What John Deere did to Russian looters, anyone can do to farmers, anywhere.

Here’s a delicious story: CNN reports that Russian looters, collaborating with the Russian military, stole 27 pieces of John Deere farm equipment from a dealership in Melitopol, Ukraine, collectively valued at $5,000,000. The equipment was shipped to Chechnya, but it will avail the thieves naught, because the John Deere dealership reached out over the internet and bricked these tractors, using an in-built kill-switch.

Since that story ran last week, I’ve lost track of the number of people who sent it to me. I can see why: it’s a perfect cyberpunk nugget: stolen tractors rendered inert by an over-the-air update, thwarting the bad guys. It could be the climax of a prescient novella in Asimov’s circa 1996.

But I’m here to tell you: this is not a feel-good story.

I mean, sure. In the short term, it’s really cool to think of those looters arriving in Chechnya only to discover that their looted tractors and combines and such are only good for spare parts (and maybe not even that).

But if you scratch the surface of that cinematic comeuppance, what you find is a far scarier parable about the way that cyberwarfare could extrude itself into the physical world. After all, if John Deere’s authorized technicians can reach out and brick any tractor or combine, anywhere in the world, then anyone who suborns, hacks or blackmails a John Deere technician — say, Russia’s storied hacker army, who specialize in mass-scale infrastructure attacks, which they perfected by attacking Ukrainian embedded systems — can do the exact same thing.

Continue reading "About those kill-switched Ukrainian tractors"