TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

50% Positive

Analyzed from 1439 words in the discussion.

Trending Topics

#ubuntu#iran#canonical#down#com#why#dod#attack#target#maybe

Discussion (53 Comments)Read Original on HackerNews

Lambdanautabout 2 hours ago
Does anyone know why Ubuntu would be targeted by pro-Iranian activists? I'm perplexed by the connection.
culiabout 1 hour ago
Canonical partners with organizations like the U.S. Air Force (USAF) and Platform One to provide secure software and AI/ML capabilities. They have an entire DOD team.
leereevesabout 1 hour ago
I can't find much info about that (especially with their website down). Is Canonical's work with the DOD more like Raytheon or Pizza Hut?

Raytheon: providing products specifically for the DOD

Pizza Hut: selling their usual product to the DOD

everdriveabout 2 hours ago
Almost certainly a target of opportunity. The UK has really made a point of staying out of this fight, but is also seen as a close ally of the US. Perhaps the calculus is:

- Iran was able to attack Ubuntu.com

- Iran sees it in its interests to stress the UK / US relationship (albeit in a small way)

ifwinterco2 minutes ago
UK has been trying to thread the needle of staying out of what is obviously a complete cluster** of a war while also not annoying the US too much, but US bombers are taking off from air force bases in the UK to bomb Iran all the time.

Because of that and the general ingrained hostility of the permanent UK security state to Iran, they view us as a legitimate target albeit not a particularly important one because we’re just not that powerful anymore

geerlingguyabout 1 hour ago
Why would Ubuntu problems cause stress in the US/UK relationship?
CamouflagedKiwiabout 1 hour ago
I suppose the idea was that Canonical is a UK-based company and they're being threatened by the US's enemy.

Having said that, I really can't believe that either Trump or Starmer will give a shit about this, especially given the recent friction in that relationship.

Bender44 minutes ago
Are we/they even sure it is really middle eastern entities and not some group pretending to be one to extort / push / coerce Ubuntu onto a CDN? Perhaps if they published some of the attack packets we could analyze it ourselves and maybe even suggest unorthodox yet simple mitigating controls.

Are all of the package repository mirrors being attacked as well?

[Edit] These [1] seem to be responding to me though I can not reach the one in Iran. Maybe they have a mirror of the static portions of there website somewhere in that massive rsync export.

    # example:
    # TIME="%E" time rsync -avh us.archive.ubuntu.com::ubuntu/ | wc -l
    1m 11.01s
    1701296

    # across the pond
    # TIME="%E" time rsync -avh uk.archive.ubuntu.com::ubuntu/ | wc -l
    1m 28.55s
    1701296
Just need to tell people to update their Ubuntu installations manually rather than relying upon the CVE API. I would just ignore the attackers, they will eventually wander off.

[1] - https://gist.github.com/nathan-osman/bdf4fc0f9174fdc293cf5eb...

b00ty4breakfastabout 2 hours ago
It's a well(ish) known org with well known product, and they seem to have been vulnerable. If they had attacked a deli in Newark, would we be having this conversation?
culiabout 1 hour ago
Canonical literally has a DOD team. They are a military contractor
input_sh41 minutes ago
An actual answer because all you've received so far is complete nonsense: because they want press attention as they're using these attacks to advertise their DDoS-as-a-Service tool. Literally every single statement they release (on Telegram) includes text saying that their attacks are "100% powered by $websiteEndingWithDotSu".

They also attacked the likes of Vrbo, Expedia and eBay, but they get more press by targeting Mastodon, Bluesky, Ubuntu and the likes, so they go after those now. People are desperately trying to somehow tie those victims to some ideological nonsense, but it's just advertising.

DetroitThrowabout 1 hour ago
They work with US military.
at-fates-handsabout 2 hours ago
Canonical is a UK company, so its a symbolic attack against a Western agent. Ubuntu is used by a lot of tech companies so they knew this attack would get a lot of visibility in the tech community. I'm assuming they think this will garner support from the tech community as well.
shaftoeabout 2 hours ago
Exactly as described in "how to win friends and influence people". Break their stuff and extort money.
thewebguydabout 1 hour ago
> I'm assuming they think this will garner support from the tech community as well.

I don't understand their thinking if this is the case. DDoSing widely used project is going to turn people against you, not generate support.

Gualdrapoabout 2 hours ago
Still it feels quite odd that from all western tech companies (and several more influential than Canonical) they chose precisely one that is highly involved with open source
culiabout 1 hour ago
All these comments saying it's just a salient target are making it up. Canonical is a military contractor. They literally have an entire DoD team. That's why they're being targeted. They're far from the only military contractor to be targeted by Iranian hackers this year
alephnerdabout 2 hours ago
Welcome to war. This was why the Qatar attack was so destabilizing.

Iran's position is that any organization that is in any shape or form aligned with the US and West is a target.

And being an anti-war westerner won't help you. People are forgetting that the Iranian government detests Israel and the entirety of the West.

The core principals of the revolution which is the IRGC's entire ideological basis is reversing westoxification (Gharbzadegi) and returning to the norms of the Imam Husayn (Velayat-e Faghih).

theultdevabout 2 hours ago
Terrorists will generally target anything of opportunity.

It was also perplexing when Iran was shooting missiles at their allies, until you realize they aren't rational humans.

AlecSchuelerabout 1 hour ago
> they aren't rational humans.

Would you be able to point to any rational humans?

_DeadFred_about 1 hour ago
Maybe ones who don't follow supreme religious leaders that called for the gunning down of 3000 men, women, and children in the streets. And then approve beatings/the murder of doctors that treated them.

Imagine that being your moral leadership. And 3000 is the official Iranian number. Some claim as high as 30,000. Those religious leaders are calling for more murder/death in todays Friday prayers. I don't know how anyone who calls for (or especially signs off on in a religious theocracy) murder can be called spiritual leaders or anyone could follow their 'teachings' .

swat535about 1 hour ago
Which allies are you talking about? Gulf nations with US bases actively being used to kill their children?
sophrosyne42about 1 hour ago
You say "actively" as if it wasn'y a one-off event... maybe because Iran is forcing children to sit at IRGC checkpoints or other military targets?

None of the gulf countries allowed offensive US strikes to occur from their territory. Its all used to defend against attacks from Iran trying to kill Gulf country children.

CamperBob2about 1 hour ago
I'm not sure dismissing the people who invented the term "checkmate" as a bunch of irrational terrorists really works. They stared down Saddam Hussein, so how hard can it be to stare down Donald Trump?

Bombing Iran is like nuking an asteroid. Now, instead of one giant asteroid on a collision course with Earth, there are a half-dozen medium-sized radioactive asteroids on a collision course with Earth.

anotherviewhereabout 2 hours ago
You should have seen so many lies about Iran by now to justify the neocolonial war against them: so why do you assume every time some newly reported "fact" about them to be true? Rather, you should assume the opposite.
throwuxiytayqabout 2 hours ago
There is such a thing as being too open-minded to form an accurate perception of reality.
b00ty4breakfastabout 2 hours ago
I think the saying is "so open-minded your brain fell out"
Havocabout 1 hour ago
Sounds like they're picking on easy targets rather than relevant ones. Lame.
Animatsabout 1 hour ago
Ubuntu.com seems to be fine right now. A bit slow, maybe. Ubuntu 26.04.LTS is out.
overtone1000about 2 hours ago
313 Team runs arch btw
kps39 minutes ago
I'd have guessed Mint.
ChrisArchitectabout 1 hour ago
Related:

Canonical/Ubuntu have been under DDoS for more than 15h

https://news.ycombinator.com/item?id=47972213

nubinetworkabout 1 hour ago
That says resolved, but I had a hell of a time trying to run apt update still...
54lasgfabout 2 hours ago
This is really a weird target, as the article notes. Bluesky and Mastodon (?!) also had alleged attacks.

The companies that fund Trump's ballroom might like these targets.

gpmabout 2 hours ago
Bluesky and mastodon both strike me as easy targets, they expose protocol level integration points that are probably reasonably expensive to serve and reasonably difficult to detect malicious actors on and/or throttle without significantly degrading the service.

I could see low budget attackers deciding that they were the most (not very much) bang for the (also not very much) buck that they could get...

Ubuntu.com doesn't fit that narrative though. I would have thought canonical would have the servers and skill to weather quite a large attack (on the other hand it did go down...)

SeanAndersonabout 2 hours ago
... but https://ubuntu.com/ is up?
ramon156about 2 hours ago
Been down most of the day for me, as well as a bunch of related domains. Canonical's status page has them linked
CamouflagedKiwiabout 2 hours ago
Not for me, I'm not getting any response from it.
z500about 2 hours ago
Loads for me, but not particularly quickly
suresteabout 2 hours ago
It's loading, but very slowly.
dotancohenabout 1 hour ago
That's just because everybody is checking if it is down.

I bet a fair number of websites would collapse under the curiosity load if it were published in major news outlets they they were down. When was the last time you went to nissan.com? But you'd probably go check if you heard it was down.

SoftTalkerabout 2 hours ago
Not loading for me right now.
_DeadFred_about 2 hours ago
dead here
CivBaseabout 2 hours ago
> Why the group is targeting London-based Canonical remains unclear and no reason was given via its Telegram channel. It is presumably because Ubuntu is one of the most popular Linux distros.

Okay... so? I do not understand the connection between Linux and the US/Israel. You'd think Iran would be very pro-Linux since Windows is a very obvious liability for them.

Is there any reason to believe this attack even has anything to do with Iran? They could simply want money and they just happen to also be pro-Iran.

tempaccount5050about 2 hours ago
Maybe they're still mad about systemd.
loloquwowndueo40 minutes ago
Systemd was NOT Canonical’s “fault”. They pushed upstart until Debian chose systemd, at that point it made no sense to resist assimilation like all other distros.
culiabout 1 hour ago
It's not Linux, it's Ubuntu. Which is developed by Canonical. Which is a military contractor that has a permanent DoD team and works with the USAF. Which is bombing their country.
alephnerdabout 2 hours ago
> I do not understand the connection between Linux and the US/Israel. You'd think Iran would be very pro-Linux since Windows is a very obvious liability for them

Canonical is a British company and the employees are westerners. That makes them targets in the eyes of Iran.

People are forgetting that the Iranian government detests Israel and the entirety of the West. The core principal of the revolution is reversing westoxification (Gharbzadegi) and returning to the norms of the Imam Husayn (Velayat-e Faghih). That's the whole crux of the Islamic Revolution and why the Islamic Revolutionary Guard Corp (IRGC) exists.

Open source and anti-war westerners are viewed opportunistically but with disdain.

jcgrilloabout 2 hours ago
just now:

  $ snap refresh
  error: unable to contact snap store
wing-_-nutsabout 1 hour ago
Tangent, but I hate snap with the fury of a thousand suns. That single handedly pushed me to pop, then mint.