> When BGP traffic is being sent from point A to point B, it can be rerouted through a point C. If you control point C, even for a few hours, you can theoretically collect vast amounts of intelligence that would be very useful for government entities. The CANTV AS8048 being prepended to the AS path 10 times means there the traffic would not prioritize this route through AS8048, perhaps that was the goal?
AS prepending is a relatively common method of traffic engineering to reduce traffic from a peer/provider. Looking at CANTV's (AS8048) announcements from outside that period shows they do this a lot.
Since this was detected as a BGP route leak, it looks like CANTV (AS8048) propagated routes from Telecom Italia Sparkle (AS6762) to GlobeNet Cabos Sumarinos Columbia (AS52320). This could have simply been a misconfiguration.
Nothing nefarious immediately jumps out to me here. I don't see any obvious attempts to hijack routes to Dayco Telecom (AS21980), which was the actual destination. The prepending would have made traffic less likely to transit over CANTV assuming there was any other route available.
The prepending done by CANTV does make it slightly easier to hijack traffic destined to it (though not really to Dayco), but that just appears to be something they just normally do.
This could be CANTV trying to force some users of GlobeNet to transit over them to Dayco I suppose, but leaving the prepending in would be an odd way of going about it. I suppose if you absolutely knew you were the shortest path length, there's no reason to remove the prepending, but a misconfiguration is usually the cause of these things.
What most likely happened, instead of a purposeful attempt to leak routes and MITM traffic, is CANTV had too loose of a routing export policy facing their upstream AS52320 neighbor, and accidentally redistributed the Dayco prefixes that they learned indirectly from Sparkle (AS6762) when the direct Dayco routes became unavailable to them.
This is a pretty common mistake and would explain the leak events that were written about here.
I guess one of the interesting things I learnt off this article(1) was that 7% of DNS query types served by 1.1.1.1 are HTTPS and started wondering what HTTPS query type was as I had only heard of A, MX, AAAA, SPF etc...
Apparently that is part of implementing ECH (Encrypted Client Hello) in TLS 1.3 where the DNS hosts the public key of the server to fully encrypt the server name in a HTTPS request. Since Nginx and other popular web servers don't yet support it, I suspect the 7% of requests are mostly Cloudflare itself.
It’s also how browsers detect a website supports HTTP3. Browsers will request it just to check if they should connect to an https:// URL via HTTP3 (though they generally don’t block on it - they fallback to HTTP1/2 if it takes too long).
> It’s also how browsers detect a website supports HTTP3
It's one way, but a H1/H2 connection can also be promoted to H3 via the alt-svc header. The DNS method is slightly better though since it potentially allows a client to utilize H3 immediately from the first request.
There’s an odd skew in that data which is saying the *third* most popular TLD is ‘.st’ which is… unexpected. The biggest service I can find using that TLD is `play.st` so maybe PlayStation clients are early adopters of DNS-over-HTTPS via 1.1.1.1.
Encrypted DNS has existed for quite a while now through DNS over HTTPS, the missing link was that to connect to a website, you first had to send the server the hostname in plaintext to get the right public key for the site. So someone listening on the wire could not see your DNS requests but would effectively still get the site you connected to anyway.
The new development (encrypted client hello) is you no longer have to send the hostname. So someone listening in the middle would only see you connected to an AWS/etc IP. This will make blocking websites very difficult if they use shared services like cloudflare or cloud VPS hosting.
In principle, it means you could run multiple sites from the same IP and someone intercepting traffic to that IP (but not the client’s DNS path) couldn’t tell what site each connection was to. It mostly makes sense for CDNs, where the same IP will be used for many sites.
If you don’t use a CDN at all, the destination IP leaks what site you’re trying to connect to (if the domain is well known). If you use a CDN without ECH, you send an unencrypted domain name in the HTTPS negotiation so it’s visible there. ECH+CDN is an attempt to have the best of both worlds: your traffic to the site will not advertise what site you’re connecting to, but the IP can still be shared between a variety of sites.
It’ll be interesting to see how countries with lighter censorship schemes adapt - China etc. of course will just block the connection.
HTTPS is the name of a protocol, which is mostly used to make the World Wide Web work, but we do lots of other things with it, such as DNS-over-HTTPS aka DoH.
However HTTPS is also the name of a type of DNS record, this record contains everything you need to best reach the named HTTPS (protocol) server, and this is the type of record your parent didn't previously know about
In the boring case, say, 20 years ago, when you type https://some.name/stuff/hats.html into a web browser your browser goes "Huh, HTTPS to some.name. OK, I will find out the IPv4 address of some.name, and it makes a DNS query asking A? some.name. The DNS server answers with an IPv4 address, and then as the browser connects securely to that IP address, it asks to talk to some.name, and if the remote host can prove it is some.name, the browser says it wants /stuff/hats.html
Notice we have to tell the remote server who we hope they are - and it so happens eavesdroppers can listen in on this. This means Bad Guys can see that you wanted to visit some.name. They can't see that you wanted to read the document about hats, but they might be able to guess that from context, and wouldn't you rather they didn't know more than they need to?
With the HTTPS record, your web browser asks (over secure DNS if you have it) HTTPS? some.name and, maybe it gets a positive answer. If it does, the answer tells it not only where to try to connect, but also it can choose to provide instructions for a cover name to always use, and how to encrypt the real name, this is part of Encrypted Client Hello (or ECH)
Then the web server tells the server that it wants to talk to the cover name and it provides an encrypted version of some.name. Eavesdroppers can't decrypt that, so if many people share the same endpoints then eavesdropper can't tell which site you were visiting.
Now, if the server only contains documents about hats, this doesn't stop the Secret Hat Police from concluding that everybody connecting to that server is a Hat Pervert and needs to go to Hat Jail. But if you're a bulk host then you force such organisations to choose, they can enforce their rules equally for everything (You wanted to read News about Chickens? Too bad, Hat Jail for you) or they can accept that actually they don't know what people are reading (if this seems crazy, keep in mind that's how US Post worked for many years after Comstock failed, if you get a brown paper package posted to you, well, it's your business what is in there, and your state wasn't allowed to insist on ripping open the packaging to see whether it is pornography or communist propaganda)
This doesn't look like anything malicious, 8048 is just prepending these announcements to 52320.. If anything, it looks like 269832(MDS) had a couple hits to their tier 1 peers which caused these prepended announcements to become more visible to collectors.
Was the OSRS economy affected by the strikes? I'm assuming they didn't disrupt internet access for most Venezuelan citizens but I have not looked into it yet.
I run an OSRS market analysis/flipping site, and have been keeping an eye on the effects.
The short answer is that there hasn't been a ton of movement across the market at large, but since Saturday, bonds have been swinging up towards the all-time high they set last December. Can't say for certain that that movement is tied to VZ though.
My clanmates and I noticed that some of the more popular goldfarming hotspots were much less populated that day. Rev caves, Zalcano, etc. Not sure about impacts for the broader economy though. Maybe FlippingOldSchool will release a video analyzing the economic trends over the course of that week? Would be interesting for sure.
There were reports they had considered Christmas Day and New Year's Day. I wonder if it was far enough along that you could see similar BGP anomalies around those times.
Let’s be honest, that was a crazy operation. I wonder whether they really secured all chances of success, or just winged it with chances of not depositing the leader, and him being able to summon his diplomatic relations into 50 countries declaring war to the USA.
While on their way out, if the USA could set everything back to IPv6, that would be nice.
The outcome is less-crazy if one views it as assisting a palace-coup, partnering with a bunch of Venezuelan government and military insiders already seeking to depose Maduro, able to subtly clear the path and provide intel.
No one would lift a finger for him. Russia just watched. The Chinese too. They may be allies in words but in the end each dictator just care about themselves. Just like how Trump wouldn’t help any ally unless he got something out of it.
Fascinating find and investigation. While there isn't a solid conclusion from it, glad it was written up, perhaps someone will be able to connect more dots with it.
If you were not already entirely reliant on American tech before, this ought to convince you to put jump in with both feet. What could possibly go wrong?
There is not really any reason to conclude that "american tech" was responsible for this attack. If anything, given all the sanctions Venezuela was under and how friendly they are with china, i would be surprised if they were using american tech in their infrastructure.
[Of course i agree with the broader point of dont become dependent on the technology of your geopolitical enemies]
There are other attack vectors beyond infrastructure though when the population all have Android Smart Phones running Play Services and communicate using WhatsApp.
Technology is notoriously expensive to develop and manufacture. One must either have native capacity (and thus, the wealth) to do so, or must get it from someone else.
Other Western/US-aligned countries might have the ability to do so, albeit at geopolitical and economic cost, because the only thing you're likely to gain from kicking the US out of your tech stack and infrastructure is a tech stack and infrastructure free of the US. Meanwhile American companies will be developing new features and ways of doing things that add economic value. So at best, a wash economically. Maybe the geopolitical implications are enticing enough.
Places like Venezuela? Nah. They'll be trading the ability of Americans to jack with their tech infrastructure for the ability of the PRC, Non-US Western nations, or Russia to jack with their tech stack.
The geopolitics of technology are a lot like a $#1+ sandwich: the more bread you have, the less of someone else's $#1+ you have to eat.
This is not unusual, CANTV has notoriously slow, expensive links, most ISPs in Venezuela would have it as a "backup" provider. If there is an outage of GlobeNet or TIM, it would cause those routes to disappear, leaving the CANTV routes up, which are heavily prepended to avoid routing through them on "normal" operations.
What would be the result of this? I think it would route data through Sparkle as a way of potentially spying on internet traffic without having compromised the network equipment within Venezuela, but I'm not familiar enough with network architecture to really understand what happened.
Maybe there would be some benefit in just dropping some packets. For example to WhatsApp, Telegram, Gmail servers. Could add a communication delay that could be critical and denies people a fairly reliable fallback communication method.
What I mean is that cause and effect here could be different then the author thinks. We see some route changes, but those changes make no sense on their own since they wouldn't capture any traffic. That makes it more probable that BGP was not the attack, but that some other action caused this BGP anomalie as a side effect.
For example, maybe some misconfiguration caused these routes to be published because another route was lost. Which could very well be the actual cyber attack, or the effect of jamming, or breaking some undersea cable, or turning off the power to some place.
> The newsletter suggests “BGP shenanigans” and posits that such a leak could be exploited to collect intelligence useful to government entities.
>
> While we can’t say with certainty what caused this route leak, our data suggests that its likely cause was more mundane.
For a length-15 ASpath to show up on the internet, a whole bunch of better routes need to disappear first, which seems to have happened here. But that disappearance is very likely unrelated to CANTV.
Furthermore, BGP routes can get "stuck", if some device doesn't handle a withdrawal correctly… this can lead to odd routes like the ones seen here. Especially combined with the long path length and disappearance of better routes.
Cyber-warfare capabilities on this level seem pretty horrific. What if you could simply turn off the power grid of Kyiv or Moscow in anticipation of a strike? That seems extremely disorientating. What if you could simply turn off the power grid indefinitely?
Russia attacks Ukrainian power grid on a weekly basis. Not only with cyber-attacks but with actual bombs. Over Christmas 750k homes in Kyiv were without power or heating. This is not a hypothetical it's daily reality for millions of people in Ukraine.
Something like this more or less happened during the initial Israeli strike on Iran ?
From what I remember reading, they were able to gain air dominance not because Iranian air-defense was bad, but because it was put almost completely out of service for a brief period of time by people on the ground - be it through sabotage, cyber-warfare, drone attacks from inside, allowing the Israeli jets to annihilate them.
> not because Iranian air-defense was bad, but because it was put almost completely out of service for a brief period of time by people on the ground - be it through sabotage, cyber-warfare, drone attacks from inside,
Wouldn't that constitute air defense being "bad"? There are no "well technically it should have worked" in war. Failing to properly secure the air defense sites is bad air defense.
> The US Navy used sea-launched Tomahawk missiles with Kit-2 warheads, involving reels of carbon fibers, in Iraq as part of Operation Desert Storm during the Gulf War in 1991, where it disabled about 85% of the electricity supply. The US Air Force used the CBU-94, dropped by F-117 Nighthawks, during the NATO bombing of Yugoslavia on 2 May 1999, where it disabled more than 70% national grid electricity supply.
I would not, however, take "Trump said something" as indicative of much. "It was dark, the lights of Caracas were largely turned off due to a certain expertise that we have, it was dark, and it was deadly" is both visibly untrue from the video evidence available, and is the precise sort of off-the-cuff low-fact statement he's prone to.
General Caine specifically said they utilized CYBERCOM (which is the US inter-branch hacking command) to pave the way for the special ops helicopters. I personally have no doubt that any (whether or not they all were) lights being out was due to a US hack. Some of the stuff that got blown up may well have been to prevent forensic recover of US tools and techniques.
There are way worse things you could do, you could hide explosives in consumer electronics and infiltrate the supply lines to replace them. Then you could detonate them all simultaneously, indiscriminately murdering everyone around them as well. But of course only fascist barbarians would ever do or support that sort of thing.
IMHO the rest of the world isn't asleep. Denmark's prime minister said the same as you, for example. US just got roasted at UN by inter alia, France, with ~20 countries either speaking the same or asking to speak on it. That's just from 30s with front page of nytimes.com.
Canada has a strong army and can defend itself. Greenland on the other hand is not well defended and I doubt Denmark really cares (e.g., if they’re willing to send tens of thousands of troops to die for it) if it was occupied by China or Russia in the event of a war.
Greenland is a massive strategic liability for the US and Europe (although the EU still has its head in the sand they are starting to wake up some).
Frankly, the right move (before Trump did as Trump does, and fucked up our foreign relations) would have been to straight-up buy Greenland. The people of Greenland have the right under Danish law to vote for independence, and there's not that many of them. Paying individual people for the votes probably would have cost the US $10 billion, and then we could give them Puerto Rico-esque status.
Not sure why this got downvoted; we're threatening it again, credibly enough that the Danish PM is telling them to shut up.
Yesterday:
> Adding to the alarm, Katie Miller, a right-wing podcast host and the wife of Trump adviser Stephen Miller, posted an image of Greenland superimposed with the American flag and the caption "SOON!"
Fragile egos. Narcissists desperately need to feel good about themselves. They're caught in a cycle: feel worthless -> do bad things (feed the ego) -> feel worthless.
When BGP traffic is being sent from point A to point B, it can be rerouted through a point C. If you control point C, even for a few hours, you can theoretically collect vast amounts of intelligence that would be very useful for government entities.
Solid OSINT methodology here. The 10x AS path prepending is the most interesting detail to me b/c typically you'd see prepending used to de-prioritize a route, which raises the question: was this about making traffic avoid CANTV, or was it a side effect of something else?
A few thoughts:
- The affected prefixes (200.74.224.0/20 block → Dayco Telecom) hosting banks and ISPs feels significant. If you're doing pre-kinetic intelligence gathering, knowing the exact network topology and traffic patterns of critical infrastructure would be valuable. Even a few hours of passive collection through a controlled transit point could map out dependencies you'd want to understand before cutting power.
- What's also notable is the transit path through Sparkle, which the author points out doesn't implement RPKI filtering. That's not an accident if you're planning something (you'd specifically choose providers with weaker validation).
- The article stops short of drawing conclusions, which is the right call. BGP anomalies are common enough that correlation ≠ causation. But the timing and the specific infrastructure affected make this worth deeper analysis.
Would love to see someone with access to more complete BGP table dumps do a before/after comparison of routing stability for Venezuelan prefixes in that window.
Sure, but there must always be a fear that the military and public would not want to die in a nuclear inferno to defend national sovereignty. And may tolerate a coupe instead. Which then reduces the madness and the deterrent effect. The extra step the Dprk have taken is to try and build bunkers so that the regime could survive the destruction of the country. A step further into madness that goes beyond what western countries have been willing to accept.
Note that MAD only works when there are a small number of players. Once it gets up past around 12, a.) it becomes too easy to detonate a nuclear weapon and then blame somebody else to take the fall and b.) the chance of somebody doing something crazy and irrational becomes high. Same reason that oligopolies can have steady profit but once you have ~10-12 market players you enter perfect competition and inevitably get a price war.
There are 9 nuclear-armed states today. Likely this has set us on a path where nuclear war is inevitable.
Nuclear capability wouldn't necessarily rule out this kind of a decapitation strike, it's just that it's very hard to imagine this kind of an operation actually being successful in any nuclear-capable country.
The US couldn't just fly a bunch of helicopters to Pyongyang or Tehran and do the same within 30 minutes. Most likely every single one of those helicopters would end up being shot down.
Counterpoint is that Ukraine, Qaddafi, and Assad already demonstrated the significance of maintaining certain capabilities. Vzla didn't have those capabilities before, much less publicly depreciate them.
The reporting suggests there was some kind of deal struck between the US and elements of the VZ administration, and even nuclear capability doesn't prevent that
It will increase the desire for nukes, but also increase the hesitation to seek them now that credibility and capability (particularly what modern intelligence is capable of) are demonstrated. Hard to say how this nets off.
>I assume that nuclear capability would rule out a target from this kind of snatch operation
Why would it?
1. "Nuclear capability" is not binary. The available delivery mechanisms and the defensive capabilities of your adversary matter a lot.
2. MAD constrains both sides. It's unlikely that an unpopular Head of State getting kidnapped would warrant a nuclear first strike especially against a country like (Trump's) America, which would not hesitate to glass your whole country in response.
3. It's extremely risky to "try" a nuke, because even if it's shot down, does it mean your enemy treats it as a nuclear strike and responds as if it had landed? That's a very different equation from conventional missiles. E.g. Iran sends barrages of missiles because they expect most of them to be shot down. It's probably not calculating a scenario where all of them land and Israel now wants like-for-like revenge.
Heads of state are generally pretty good at delegating the C&C of their nukes to people they are pretty popular with. That's orthogonal to popularity polls of the populace.
I think by "this kind of operation" he means extrajudicially removing a sitting president (legitimate or not) of another country for trial elsewhere. Not cyber attack or espionage.
the popular conspiracy theory among Russian opposition is that Maduro exit was negotiated, so he will do small time at a Fed club and would preserve significant amount of his money (at least couple hundreds of millions), and after completing the time will end up with his money in Russia/Belarussia.
We can see that nobody was going to resist the operation in Venezuela, so it doesn't really matter that Venezuela doesn't have nukes. Using nukes isn't just a matter of pressing a button, it involves a lot of people and processes - thus any significant opposition inside the force or just widespread sabotage will make it unusable.
It strikes me as completely possible that the exit was negotiated. The fact that they knew his exact location and "luckily" nabbed him right before he went into some kind of panic room / bunker is certainly... something.
But it seems equally likely to me that he was sold out by somebody in the VZ government/military. And that the paltry military resistance was because they saw direct confrontation with the US as suicidal.
> the popular conspiracy theory among Russian opposition is that Maduro exit was negotiated, so he will do small time at a Fed club and would preserve significant amount of his money
It sounds stupid. Maduro has no way to enforce the deal, and the US has no incentive to fulfill this deal.
> We can see that nobody was going to resist the operation in Venezuela, so it doesn't really matter that Venezuela doesn't have nukes.
To use it, no resistance is matter. One person must do their job to launch a nuclear weapon. That's all.
> it involves a lot of people and processes
It doesn't matter. Nuclear deterrence exercises are conducted regularly. And their peculiarity is that no one except the person with the red button knows whether it's an exercise or whether the missiles will actually be launched this time.
So when the order to launch comes, many people will be performing a large number of complex processes which will result in the use of nuclear weapons. Because they regularly receive such orders and carry out these processes.
You have to assume everyone is willing to die over every single thing short of obliteration.
So what's the scenario then? Venezuela has nukes. The US abducts Maduro. Venezuela launches its nukes, everyone dies on both sides. Please, explain that laughable premise. Everyone in Venezuela dies for Maduro? Go on, explain it, I'll wait.
Back in reality: Venezuela has nukes. The US abducts Maduro. Venezuela shakes its fists at the sky, threatens nuclear hell fire. Nothing happens. Why? The remaining leadership of Venezuela does not in fact want to die for Maduro.
> So what's the scenario then? Venezuela has nukes. The US abducts Maduro. Venezuela launches its nukes, everyone dies on both sides.
US attacks, Maduro threatens to launch nuke(s) ... then what? Do you call bluff?
Maduro was capture in a militair base (as he did a Saddam, switching sleeping locations), he almost made it into a safe room. What if he had nukes and made it to the safe room. You know the expression "Cornered rat"... For all he knew, the US was there to kill him. The US killed his 30 Cuban bodyguards so high change Maduro thought its his end.
> "Cornered rat" refers to the idiom that even weak individuals become desperate and dangerous when given no escape, often applied to intense political or military pressure.
The scenario that you called, that nobody wants to die for Maduro, is you gambling that nobody want to die for him or not follow the chain of command! Do you want to risk it? No matter how many precaution you take, are you really sure that not one or more nukes go to Texas or Miami?
This is why Nukes are so powerful, even in the hands of weaker countries. It gives a weaker country a weapon that may inflict untold dead to the more powerful country (let alone the political impact). Its a weapon that influences decision making, even in the most powerful countries.
Are you trying to argue that M.A.D. hasn't been an effective deterrent to violence for decades?
Do you think the US and EU would have hesitated to send enough arms to keep Ukraine comfortably fending off Russia if they weren't afraid of the nuclear threat that Russia kept toying with?
That's like arguing against the police arresting criminals because it will incentivize them to acquire weapons.
The only consistent action for the US to take, given they - and much of the world - do not consider Maduro the legitimate President of Venezuela, was to remove him from power.
Terrible take in the 2nd premise of your argument. Is Venezuela a sovereign nation or a colony? Can similar logic be applied against Russia or even the US?
> When BGP traffic is being sent from point A to point B, it can be rerouted through a point C. If you control point C, even for a few hours, you can theoretically collect vast amounts of intelligence that would be very useful for government entities. The CANTV AS8048 being prepended to the AS path 10 times means there the traffic would not prioritize this route through AS8048, perhaps that was the goal?
AS prepending is a relatively common method of traffic engineering to reduce traffic from a peer/provider. Looking at CANTV's (AS8048) announcements from outside that period shows they do this a lot.
Since this was detected as a BGP route leak, it looks like CANTV (AS8048) propagated routes from Telecom Italia Sparkle (AS6762) to GlobeNet Cabos Sumarinos Columbia (AS52320). This could have simply been a misconfiguration.
Nothing nefarious immediately jumps out to me here. I don't see any obvious attempts to hijack routes to Dayco Telecom (AS21980), which was the actual destination. The prepending would have made traffic less likely to transit over CANTV assuming there was any other route available.
The prepending done by CANTV does make it slightly easier to hijack traffic destined to it (though not really to Dayco), but that just appears to be something they just normally do.
This could be CANTV trying to force some users of GlobeNet to transit over them to Dayco I suppose, but leaving the prepending in would be an odd way of going about it. I suppose if you absolutely knew you were the shortest path length, there's no reason to remove the prepending, but a misconfiguration is usually the cause of these things.
CANTV (AS8048) is a correct upstream transit provider for Dayco (AS21980) as seen in both https://radar.cloudflare.com/routing/as21980#connectivity and https://bgp.tools/as/21980#upstreams
What most likely happened, instead of a purposeful attempt to leak routes and MITM traffic, is CANTV had too loose of a routing export policy facing their upstream AS52320 neighbor, and accidentally redistributed the Dayco prefixes that they learned indirectly from Sparkle (AS6762) when the direct Dayco routes became unavailable to them.
This is a pretty common mistake and would explain the leak events that were written about here.
A closer look at the leak: https://news.ycombinator.com/item?id=46518731
1 reply →
Most providers enforce rpki but unless you peer with tier1 networks you can't influence a network you don't peer with.
Agreed the author here just dumps data but nothing that seems to be designed to disrupt comms in Venezuela is really mentioned.
I guess one of the interesting things I learnt off this article(1) was that 7% of DNS query types served by 1.1.1.1 are HTTPS and started wondering what HTTPS query type was as I had only heard of A, MX, AAAA, SPF etc...
Apparently that is part of implementing ECH (Encrypted Client Hello) in TLS 1.3 where the DNS hosts the public key of the server to fully encrypt the server name in a HTTPS request. Since Nginx and other popular web servers don't yet support it, I suspect the 7% of requests are mostly Cloudflare itself.
(1) https://radar.cloudflare.com/?ref=loworbitsecurity.com#dns-q...
It’s also how browsers detect a website supports HTTP3. Browsers will request it just to check if they should connect to an https:// URL via HTTP3 (though they generally don’t block on it - they fallback to HTTP1/2 if it takes too long).
> It’s also how browsers detect a website supports HTTP3
It's one way, but a H1/H2 connection can also be promoted to H3 via the alt-svc header. The DNS method is slightly better though since it potentially allows a client to utilize H3 immediately from the first request.
2 replies →
Caddy supports it, and has quite a bit written about it: https://caddyserver.com/docs/automatic-https#encrypted-clien...
There’s an odd skew in that data which is saying the *third* most popular TLD is ‘.st’ which is… unexpected. The biggest service I can find using that TLD is `play.st` so maybe PlayStation clients are early adopters of DNS-over-HTTPS via 1.1.1.1.
The biggest .st "service" is Aisuru botnet.
Weird. Or maybe someone looking up `te.st` a lot?
Wait, so you do not leak the host through DNS with this? I have not checked it out yet.
Encrypted DNS has existed for quite a while now through DNS over HTTPS, the missing link was that to connect to a website, you first had to send the server the hostname in plaintext to get the right public key for the site. So someone listening on the wire could not see your DNS requests but would effectively still get the site you connected to anyway.
The new development (encrypted client hello) is you no longer have to send the hostname. So someone listening in the middle would only see you connected to an AWS/etc IP. This will make blocking websites very difficult if they use shared services like cloudflare or cloud VPS hosting.
5 replies →
In principle, it means you could run multiple sites from the same IP and someone intercepting traffic to that IP (but not the client’s DNS path) couldn’t tell what site each connection was to. It mostly makes sense for CDNs, where the same IP will be used for many sites.
If you don’t use a CDN at all, the destination IP leaks what site you’re trying to connect to (if the domain is well known). If you use a CDN without ECH, you send an unencrypted domain name in the HTTPS negotiation so it’s visible there. ECH+CDN is an attempt to have the best of both worlds: your traffic to the site will not advertise what site you’re connecting to, but the IP can still be shared between a variety of sites.
It’ll be interesting to see how countries with lighter censorship schemes adapt - China etc. of course will just block the connection.
8 replies →
This is so you do not leak the host through TLS. Using DNS to serve an encryption key.
It’s not just encrypted server name indication (ESNI), it is the whole hello now (ECH)! So you don’t leak anything.
My read is you still leak the host with DNS. This only prevents leaking the host with SNI. A useful piece but not at all the holy grail.
Caddy has supported it for several months now, although I do agree most the requests are in fact Cloudflare.
Adguard Home and others can be configured to complete your DNS requests over HTTPS (using, for example, https://dns.cloudflare.com/dns-query).
That's not what this is about.
HTTPS is the name of a protocol, which is mostly used to make the World Wide Web work, but we do lots of other things with it, such as DNS-over-HTTPS aka DoH.
However HTTPS is also the name of a type of DNS record, this record contains everything you need to best reach the named HTTPS (protocol) server, and this is the type of record your parent didn't previously know about
In the boring case, say, 20 years ago, when you type https://some.name/stuff/hats.html into a web browser your browser goes "Huh, HTTPS to some.name. OK, I will find out the IPv4 address of some.name, and it makes a DNS query asking A? some.name. The DNS server answers with an IPv4 address, and then as the browser connects securely to that IP address, it asks to talk to some.name, and if the remote host can prove it is some.name, the browser says it wants /stuff/hats.html
Notice we have to tell the remote server who we hope they are - and it so happens eavesdroppers can listen in on this. This means Bad Guys can see that you wanted to visit some.name. They can't see that you wanted to read the document about hats, but they might be able to guess that from context, and wouldn't you rather they didn't know more than they need to?
With the HTTPS record, your web browser asks (over secure DNS if you have it) HTTPS? some.name and, maybe it gets a positive answer. If it does, the answer tells it not only where to try to connect, but also it can choose to provide instructions for a cover name to always use, and how to encrypt the real name, this is part of Encrypted Client Hello (or ECH)
Then the web server tells the server that it wants to talk to the cover name and it provides an encrypted version of some.name. Eavesdroppers can't decrypt that, so if many people share the same endpoints then eavesdropper can't tell which site you were visiting.
Now, if the server only contains documents about hats, this doesn't stop the Secret Hat Police from concluding that everybody connecting to that server is a Hat Pervert and needs to go to Hat Jail. But if you're a bulk host then you force such organisations to choose, they can enforce their rules equally for everything (You wanted to read News about Chickens? Too bad, Hat Jail for you) or they can accept that actually they don't know what people are reading (if this seems crazy, keep in mind that's how US Post worked for many years after Comstock failed, if you get a brown paper package posted to you, well, it's your business what is in there, and your state wasn't allowed to insist on ripping open the packaging to see whether it is pornography or communist propaganda)
4 replies →
iPhones regularly do these queries before / in addition to to A/AAAA. They’re used for more than ECH.
This doesn't look like anything malicious, 8048 is just prepending these announcements to 52320.. If anything, it looks like 269832(MDS) had a couple hits to their tier 1 peers which caused these prepended announcements to become more visible to collectors.
Was the OSRS economy affected by the strikes? I'm assuming they didn't disrupt internet access for most Venezuelan citizens but I have not looked into it yet.
I'd say that an OSRS outage would be more likely to measurably affect the Venezuelan economy than the reverse.
I run an OSRS market analysis/flipping site, and have been keeping an eye on the effects.
The short answer is that there hasn't been a ton of movement across the market at large, but since Saturday, bonds have been swinging up towards the all-time high they set last December. Can't say for certain that that movement is tied to VZ though.
My clanmates and I noticed that some of the more popular goldfarming hotspots were much less populated that day. Rev caves, Zalcano, etc. Not sure about impacts for the broader economy though. Maybe FlippingOldSchool will release a video analyzing the economic trends over the course of that week? Would be interesting for sure.
Maybe they were out celebrating.
Any osrs Venezuelan clans you’re looking to contact about this?
Yes, it looks like it definitely was: https://x.com/eslischn/status/1104542595806609408
Unless I'm missing an update, it appears that this post is from 2019?
that's in 2019
There were reports they had considered Christmas Day and New Year's Day. I wonder if it was far enough along that you could see similar BGP anomalies around those times.
Not from the cloudflare dashboard, you can zoom out. The night of the attack doesnt even really stand out as abnormal when zooming out that far.
So you're saying I can't set an alert for these conditions and use the timing to place a quick bet on the geopolitical polymarket du-jour?
https://finance.yahoo.com/news/one-polymarket-user-made-more...
1 reply →
I wonder what kind of capabilities the US army didn't use during this operation.
BGP is so unsecure that almost anyone can create chaos.
Even by accident!
7 replies →
Let’s be honest, that was a crazy operation. I wonder whether they really secured all chances of success, or just winged it with chances of not depositing the leader, and him being able to summon his diplomatic relations into 50 countries declaring war to the USA.
While on their way out, if the USA could set everything back to IPv6, that would be nice.
The outcome is less-crazy if one views it as assisting a palace-coup, partnering with a bunch of Venezuelan government and military insiders already seeking to depose Maduro, able to subtly clear the path and provide intel.
3 replies →
> him being able to summon his diplomatic relations into 50 countries declaring war to the USA.
As if. Dictators only do things that benefit themselves, and deciding to attack the US is suicide and/or world ending.
7 replies →
No one would lift a finger for him. Russia just watched. The Chinese too. They may be allies in words but in the end each dictator just care about themselves. Just like how Trump wouldn’t help any ally unless he got something out of it.
14 replies →
> While on their way out, if the USA could set everything back to IPv6, that would be nice.
You actually think the US would leave things better than they found them?
2 replies →
Does it mean that countries must not buy American telecom equipments? Snowden already revealed the intromission of the government in Cisco routers.
Only the ones run by dictators.
Dictators the US doesn't support (so Sisi, MBS, MBZ, etc. are fine)
Fascinating find and investigation. While there isn't a solid conclusion from it, glad it was written up, perhaps someone will be able to connect more dots with it.
If you were not already entirely reliant on American tech before, this ought to convince you to put jump in with both feet. What could possibly go wrong?
There is not really any reason to conclude that "american tech" was responsible for this attack. If anything, given all the sanctions Venezuela was under and how friendly they are with china, i would be surprised if they were using american tech in their infrastructure.
[Of course i agree with the broader point of dont become dependent on the technology of your geopolitical enemies]
There are other attack vectors beyond infrastructure though when the population all have Android Smart Phones running Play Services and communicate using WhatsApp.
1 reply →
It’s for sure another alarm signal for the EU to further reduce dependencies on our newest geopolitical enemy… the United States of America.
5 replies →
It's pick-your-poison, really.
Technology is notoriously expensive to develop and manufacture. One must either have native capacity (and thus, the wealth) to do so, or must get it from someone else.
Other Western/US-aligned countries might have the ability to do so, albeit at geopolitical and economic cost, because the only thing you're likely to gain from kicking the US out of your tech stack and infrastructure is a tech stack and infrastructure free of the US. Meanwhile American companies will be developing new features and ways of doing things that add economic value. So at best, a wash economically. Maybe the geopolitical implications are enticing enough.
Places like Venezuela? Nah. They'll be trading the ability of Americans to jack with their tech infrastructure for the ability of the PRC, Non-US Western nations, or Russia to jack with their tech stack.
The geopolitics of technology are a lot like a $#1+ sandwich: the more bread you have, the less of someone else's $#1+ you have to eat.
Most everyone in the world has a Google or Apple phone in their pocket. I'm not sure how much more reliant you can get.
This is not unusual, CANTV has notoriously slow, expensive links, most ISPs in Venezuela would have it as a "backup" provider. If there is an outage of GlobeNet or TIM, it would cause those routes to disappear, leaving the CANTV routes up, which are heavily prepended to avoid routing through them on "normal" operations.
What would be the result of this? I think it would route data through Sparkle as a way of potentially spying on internet traffic without having compromised the network equipment within Venezuela, but I'm not familiar enough with network architecture to really understand what happened.
Maybe there would be some benefit in just dropping some packets. For example to WhatsApp, Telegram, Gmail servers. Could add a communication delay that could be critical and denies people a fairly reliable fallback communication method.
The effect of this would be traffic from GlobeNet destined for Dayco would transit over CANTV's network for a period.
I'm not sure why the author singled out Telecom Italia Sparkle.
Alternative theory: Part of the operation caused power outages or disrupted some connections, the BGP anomalies were a result of that.
The data would make that more likely, because deliberately adding a longer route doesn't achieve much. It's not usually going to get any traffic.
The BGP anomalies were 24-hours~ before the power outage, so I'm not sure I follow what you're arguing.
What I mean is that cause and effect here could be different then the author thinks. We see some route changes, but those changes make no sense on their own since they wouldn't capture any traffic. That makes it more probable that BGP was not the attack, but that some other action caused this BGP anomalie as a side effect.
For example, maybe some misconfiguration caused these routes to be published because another route was lost. Which could very well be the actual cyber attack, or the effect of jamming, or breaking some undersea cable, or turning off the power to some place.
2 replies →
As a follow-up, Cloudflare came to the same conclusion: https://blog.cloudflare.com/bgp-route-leak-venezuela/
> The newsletter suggests “BGP shenanigans” and posits that such a leak could be exploited to collect intelligence useful to government entities. > > While we can’t say with certainty what caused this route leak, our data suggests that its likely cause was more mundane.
For a length-15 ASpath to show up on the internet, a whole bunch of better routes need to disappear first, which seems to have happened here. But that disappearance is very likely unrelated to CANTV.
Furthermore, BGP routes can get "stuck", if some device doesn't handle a withdrawal correctly… this can lead to odd routes like the ones seen here. Especially combined with the long path length and disappearance of better routes.
There are two things that it's very important normies never learn much about: BGP and fractional reserve banking
[flagged]
[dead]
https://isbgpsafeyet.com
Is there a term for the distance between an acronym's first use and its definition?
Cyber-warfare capabilities on this level seem pretty horrific. What if you could simply turn off the power grid of Kyiv or Moscow in anticipation of a strike? That seems extremely disorientating. What if you could simply turn off the power grid indefinitely?
Russia attacks Ukrainian power grid on a weekly basis. Not only with cyber-attacks but with actual bombs. Over Christmas 750k homes in Kyiv were without power or heating. This is not a hypothetical it's daily reality for millions of people in Ukraine.
Something like this more or less happened during the initial Israeli strike on Iran ?
From what I remember reading, they were able to gain air dominance not because Iranian air-defense was bad, but because it was put almost completely out of service for a brief period of time by people on the ground - be it through sabotage, cyber-warfare, drone attacks from inside, allowing the Israeli jets to annihilate them.
> not because Iranian air-defense was bad, but because it was put almost completely out of service for a brief period of time by people on the ground - be it through sabotage, cyber-warfare, drone attacks from inside,
Wouldn't that constitute air defense being "bad"? There are no "well technically it should have worked" in war. Failing to properly secure the air defense sites is bad air defense.
2 replies →
See the remotely operated Spike missiles: https://www.twz.com/news-features/spike-missiles-that-destro...
The unquestioning logistical and intelligence support from the US military is truly formidable, and probably expensive.
> What if you could simply turn off the power grid of Kyiv or Moscow in anticipation of a strike?
I expect every major world power has a plan to (attempt to) do precisely that to their enemies.
https://en.wikipedia.org/wiki/Graphite_bomb
> The US Navy used sea-launched Tomahawk missiles with Kit-2 warheads, involving reels of carbon fibers, in Iraq as part of Operation Desert Storm during the Gulf War in 1991, where it disabled about 85% of the electricity supply. The US Air Force used the CBU-94, dropped by F-117 Nighthawks, during the NATO bombing of Yugoslavia on 2 May 1999, where it disabled more than 70% national grid electricity supply.
I would not, however, take "Trump said something" as indicative of much. "It was dark, the lights of Caracas were largely turned off due to a certain expertise that we have, it was dark, and it was deadly" is both visibly untrue from the video evidence available, and is the precise sort of off-the-cuff low-fact statement he's prone to.
General Caine specifically said they utilized CYBERCOM (which is the US inter-branch hacking command) to pave the way for the special ops helicopters. I personally have no doubt that any (whether or not they all were) lights being out was due to a US hack. Some of the stuff that got blown up may well have been to prevent forensic recover of US tools and techniques.
2 replies →
On the other hand, Trump has a track record of leaking capabilities.
Read about Stuxnet
It's been well known to be a major part of world power war plans for like 20 years now. Yes, it's a terrifying concept.
I don't think calling shutting down the internet horrific is appropriate at all in the context of bombings.
Ridiculous post. Power outages would kill a lot of people if sustained. A Carrington event would devastate modern society.
4 replies →
Russia tried. They haven’t managed to do anything very serious.
There are way worse things you could do, you could hide explosives in consumer electronics and infiltrate the supply lines to replace them. Then you could detonate them all simultaneously, indiscriminately murdering everyone around them as well. But of course only fascist barbarians would ever do or support that sort of thing.
There are BGP anomalies every day.
Symbolic link to the Cloudflare RPKI status for CANTV.
[1]:https://radar.cloudflare.com/routing/as8048ref=loworbitsecur...
missing a question mark https://radar.cloudflare.com/routing/as8048?ref=loworbitsecu...
Related: https://news.ycombinator.com/item?id=46499419
I wonder if this can be monitored on a global scale as a sort of predictor of “something gonna happen at country X”.
Look for the same with Greenland or Canada next :/
the rest of the world is weirdly too passive, there's a smell of shock
I don't think anybody cares any bit about Maduro.
2 replies →
IMHO the rest of the world isn't asleep. Denmark's prime minister said the same as you, for example. US just got roasted at UN by inter alia, France, with ~20 countries either speaking the same or asking to speak on it. That's just from 30s with front page of nytimes.com.
17 replies →
Canada has a strong army and can defend itself. Greenland on the other hand is not well defended and I doubt Denmark really cares (e.g., if they’re willing to send tens of thousands of troops to die for it) if it was occupied by China or Russia in the event of a war.
Greenland is a massive strategic liability for the US and Europe (although the EU still has its head in the sand they are starting to wake up some).
Frankly, the right move (before Trump did as Trump does, and fucked up our foreign relations) would have been to straight-up buy Greenland. The people of Greenland have the right under Danish law to vote for independence, and there's not that many of them. Paying individual people for the votes probably would have cost the US $10 billion, and then we could give them Puerto Rico-esque status.
Not sure why this got downvoted; we're threatening it again, credibly enough that the Danish PM is telling them to shut up.
Yesterday:
> Adding to the alarm, Katie Miller, a right-wing podcast host and the wife of Trump adviser Stephen Miller, posted an image of Greenland superimposed with the American flag and the caption "SOON!"
https://www.nbcnews.com/world/greenland/trump-venezuela-atta...
> Not sure why this got downvoted
Fragile egos. Narcissists desperately need to feel good about themselves. They're caught in a cycle: feel worthless -> do bad things (feed the ego) -> feel worthless.
10 replies →
ELI5 for people not familiar in this domain?
From the article:
Solid OSINT methodology here. The 10x AS path prepending is the most interesting detail to me b/c typically you'd see prepending used to de-prioritize a route, which raises the question: was this about making traffic avoid CANTV, or was it a side effect of something else?
A few thoughts: - The affected prefixes (200.74.224.0/20 block → Dayco Telecom) hosting banks and ISPs feels significant. If you're doing pre-kinetic intelligence gathering, knowing the exact network topology and traffic patterns of critical infrastructure would be valuable. Even a few hours of passive collection through a controlled transit point could map out dependencies you'd want to understand before cutting power. - What's also notable is the transit path through Sparkle, which the author points out doesn't implement RPKI filtering. That's not an accident if you're planning something (you'd specifically choose providers with weaker validation). - The article stops short of drawing conclusions, which is the right call. BGP anomalies are common enough that correlation ≠ causation. But the timing and the specific infrastructure affected make this worth deeper analysis.
Would love to see someone with access to more complete BGP table dumps do a before/after comparison of routing stability for Venezuelan prefixes in that window.
really?
?
The only anomaly was military. As far as I can tell, Venezuela's AD was shut down, or told to shut down.
Didn't the US use Chinooks? They're supposed to be loud. And AD didn't take even one out.
If Venezuela as corrupt as most socialist countries, I have no doubt that someone in his inner circle gave him up.
Back in the days of our version of socialism we had Indian politicians selling out for $100K, leave alone $50M.
Some pretty spooky comments in this thread from accounts with pretty low comment histories too…
If the system eats its own analysts, the doctrine question becomes moot.
Typical cyber warfare techniques.
I assume that nuclear capability would rule out a target from this kind of snatch operation, and that this event will add pressure to proliferate.
Indeed. The DPRK was right from the start. They always were.
For the longest time I thought they'd gone too far, but now we're the clowns putting on a show.
Sure, but there must always be a fear that the military and public would not want to die in a nuclear inferno to defend national sovereignty. And may tolerate a coupe instead. Which then reduces the madness and the deterrent effect. The extra step the Dprk have taken is to try and build bunkers so that the regime could survive the destruction of the country. A step further into madness that goes beyond what western countries have been willing to accept.
68 replies →
Note that MAD only works when there are a small number of players. Once it gets up past around 12, a.) it becomes too easy to detonate a nuclear weapon and then blame somebody else to take the fall and b.) the chance of somebody doing something crazy and irrational becomes high. Same reason that oligopolies can have steady profit but once you have ~10-12 market players you enter perfect competition and inevitably get a price war.
There are 9 nuclear-armed states today. Likely this has set us on a path where nuclear war is inevitable.
9 replies →
Yeah I imagine we’ll see a cottage industry of small countries with nukes in ten-fifteen years.
Plenty of places have uranium and unless they are being watched like Iran they can just set up clandestine enrichment operations.
I think have thousands of artillery shells aimed at Seoul is the larger deterrent.
18 replies →
They're safe, but at what cost?
They drive old cars, have slow internet and can't visit the coliseum. They're not invited to the cool parties.
[flagged]
22 replies →
From bgp hijacking? Almost certainly not.
It would probably rule out the type of decapitation strike the US did, but bgp hijacking is way way below on the escalation ladder.
Nuclear capability wouldn't necessarily rule out this kind of a decapitation strike, it's just that it's very hard to imagine this kind of an operation actually being successful in any nuclear-capable country.
The US couldn't just fly a bunch of helicopters to Pyongyang or Tehran and do the same within 30 minutes. Most likely every single one of those helicopters would end up being shot down.
31 replies →
Counterpoint is that Ukraine, Qaddafi, and Assad already demonstrated the significance of maintaining certain capabilities. Vzla didn't have those capabilities before, much less publicly depreciate them.
Ukraine wouldn’t have been invaded if they hadn’t given up their nuclear weapons.
49 replies →
You still have to be willing to use the nukes. The threat has to be real or it doesn't work as a deterrent.
I think this is a situation where even if Venezuela had nukes, this still would have happened.
The choice is basically:
a. Don’t use nukes, everyone moves one rung up the ladder. b. Use nukes. Ladder is destroyed, everyone dies horribly.
Using nukes only makes sense if everyone is going to die horribly anyway. It’s an empty threat otherwise.
1 reply →
The reporting suggests there was some kind of deal struck between the US and elements of the VZ administration, and even nuclear capability doesn't prevent that
It will increase the desire for nukes, but also increase the hesitation to seek them now that credibility and capability (particularly what modern intelligence is capable of) are demonstrated. Hard to say how this nets off.
>I assume that nuclear capability would rule out a target from this kind of snatch operation
Why would it?
1. "Nuclear capability" is not binary. The available delivery mechanisms and the defensive capabilities of your adversary matter a lot.
2. MAD constrains both sides. It's unlikely that an unpopular Head of State getting kidnapped would warrant a nuclear first strike especially against a country like (Trump's) America, which would not hesitate to glass your whole country in response.
3. It's extremely risky to "try" a nuke, because even if it's shot down, does it mean your enemy treats it as a nuclear strike and responds as if it had landed? That's a very different equation from conventional missiles. E.g. Iran sends barrages of missiles because they expect most of them to be shot down. It's probably not calculating a scenario where all of them land and Israel now wants like-for-like revenge.
> an unpopular Head of State
Heads of state are generally pretty good at delegating the C&C of their nukes to people they are pretty popular with. That's orthogonal to popularity polls of the populace.
5 replies →
If having nuclear weapons did anything at all to prevent cyber attacks, the US would not be getting constantly victimized by cyber attacks.
I think "this kind of operation" refers to the entire "we bombed your capital and stole your President" thing, not just the cyber component of it.
It seems extraordinarily unlikely we'd have attempted such a thing if Venezuela had nukes.
5 replies →
I think by "this kind of operation" he means extrajudicially removing a sitting president (legitimate or not) of another country for trial elsewhere. Not cyber attack or espionage.
1 reply →
What? That is awful logic.
Cool, but outside the scope of the TFA.
Try, https://news.ycombinator.com/item?id=46473348.
the popular conspiracy theory among Russian opposition is that Maduro exit was negotiated, so he will do small time at a Fed club and would preserve significant amount of his money (at least couple hundreds of millions), and after completing the time will end up with his money in Russia/Belarussia.
We can see that nobody was going to resist the operation in Venezuela, so it doesn't really matter that Venezuela doesn't have nukes. Using nukes isn't just a matter of pressing a button, it involves a lot of people and processes - thus any significant opposition inside the force or just widespread sabotage will make it unusable.
It strikes me as completely possible that the exit was negotiated. The fact that they knew his exact location and "luckily" nabbed him right before he went into some kind of panic room / bunker is certainly... something.
But it seems equally likely to me that he was sold out by somebody in the VZ government/military. And that the paltry military resistance was because they saw direct confrontation with the US as suicidal.
1 reply →
80 of their guys died? Not just venuzuelans. If it was negotiated then maduro negotiated his own closest security forces to be killed as a cover.
Not impossible but certainly in the tinfoil hat range of possibilities.
> the popular conspiracy theory among Russian opposition is that Maduro exit was negotiated, so he will do small time at a Fed club and would preserve significant amount of his money
It sounds stupid. Maduro has no way to enforce the deal, and the US has no incentive to fulfill this deal.
> We can see that nobody was going to resist the operation in Venezuela, so it doesn't really matter that Venezuela doesn't have nukes.
To use it, no resistance is matter. One person must do their job to launch a nuclear weapon. That's all.
> it involves a lot of people and processes
It doesn't matter. Nuclear deterrence exercises are conducted regularly. And their peculiarity is that no one except the person with the red button knows whether it's an exercise or whether the missiles will actually be launched this time.
So when the order to launch comes, many people will be performing a large number of complex processes which will result in the use of nuclear weapons. Because they regularly receive such orders and carry out these processes.
Nuclear deterrent is absurd.
You have to assume everyone is willing to die over every single thing short of obliteration.
So what's the scenario then? Venezuela has nukes. The US abducts Maduro. Venezuela launches its nukes, everyone dies on both sides. Please, explain that laughable premise. Everyone in Venezuela dies for Maduro? Go on, explain it, I'll wait.
Back in reality: Venezuela has nukes. The US abducts Maduro. Venezuela shakes its fists at the sky, threatens nuclear hell fire. Nothing happens. Why? The remaining leadership of Venezuela does not in fact want to die for Maduro.
> So what's the scenario then? Venezuela has nukes. The US abducts Maduro. Venezuela launches its nukes, everyone dies on both sides.
US attacks, Maduro threatens to launch nuke(s) ... then what? Do you call bluff?
Maduro was capture in a militair base (as he did a Saddam, switching sleeping locations), he almost made it into a safe room. What if he had nukes and made it to the safe room. You know the expression "Cornered rat"... For all he knew, the US was there to kill him. The US killed his 30 Cuban bodyguards so high change Maduro thought its his end.
> "Cornered rat" refers to the idiom that even weak individuals become desperate and dangerous when given no escape, often applied to intense political or military pressure.
The scenario that you called, that nobody wants to die for Maduro, is you gambling that nobody want to die for him or not follow the chain of command! Do you want to risk it? No matter how many precaution you take, are you really sure that not one or more nukes go to Texas or Miami?
This is why Nukes are so powerful, even in the hands of weaker countries. It gives a weaker country a weapon that may inflict untold dead to the more powerful country (let alone the political impact). Its a weapon that influences decision making, even in the most powerful countries.
Your tone is unnecessarily condescending and confrontational, but your point is reasonable with respect to Venezuela and Maduro.
With Iran, North Korea, or Ukraine, the calculus is different.
Are you trying to argue that M.A.D. hasn't been an effective deterrent to violence for decades?
Do you think the US and EU would have hesitated to send enough arms to keep Ukraine comfortably fending off Russia if they weren't afraid of the nuclear threat that Russia kept toying with?
> remaining leadership of Venezuela does not in fact want to die for Maduro
Now do this same exercise for Taiwan.
There is something in between 0 nuclear weapons used and all nuclear weapons used.
That's like arguing against the police arresting criminals because it will incentivize them to acquire weapons.
The only consistent action for the US to take, given they - and much of the world - do not consider Maduro the legitimate President of Venezuela, was to remove him from power.
And replace him with the just as illegitimate VP? What world is that consistent in?
Terrible take in the 2nd premise of your argument. Is Venezuela a sovereign nation or a colony? Can similar logic be applied against Russia or even the US?
5 replies →
[dead]
[dead]
[flagged]
[flagged]
.
No thanks.
""" Balanced and civil engagement with occasional mild suggestions — mostly neutral and constructive. """
I never understood the (now decade old) argument of 'parts of the Internet cannot be shut down'
Clearly and empirically, BGP can shut off parts of the Internet, just as Trump wanted to do in 2015.
https://finance.yahoo.com/news/dear-donald-trump-no-you-1322...
Time for every country at threat from the US to invest in their own independent nuclear arsenal....