. “We’re looking at Glastonbury being the size of York, but the capacity required is more like central London,” says Bennett. The engineering team sets up six temporary mast sites for the festival, supplemented by one permanent site erected in 2017 (which, Bennett jokes, probably makes the local village one of the best-connected in the country for the other 51 weeks in the year). This year, EE aims to support 5G at three of the sites.

Ihanne paikka imsille, RFID kaappauksille ja muille testeille. Mahdollisesti myös valtiollinen toimija voisi käyttää tilaisuutta trojalaisen levittämiseen ympäri maailmaa. Teoriassa!!
Snailmail on myös toimiva taktiikka.

Staff were evacuated today at Facebook's Silicon Valley headquarters after a package believed to contain the chemical weapon sarin was delivered to the antisocial network.

Buildings were cleared out at the Menlo Park campus after the parcel triggered sarin alarms: it set off equipment designed to inspect all incoming mail for toxins and other nasties.

"At 1100 PDT this morning, a package delivered to one of our mail rooms was deemed suspicious," Facebook said in a statement to The Register.

"We evacuated four buildings and are conducting a thorough investigation in coordination with local authorities. Authorities have not yet identified the substance found. As of now, three of the evacuated buildings have been cleared for repopulation. The safety of our employees is our top priority and we will share additional information when it is available."

While NBC Bay Area initially reported that two people were being observed for possible exposure to the deadly nerve agent, it is now understood that nobody has been harmed.

A false positive result from the machine has not been ruled out.

Firefighters, FBI, cops, and the National Guard are understood to have shown up after the alarm was raised.

Facebook has had no shortage of criticism and controversy in recent months for its handling of a number of incidents, ranging from its ties to Cambridge Analytica to its irresponsible handling of private user images and data, and for its policies regarding hate groups which were criticized by a civil rights lawyer just this past weekend.

But a chemical weapons attack would be something very new for Silicon Valley. Last year three people were shot after a deranged vegan bodybuilder tried to take revenge for being deplatformed but, to date, no-one has tried a chemical attack. Here's hoping it's a false positive and things not having a escalated.

Toivotaan että tässä on kyseessä häiriintynyt yksilö kuin valtiollinen. Laitan tänne koska fyysinen hyökkäys globaalia cyberyhtiötä vastaan on jenkkien lakien mukaan mahdollinen ja FB on yksi isommista cyberalan toimijoista kolmella miljardilla käyttäjällään.