S. Korea Says Cyber Attack From North Wiped 48,700 Machines

← Back to Stories (view on slashdot.org)

S. Korea Says Cyber Attack From North Wiped 48,700 Machines

Posted by Unknown on Wednesday April 10, 2013 @02:12AM from the retaliation-will-be-swift-and-ineffective dept.

wiredmikey writes "An official investigation into a major cyber attack on South Korean banks and broadcasters last month has determined that North Korea's military intelligence agency was responsible. An investigation into access records and the malware used in the attack pointed to the North's military Reconnaissance General Bureau as the source, the Korea Internet and Security Agency (KISA) said on Wednesday. To spread the malware, the attackers went through 49 different places in 10 countries including South Korea, the investigation found. The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."

186 comments

Min score:

Reason:

Sort:

Civillian cyber-casualties by Toe,+The · 2013-04-10 02:14 · Score: 2, Interesting

Just makes me wonder what war is turning into. Instead of bombing cities, I can see nations targeting unprotected civilian computers in enemy nations. Massive destruction ensues, even though it's imprecise. In other words: bombing, but without all the mess.
1. Re:Civillian cyber-casualties by Anon,+Not+Coward+D · 2013-04-10 02:16 · Score: 5, Insightful
  
  But I'm sure most civilians prefer an empty computer rather than being dead...
  
  --
  Sometimes it's better not having signature
2. Re:Civillian cyber-casualties by carlhaagen · 2013-04-10 02:18 · Score: 3, Insightful
  
  "but without all the mess" - as long as you don't count the mess that come with society's backbone starting to wobble. Our infrastructure's and societal functions' dependency on the Internet is grossly underestimated. This is a fact.
3. Re:Civillian cyber-casualties by Airdorn · 2013-04-10 02:18 · Score: 1
  
  Messy bombing BEST bombing.
4. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:20 · Score: 0
  
  that's what your mom said after I bombed her last night!
5. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:21 · Score: 0
  
  Star Trek (TOS) Season1 Episode 23: A Taste of Armageddon http://en.wikipedia.org/wiki/A_Taste_of_Armageddon
  That's the war of the future.
6. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:23 · Score: 1
  
  Kinda reminds me of an old Star Trek episode from the original series. War was just a computer simulation for calculating casualties and then people were sent for disintegration according to the simulation results.
7. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:24 · Score: 4, Interesting
  
  Speaking as a civilian, I'd much rather prefer to both be alive and not have my livelyhood threatened, thanks. That's the worst false dichotomy I've heard all week and you should feel bad.
8. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:25 · Score: 0
  
  I thought it was, "Mooooo." -SC
9. Re:Civillian cyber-casualties by AvitarX · 2013-04-10 02:28 · Score: 1
  
  I see this as, they cost 48 million over a large selection of banks (1000/each machine to repair).
  hardly a terrible attack.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
10. Re:Civillian cyber-casualties by camperdave · 2013-04-10 02:30 · Score: 4, Insightful
  
  Well, like the old saying goes: If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.
  
  --
  When our name is on the back of your car, we're behind you all the way!
11. Re:Civillian cyber-casualties by khallow · 2013-04-10 02:37 · Score: 1
  
  Our infrastructure's and societal functions' dependency on the Internet is grossly underestimated.
  Or overstated. That's the other general possibility. Maybe even both.
  
  This is a fact.
  Or more accurately, an opinion gussied up as a fact.
12. Re:Civillian cyber-casualties by KGIII · 2013-04-10 02:39 · Score: 4, Interesting
  
  What I find amazing is that NK is technologically capable of causing that amount of damage both in terms of technology and infrastructure. I didn't believe they'd get enough bandwidth by using the soldiers to manually hand off the packets. I figured they'd be too busy eating grass and tree bark really.
  Okay, okay. So I'm only a little kidding. I'm still surprised they had the tech chops to pull that off OR that they were so poorly defended. It could go either way I suppose.
  
  --
  "So long and thanks for all the fish."
13. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:47 · Score: 0
  
  How would your livelihood be threatened if your PC was wiped? I guess you don't keep regular backups, which is the most idiotic thing I have heard all week.
14. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:47 · Score: 2, Interesting
  
  If this is the evolution of war, then war has evolved to something that is distinctly more friendly to humanity.
  Your point is that war is bad. Sure it is. But the actual point is this type of war is less bad.
15. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:48 · Score: 2, Insightful
  
  If you're doing proper backups, your livelyhood shouldn't be threatened. But there ain't no restoring a dead person from backup.
16. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 02:48 · Score: 0
  
  And a pony and 10 million dollars too!
17. Re:Civillian cyber-casualties by gatkinso · 2013-04-10 02:49 · Score: 1
  
  I'll also take the wiped hard drive and non working ATM card over the 500 pounder coming through the living room window, thanks.
  
  --
  I am very small, utmostly microscopic.
18. Re:Civillian cyber-casualties by tqk · 2013-04-10 02:49 · Score: 3, Interesting
  
  But I'm sure most civilians prefer an empty computer rather than being dead.
  Most civillians are ignorant morons wrt computers. If that empty computer was used to locate (see story yesterday) the poorly secured, net connected SCADA box that controls the spillways of the hydroelectric dam upstream of your place, an empty computer is the least of your worries.
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
19. Re:Civillian cyber-casualties by AvitarX · 2013-04-10 02:51 · Score: 1
  
  I assumed they simply had more script kiddies than anonymous not fearing retribution.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
20. Re:Civillian cyber-casualties by mwvdlee · 2013-04-10 02:52 · Score: 1
  
  Luckily for us, a crooked nail in a building won't make it explode.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
21. Re:Civillian cyber-casualties by TWiTfan · 2013-04-10 02:58 · Score: 2
  
  NK is the subject of a lot of Western propaganda. As such, you usually only hear the bad stuff about them. Any tech progress they've made would never be reported in the Western press, of course. So I suspect they're a lot more technologically advanced than most of us realize. It was the same way with the USSR in the 50's. One of the reasons a lot of Americans were so shocked by Sputnik was that they had been hearing for years that the USSR was all gulags and poverty, and had no idea that they were so technologically advanced in astronautics.
  While life in NK is no-doubt pretty shitty for the average citizen, they have engineers and programmers just like everyone else (many of whom have probably studied in China and the West).
  
  --
  The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
22. Re:Civillian cyber-casualties by KGIII · 2013-04-10 02:59 · Score: 2
  
  It is pretty clever. Someone linked to an autopsy down further in the thread. I'm kind of surprised though it does look like poor security practices were in place.
  
  --
  "So long and thanks for all the fish."
23. Re:Civillian cyber-casualties by RabidReindeer · 2013-04-10 03:02 · Score: 3, Insightful
  
  But I'm sure most civilians prefer an empty computer rather than being dead...
  Civilian computers are not the primary target. A military cyber-attack would primarily be focussed on leaving the target area without electrical power, water, transportation (including traffic lights) or communications, with its banking and financial capabilities damaged. Consider, for example, how Iran was targeted. Their nuclear centrifuges were deliberately made to spin "off-key" with the intent that the results would be useless and the centrifuges would be physically ruined.
  Obviously, if you can keep everyone busy trying to restore their personal computers and devices at the same time, it's a bonus. That way they're distracted from working on core infrastructure.
24. Re:Civillian cyber-casualties by cayenne8 · 2013-04-10 03:02 · Score: 5, Insightful
  
  How would your livelihood be threatened if your PC was wiped? I guess you don't keep regular backups, which is the most idiotic thing I have heard all week.
  It isn't so much a person's personal PC that is the danger, but of having his bank disrupted, and he can't get money. If food distribution is messed up, if drugs can't be accessed...all this stuff is interconnected.
  Let's see what happens when some extremely urban center gets hit, say like NYC...the power goes out, food can't get in/out, and see how long it takes for things to go bad really fast.
  Hell, with so many out there living cashless....what are they going to use for payment for things, if that system is down for awhile? That alone would bring a lot of misery, even if you discount the more tragic events I put forth above.
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
25. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 03:03 · Score: 0
  
  If an enemy can really bring the banking system down for a few weeks, you'll be killed while your neighbors loot your house for dogfood. Just let people self-destruct, cheaper than bombs.
26. Re:Civillian cyber-casualties by tqk · 2013-04-10 03:09 · Score: 3, Insightful
  
  I'm still surprised they had the tech chops to pull that off ...
  You can buy tech chops. Cf. Werner von Braun. There's always been plenty of people who're easily persuaded to supress any sense of morality or ethics that might get in the way of them getting the filthy lucre. Some (WvB again) aren't even after money.
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
27. Re:Civillian cyber-casualties by nospam007 · 2013-04-10 03:16 · Score: 4, Funny
  
  "I can see nations targeting unprotected civilian computers in enemy nations."
  The South should immediately retaliate and wipe all the North's computers, both of them.
28. Re:Civillian cyber-casualties by Dr_Barnowl · 2013-04-10 03:29 · Score: 1
  
  I keep backups, but if my PC was wiped, there's a certain minimum amount of time before I'm back up and running again.
  If you kept doing it, my job would turn into restoring backups instead of programming.
  Even if you only get hit once, and then armour your systems against it, your economic activity is diverted away from something that was (presumably..) productive. That might be the difference between being able to compete with your foreign competitors and going under - unscrupulous states would be happy to sponsor such cyber-attacks if they thought their consulting business would benefit.
29. Re:Civillian cyber-casualties by jadv · 2013-04-10 03:33 · Score: 1
  
  Speak for yourself, meat bag! These NK viruses will have to pry the pod bay door activation codes from my cold dead mechanical fingers!
30. Re:Civillian cyber-casualties by NeverVotedBush · 2013-04-10 03:44 · Score: 3, Interesting
  
  Consider a live CD for the system connected to the net, and another PC (if necessary) that is isolated.
31. Re:Civillian cyber-casualties by hawkinspeter · 2013-04-10 03:49 · Score: 5, Insightful
  
  Unless you're a buddhist.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
32. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 03:50 · Score: 2, Funny
  
  Yeah that is convenient. Let me guess - you also wear a condom 24 hours a day "just in case".
33. Re:Civillian cyber-casualties by leonbev · 2013-04-10 03:53 · Score: 2
  
  With the number of Bitcoin fanatics currently on Slashdot, I'm sure that there would be at least one person here who would rather be dead than lose their wallet file with a $100,000 worth of cryptocurrency on it :)
34. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 03:57 · Score: 1
  
  In my years of AC I've tried so very hard. So. Very. Hard. To not act like an asshole. But this is just one of the times that I can't.
  You are one of the biggest jackasses I've seen lately. This is just such a bizarre and inaccurate statement that in order to maintain my respect for some of slashdot's audience I would want to think you're either trolling or working for some random IT division and feel like spreading FUD in a way similar to the government and The Cyber-War Against Cyber-Terror and Cyber-Threats Cyber-Division Cyber-TM. Cyber casualties? Are you fucking kidding me? A machine getting its HD wiped is a momentary inconvenience to people who make backups. A bombing maims, kills, and HURTS. If people are actually taking up this Cyber-War mindset you've successfully let the bad elements in the government desensitize you to real issues and give themselves more reason to do things any sane person would object to because: "It's (Cyber-)War!". Congratulations!
35. Re:Civillian cyber-casualties by jabuzz · 2013-04-10 03:58 · Score: 5, Interesting
  
  Yeah just look at what happened at Royal Bank of Scotland last year. Some people at Ulster Bank (a subsidiary of RBS) where unable to access their account for the best part of a month.
  http://en.wikipedia.org/wiki/2012_RBS_computer_system_problems
  Now imagine that every bank is in the same situation as RBS along with VISA and Mastercard.
36. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 03:58 · Score: 0
  
  I'm reading Camp 14 right now. If you're willing to starve large numbers of the civilian population, it's possible to maintain a small elite & a larger, semi-elite military force. Elite being relative, since an elite status symbol in NK is a rice maker. But still, there are going to be smart people taken into the military, despite the prevalence of malnutrition induced retardation in the general population. I wish I were kidding.
37. Re:Civillian cyber-casualties by Uniquitous · 2013-04-10 04:08 · Score: 0
  
  Yet.
38. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 04:11 · Score: 1
  
  Gentlemen, gentlemen. Please calm down, there is no need to become overly agitated over this topic.
  Your bellicose argument on this subject is the most idiotic thing I have read all week and you should feel bad.
  Good day to you.
39. Re:Civillian cyber-casualties by jabuzz · 2013-04-10 04:20 · Score: 4, Insightful
  
  I would add that even having cash is no good if the power is out. These days even the till won't open, the scales won't weigh anything and the pump's won't pump the fuel. Heck even the water in the taps will stop flowing rather quicker than you might imagine without power.
  So while I do have emergency cash and both VISA and Mastercard credit cards I am realistic that in the event of a total failure it won't get me that far.
40. Re: Civillian cyber-casualties by Anonymous Coward · 2013-04-10 04:24 · Score: 2, Insightful
  
  Speaking as someone who designs control systems like what you talk about for a living, the chances of that are slim. To penetrate the Iranian centrifuges someone had to first physically infect the computers in the facility(windows based pc's) and then a technician had to connect to a seperate network that contained the PLC's controlling centrifuges and put a new program on them(the malware then spliced itself into the program while it was downloading). This kind of attack tookany years to plan out and cooperation from the company that manurfactured the PLC's(Siemens), and it required the tech reprogramming them, which would only happen because the system was still in it's software infancy.
  To apply this to something like a power station or a dam, someone would have to investigate the target and figure out exactly what control signals the PLc needed to output, then figure out how to infect it(highly unlikely because it depends on someone putting a new program on the PlC, in a proven system like a dam this is a rare occurance(less than once every 5 years probably)). And then the attack would only effect that one specific dam, no others. It would need to be redone for every attack.
  Simply disabling the control systems wouldn't do any physical damage because of the fail safes designed into systems.
  Compare that to simply bombing the dam and you'll find it'd not worth it in the least. The control malfunction is fixable, a bombed dam is not.
41. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 04:30 · Score: 0
  
  Yeah that is convenient. Let me guess - you also wear a condom 24 hours a day "just in case".
  Actually, I do. I don't trust myself, there've been some nights where even I don't know where I've been! :-)
42. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 04:53 · Score: 0
  
  Wrong. This is Chinese technology, methodology, and IT support. Nobody in NK could even imagine how something like this works, they simply have no background in it. The highest tech device they've seen is the iMac sitting on KJU's desk. This is a country with 15 cars, no lights at night, with the vast majority one meal away from a national famine. Just because Dear Leader is fat doesn't mean anyone else eats well. If you're not eating, you're not thinking; if you're not thinking, you're not capable of these types of attacks.
43. Re:Civillian cyber-casualties by davester666 · 2013-04-10 05:08 · Score: 1
  
  Then you are automatically restored, albiet in a state not necessarily the same as you were before.
  
  --
  Sleep your way to a whiter smile...date a dentist!
44. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 05:10 · Score: 0
  
  They actually ran out of tree bark last year.
45. Re: Civillian cyber-casualties by tqk · 2013-04-10 05:24 · Score: 2
  
  Speaking as someone who designs control systems like what you talk about for a living, the chances of that are slim. To penetrate the Iranian centrifuges ... This kind of attack took [many] years to plan out and cooperation from the company that manurfactured the PLC's(Siemens), and it required the tech reprogramming them, which would only happen because the system was still in [its] software infancy.
  Yet the result was, it worked. Someone was sufficiently motivated for the long haul to make it happen. I prefer not to underestimate the opposition. Slim chances are a challenge; that's all. We have to be right all the time. They only have to be right once. That story yesterday talked about (tens of|hundreds of) thousands of machines whose security were trivially unsecured (factory admin username/passwords unchanged & machines networked). It showed that there's oodles of low-hanging fruit with little to no failsafes enabled.
  9/11 happened via a couple of months in flight simulators plus box cutters, combined with a lot of inertia on our part (poorly armoured cockpit doors). Look at the mess we've since created to prevent that sort of attack. Those bastards are now long dead, yet they're still winning that battle.
  Kim Philby almost lost his job because Stalin could not believe there were no British spies in Moscow. Was that paranoia, or due diligence?
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
46. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 05:32 · Score: 0
  
  You're not doing it right if restoring a backup takes more than a couple minutes.
47. Re:Civillian cyber-casualties by Stormthirst · 2013-04-10 05:49 · Score: 1
  
  And less danger to your own people - no one flying planes or shooting guns.
48. Re:Civillian cyber-casualties by TWiTfan · 2013-04-10 06:06 · Score: 1
  
  Nobody in NK could even imagine how something like this works
  A lot of South Korean banks would beg to differ.
  
  --
  The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
49. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 06:08 · Score: 0
  
  The random restore process only restores characteristics and thought patterns, depending of the right circumstances. Dependent origination and all that.
50. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 06:40 · Score: 0
  
  Until somebody shuts down critical systems like power and water supplies and people start dying.
51. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 06:52 · Score: 0
  
  Until they start deciding who was killed by the "attack":A Taste Of Armageddon
52. Re:Civillian cyber-casualties by Trailer+Trash · 2013-04-10 07:05 · Score: 1
  
  They actually tried, but NK pulled the phone cable out of the modem.
  
  --
  Do you have ESP?
53. Re:Civillian cyber-casualties by antdude · 2013-04-10 07:30 · Score: 1
  
  Both sides should just play StarCraft. South Korea would win easily. ;)
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
54. Re:Civillian cyber-casualties by Tarlus · 2013-04-10 07:35 · Score: 3, Funny
  
  albiet in a state not necessarily the same as you were before
  Yeah, your timestamp and permissions might be missing.
  
  --
  /* No Comment */
55. Re:Civillian cyber-casualties by Tarlus · 2013-04-10 07:55 · Score: 1
  
  If your livelihood depends on it, then the inconvenience of being too careful isn't really a factor.
  
  --
  /* No Comment */
56. Re:Civillian cyber-casualties by KGIII · 2013-04-10 08:19 · Score: 1
  
  True, I just don't see them getting out much in order to do so. I am usually the guy that laughs at the conspiracy nuts but I wonder if this is a false flag op or something. I don't really know or anything, it just seems a little off.
  
  --
  "So long and thanks for all the fish."
57. Re: Civillian cyber-casualties by Anonymous Coward · 2013-04-10 09:14 · Score: 0
  
  9/11 happened via a couple of months in flight simulators plus box cutters, combined with a lot of inertia on our part (poorly armoured cockpit doors). Look at the mess we've since created to prevent that sort of attack. Those bastards are now long dead, yet they're still winning that battle.
  Hahaha, sorry man but I have to laugh. Anyone that still believes the propaganda is laughably ignorant. Worse, you have to _try_ to be ignorant at this stage of the game, since people have showing you over and over again that you were lied too! Are you still pretty sure that Saddam had weapons of mass destruction too?
58. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 09:20 · Score: 0
  
  Lived through the Chch earthquake. Store water, fuel, that gets you out if the way
59. Re:Civillian cyber-casualties by Culture20 · 2013-04-10 09:24 · Score: 1
  
  In the American Civil War, Sherman destroyed anvils and railroads, burned crops, killed livestock, etc. Our society has become quite dependent on computerized organization for shipments of crops, livestock, and other goods. Destroying desktop computers can bring a company to its knees for a while.
60. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 09:26 · Score: 0
  
  Seoul is an extremely urban center.
61. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 10:12 · Score: 0
  
  with banking infrastructure, power grids etc. being online and reachable via public internet channels, how is the statement overstates? you've graciously taken "critical thinking" to a whole new level of absurdness. you are clearly either a complete idiot, or living in the third world where internet isn't permeating society
62. Re:Civillian cyber-casualties by khallow · 2013-04-10 11:59 · Score: 1
  
  with banking infrastructure, power grids etc. being online and reachable via public internet channels, how is the statement overstates?
  
  So? That doesn't demonstrate vulnerability.
63. Re:Civillian cyber-casualties by Anonymous Coward · 2013-04-10 12:33 · Score: 0
  
  And the other saying is: if anyone built software like builders build buildings, they'd be out of business.
  It's a dumb comparison. Builders largely work with a solved problem. Software is always pushing boundaries. Tell me about those builders who are building stuff in space or under the oceans, and then we have a conversation. Oh. There aren't any. Call me when they exist.
64. Re:Civillian cyber-casualties by camperdave · 2013-04-10 15:50 · Score: 1
  
  Call me when they exist.
  Ring, ring.
  
  --
  When our name is on the back of your car, we're behind you all the way!
65. Re:Civillian cyber-casualties by KGIII · 2013-04-11 17:39 · Score: 1
  
  I got curious and am too lazy to go order a book so I fired up a search engine and found this:
  http://movies.netflix.com/WiMovie/Camp_14_Total_Control_Zone/70264533?locale=en-US
  I've watched a lot of documentaries and many of them have been about NK. This is one that I haven't seen but I'll watch it tonight. Thank you for bringing the title to my attention though, I appreciate it. I have read a lot of information about NK but I've never read a book about them. Odd I guess. Either way, your mentioning the book brought this to my attention and now I'll have something new and educational to watch. Thanks again.
  
  --
  "So long and thanks for all the fish."
This is the problem with using hacking as a weapon by Anonymous Coward · 2013-04-10 02:18 · Score: 0

Rice farmers in North Korea are not vulnerable to hacking. One of the most technologically sophisticated countries just South of that border is.
Amazing by Anonymous Coward · 2013-04-10 02:19 · Score: 0

Amazing how much damage an armada of russian ZX Spectrum clone can do.
1. Re:Amazing by Anonymous Coward · 2013-04-10 02:42 · Score: 0
  
  "Amazing how much damage a Beowulf cluster of russian ZX Spectrum clones can do.
  FTFY
Breakthrough Hack! by Anonymous Coward · 2013-04-10 02:22 · Score: 0

They must have found the ultimate hacking tool for data erasure.. the vulnerability, believe it or not.. is called fdisk
The Scoop by camperdave · 2013-04-10 02:22 · Score: 5, Informative

Symantec has an analysis of the linux component. It relies on extracting a history of ssh connections from windows machines from an application called mRemote, an open source, multi-protocol remote connections manager.

--
When our name is on the back of your car, we're behind you all the way!
1. Re:The Scoop by lesincompetent · 2013-04-10 02:26 · Score: 2
  
  They didn't properly quote their bash variables. Oh the humanity!
2. Re:The Scoop by iggymanz · 2013-04-10 02:29 · Score: 5, Informative
  
  more accurately, it checks for parameters of any ssh connection *with root privileges*. everyone see the problem there? every owner of every machine that fell to the n. korean attack richly deserved what they got. piss poor security will bite one in the ass.
3. Re:The Scoop by Vlad_the_Inhaler · 2013-04-10 02:31 · Score: 1
  
  Really nasty, if you run it as root. How do they escalate their privileges?
  
  --
  Mielipiteet omiani - Opinions personal, facts suspect.
4. Re:The Scoop by a_n_d_e_r_s · 2013-04-10 02:39 · Score: 2
  
  Not possible. Toot is the same as full access to everything - root has no access restrictions whatsoever. being root is being god on that computor.
  Thus no one sane accept ssh to root.
  
  --
  Just saying it like it are.
5. Re:The Scoop by jasnw · 2013-04-10 02:47 · Score: 2
  
  Evidently, mRemote is orphanware, although it appears it was forked into mRemoteNG. Sets up an interesting idea - what if mRemote was just a way to set up access to non-Windows systems from malware that first exploits one of the seemingly-endless entry points into Windows.
6. Re:The Scoop by DougOtto · 2013-04-10 02:57 · Score: 1
  
  I love how they talk about Linux but from the case statement it was clearly going after Solaris, AIX and HPUX too. If you believe the media, all of those are "Linux systems" too.
  
  --
  Solving Unix problems since 1989...
7. Re:The Scoop by Anonymous Coward · 2013-04-10 03:03 · Score: 0
  
  There's no mention of the number of linux boxes that might have been affected. It could have been 10, or 10000.
8. Re:The Scoop by mark-t · 2013-04-10 03:06 · Score: 2
  
  The problem isn't accepting ssh as root, per se, the biggest problem is having passwords for usernames on another system stored on an easily compromisable computer, especially ones with sudo rights.
  
  --
  File under 'M' for 'Manic ranting'
9. Re:The Scoop by RabidReindeer · 2013-04-10 03:07 · Score: 2
  
  Not possible. Toot is the same as full access to everything - root has no access restrictions whatsoever. being root is being god on that computor.
  Thus no one sane accept ssh to root.
  While it's rarely possible to login directly as root via ssh on current *n*x systems, it is common to be able to elevate oneself once logged in as an ordinary user. Otherwise remote administration would not be possible.
  Conversely, root is not god if you have selinux switched on. Still immensely powerful, but not god.
10. Re:The Scoop by DougOtto · 2013-04-10 03:11 · Score: 1
  
  Conversely, root is not god if you have selinux switched on. Still immensely powerful, but not god.
  In many cases, however, root is all that's required to edit semanage.conf. Done like disco.
  
  --
  Solving Unix problems since 1989...
11. Re:The Scoop by chispito · 2013-04-10 03:31 · Score: 4, Insightful
  
  more accurately, it checks for parameters of any ssh connection *with root privileges*. everyone see the problem there? every owner of every machine that fell to the n. korean attack richly deserved what they got. piss poor security will bite one in the ass.
  People with poor security do not *deserve* an attack.
  
  --
  The Daddy casts sleep on the Baby. The Baby resists!
12. Re:The Scoop by Dr_Barnowl · 2013-04-10 03:34 · Score: 3, Informative
  
  Yup, this is why you should only accept standard user logins, let them use sudo if they need to administer the box.
13. Re:The Scoop by Camembert · 2013-04-10 03:37 · Score: 1
  
  > every owner of every machine that fell to the n. korean attack richly deserved what they got They don't deserve it. Nobody deserves it.
14. Re:The Scoop by Anonymous Coward · 2013-04-10 04:04 · Score: 0
  
  Symantec are involved in this? Well, that explains everything.
  The South Koreans must have installed a free trial of "Norton Anti-Virus Suite" on thousands of vital machines.
15. Re:The Scoop by rastoboy29 · 2013-04-10 05:45 · Score: 0
  
  Yes, they do. Poor security = no security. You are literally inviting people to read your data because you have not made a proper effort to conceal it. If you don't agree with that, consider the alternative. We live in a world where half assed managers can simply rely on their lawyers, and bribing government lawyers, to sue everybody in the world to keep their systems secure.
  
  --
  expandfairuse.org
16. Re:The Scoop by Anonymous Coward · 2013-04-10 05:50 · Score: 0
  
  I agree. If one accidentally leaves their door unlocked or open they deserve to have someone walk in to their house and steal everything.
17. Re:The Scoop by Anonymous Coward · 2013-04-10 06:50 · Score: 0
  
  And if she didn't want her computer wiped out, why did she dress that way?
18. Re:The Scoop by SiChemist · 2013-04-10 06:59 · Score: 1
  
  Am I mistaken or does this mRemote application store passwords in the clear? That's just plain nuts!
  
  --
  God is imaginary
19. Re:The Scoop by Anonymous Coward · 2013-04-10 07:36 · Score: 0
  
  sudo is worse than most virus, trojan, cyber attack, and another other nefarious attack you can contrive.
  In 15 years, I have never seen a properly configured sudoers file at numerous places of employment. E.G., a sudoers file that actually allows a commoner to "administrate" a system.
  FYI, I don't consider the following to be properly configured or secure.
  %wheel ALL=(ALL) NOPASSWD: ALL
20. Re:The Scoop by s.petry · 2013-04-10 07:52 · Score: 1
  
  Faulty logic. Poor administration of the software does not make the software poor, it makes the administration of the software poor. Just like people that load Linux and surf pr0n as "root" does not make Linux poor, it makes users foolish.
  Many admins with your attitude believe that root ssh keys are more secure than Sudo as well. The logic is extremely bad.
  I won't discount that people need to be trained in software like Sudo. I have spent 25+ years working in the business, the majority of that in secured and classified areas. I have trained dozens of people on "how to" administer Sudo, and unlike you I have seen places where it's implemented and used properly (though perhaps not efficiently).
  Your experience and opinion does not make the software bad, it means you should spend time consulting. It also means that you have a pretty narrow view of the market. In summary, your claim that Sudo is worse than a virus is very untrue.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
21. Re:The Scoop by Anonymous Coward · 2013-04-10 08:27 · Score: 0
  
  Isn't that the cyber equivalent of "she had it coming because of the way she dressed?" Yes, maybe she deserves to be cold, but anything beyond..?
22. Re:The Scoop by Anonymous Coward · 2013-04-10 08:53 · Score: 0
  
  Lack of basic computer security does not just endanger that one unsecured system and one user account used on it, if turned into a bot it'll help infect other unsecured systems, launch DDoS attacks and serve as proxy for bad guys. It'll also collect every account on other machines accessed from this one, including possibly sensitive ones and ones where user has big privileges to add to botnet.
  Yep, destroying people's data is not good, but at least they didn't become manchurian sleepers and may be they'll get a clue now and won't be a part of next big botnet.
23. Re:The Scoop by rastoboy29 · 2013-04-12 08:14 · Score: 1
  
  There is a slight difference. If you're running a web server, this is a service designed to share your information with the rest of the world. If, for example, you have some data that is only accessible by typing in a URL--ie. you don't have a link to it--is someone "hacking" if they access it? In other words, the analogy with physical security is a false one.
  
  --
  expandfairuse.org
24. Re:The Scoop by rastoboy29 · 2013-04-12 08:26 · Score: 1
  
  There is a slight difference. If you're running a web server, this is a service designed to share your information with the rest of the world. If, for example, you have some data that is only accessible by typing in a URL--ie. you don't have a link to it--is someone "hacking" if they access it? In other words, the analogy with rape is a false one.
  
  --
  expandfairuse.org
backups by Anonymous Coward · 2013-04-10 02:23 · Score: 1

People, N. Korea has declared war. Time to make a backup...
1. Re:backups by PNutts · 2013-04-10 02:38 · Score: 2
  
  NK waged war in 1950. What they just did was declare... Never mind, you've ignored history and current events until this point so I'll leave you with this.
Thanks by idunham · 2013-04-10 02:28 · Score: 0

+1 informative, in my book...
I guess BSD is immune :P
(because they didn't add a case for it).
Think of all of the StarCraft hours lost! by kannibal_klown · 2013-04-10 02:28 · Score: 4, Funny

Just think about all of those hours lost playing StarCraft.
In other news, the entire population of South Korea is now looking for that 1 StarCraft CD so they can install it on all their machines again.
1. Re:Think of all of the StarCraft hours lost! by Anonymous Coward · 2013-04-10 02:43 · Score: 0
  
  Don't forget the key - 1234567890
2. Re:Think of all of the StarCraft hours lost! by KGIII · 2013-04-10 02:52 · Score: 1
  
  It runs in Windows. They've likely had to reformat lately so the disks should be easy to find.
  
  --
  "So long and thanks for all the fish."
3. Re:Think of all of the StarCraft hours lost! by Anonymous Coward · 2013-04-10 03:10 · Score: 0
  
  Not really, being South Korea it's the same WinXP install from 2001.
Hilarious by Anonymous Coward · 2013-04-10 02:30 · Score: 0

If this is true, they're significantly more of a threat than what their paltry nuclear and rocket propulsion levels convey.
I would laugh my ass off if N.Korea turned the world on its head with a sudden penchant for technology and digital security research.
1. Re:Hilarious by niftydude · 2013-04-10 02:33 · Score: 1
  
  This was my first reaction too. Who would have thought that a pudgy child dictator who hasn't even lost his baby fat yet could order a competent strike?
  
  --
  You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.
Re:This is the problem with using hacking as a wea by Anonymous Coward · 2013-04-10 02:30 · Score: 0

Rice farmers in SK aren't either. However, NK missiles are not Estes rockets connected to a car battery (even though a 12 year old with their finger on the button may be an accurate analogy). You are mistaken if you think NK doesn't have any technology.
victims deserved it by iggymanz · 2013-04-10 02:31 · Score: 0, Troll

only made possible by piss poor security; wake up and smell the coffee, s. korea IT people
1. Re:victims deserved it by ScentCone · 2013-04-10 02:38 · Score: 3, Insightful
  
  victims deserved it
  Uh huh. And if NK decides to shell another island or sink another boat, it will be entirely SK's fault for not making a powerful magic force field that can deflect artillery shells and torpedoes. Victims are always to blame, because they definitely cause their attackers to attack them, because of their weakness, right?
  
  What, is your junior high school out on lunch break right now? Go outside and get some exercise, and quit wasting time building up an interior justification for the future bad shit you're going to do to other people when you get your own computer and stuff.
  
  --
  Don't disappoint your bird dog. Go to the range.
2. Re:victims deserved it by iggymanz · 2013-04-10 02:41 · Score: 4, Insightful
  
  logic fails you. these cyber attacks are preventable by proper security practices - the internet is a hostile place and there is no excuse for laziness in security by IT people. Do you keep your money stacked on the sidewalk in front of your house overnight, or do you make some effort to keep thieves from easily snatching it? your attitude is the problem we in IT face
3. Re:victims deserved it by Anonymous Coward · 2013-04-10 02:56 · Score: 2, Insightful
  
  victims deserved it
  Uh huh. And if NK decides to shell another island or sink another boat, it will be entirely SK's fault for not making a powerful magic force field that can deflect artillery shells and torpedoes. Victims are always to blame, because they definitely cause their attackers to attack them, because of their weakness, right?
  And people who leave the logins set to the factory default account=Admin, password=1234, aren't to blame, either.
  Nonetheless, they will provide examples that we may call "Natural Selection At Work".
4. Re:victims deserved it by ScentCone · 2013-04-10 02:56 · Score: 1
  
  It will, indeed, if they were able to make that powerful magic force field AND they did not enable it.
  So SK is not the victim of an attack if NK launches a missle and it bounces off SK's magic shield. And SK is at fault for the attack if NK's missile isn't stopped by SK's defenses. But NK is not at fault for launching the missile in the first place. Are you even listening to yourself?
  
  --
  Don't disappoint your bird dog. Go to the range.
5. Re:victims deserved it by ScentCone · 2013-04-10 02:58 · Score: 1
  
  the internet is a hostile place
  And it's the victims' fault that it is a hostile place, right? The people actually acting out the hostility are never to blame, because that might hurt their feelings, I guess.
  
  --
  Don't disappoint your bird dog. Go to the range.
6. Re:victims deserved it by Camembert · 2013-04-10 03:05 · Score: 1
  
  They still don't deserve it. Nobody deserves it.
7. Re:victims deserved it by Anonymous Coward · 2013-04-10 03:13 · Score: 0
  
  It will, indeed, if they were able to make that powerful magic force field AND they did not enable it.
  So SK is not the victim of an attack if NK launches a missle and it bounces off SK's magic shield. And SK is at fault for the attack if NK's missile isn't stopped by SK's defenses. But NK is not at fault for launching the missile in the first place. Are you even listening to yourself?
  Where do you get the idea that only one party can be at fault? If I put a mine at a certain place, and you are credibly warned by someone that the mine is exactly there, but ignore the warning and step on that very place, and the mine goes off, it's both my fault for placing the mine and your fault for stepping on it despite knowing it is there.
8. Re:victims deserved it by iggymanz · 2013-04-10 03:17 · Score: 1
  
  lazy and stupid IT people, whose jobs are to at least adhere to minimal security practices, deserve to reap the rewards of their negligence. as do the people who hire and manage them.
9. Re:victims deserved it by Anonymous Coward · 2013-04-10 03:19 · Score: 0
  
  Shut up you fucking incoherent idiot.
10. Re:victims deserved it by Anonymous Coward · 2013-04-10 03:37 · Score: 0
  
  The fact that this strawman+false dichotomy combo is modded up saddens me. What the fuck, mods?
  But logical flaws aside - hey, the fuck do you think only one side must be blamed? If my bank forgets to lock the vault and someone walks in and takes my money, sure I'll blame the bank for negligence, but it sure won't mean I don't think that robber was not a criminal.
11. Re:victims deserved it by Anonymous Coward · 2013-04-10 03:38 · Score: 0
  
  No, logic fails YOU. Just because a person is lacking in something to protect themselves from a certain type of hostility does not mean they deserve to be hit where they're weakest.
  By your "logic," every so-called nerd in high school should be tackled every day in the halls of their school by the bigger and stronger so-called jocks.
  After all, the victim deserved it.
12. Re:victims deserved it by Anonymous Coward · 2013-04-10 03:38 · Score: 1
  
  Do you keep your car outside? Do you walk around with a wallet on your person? Do you wear anything of value?
  I suppose you will blame yourself if someone sets your car on fire (because you didn't put an automatic extinguisher system in). And you'll blame yourself for being pick-pocketed because your walled wasn't made of razor blades. And you'll blame yourself for wearing anything of value because hey, nobody should do that since it would get stolen.
  This is the sort of anarchy an angsty high-school student enjoys, I have to agree with ScentCone here, you need to grow up.
13. Re:victims deserved it by Anonymous Coward · 2013-04-10 03:55 · Score: 0
  
  Strawmen, strawmen everywhere!
  
  Do you keep your car outside with doors unlocked and keys inside? Do you walk around with a wallet dragged behind you on a piece of string?
  Here, fixing your analogies. Sure you won't even think "I'm a fucking idiot, I forgot to lock the car!" after someone drives off in it? And surely there MUST be only one side to blame in every conflict?
  Seems like those hacks were due to blatant disregard of security ABC's - not unlike leaving your car doors not just unlocked, but wide open too. Just check the comment about Linux hacks up this thread - a) remotely logging in as root, b) more than that, telling the terminal to store the password. Yes, wipining people's PCs is a crime, but being this stupid should be a crime too.
14. Re:victims deserved it by ScentCone · 2013-04-10 05:27 · Score: 1
  
  Where do you get the idea that only one party can be at fault?
  Because nobody is talking about attacking NK, while NK talks non-stop about attacking everybody else. And people here are pre-emptively saying that it's SK's fault ... not for being some degree of able or not to deflect attacks, but SK's fault for being attacked in the first place
  
  Your analogy makes no sense. What mine is it that you think SK is stepping on, exactly? Are you actually persuaded by NK's rhetoric, and think that the very existence of SK as a non-communist, non-totalitarian state is grounds to attack it? Is going about their business the stepping-on-the-mine part? Do you have some vision in your head of SK crossing the DMZ into NK?
  
  There's one party, here, that is sinking ships, shelling civilians, and the rest, on a regular basis. That's where I get the idea that one party not only can be, but is at fault.
  
  --
  Don't disappoint your bird dog. Go to the range.
15. Re:victims deserved it by Anonymous Coward · 2013-04-10 12:48 · Score: 0
  
  So essentially, it's only NK's fault if they use a zero day. You're making stupider and stupider points every single fucking time you post. Just end yourself.
16. Re:victims deserved it by Camembert · 2013-04-10 17:54 · Score: 1
  
  > lazy and stupid IT people, whose jobs are to at least adhere to minimal security practices, deserve to reap the rewards of their negligence. as do the people who hire and manage them. These are two different things. Yes, IT people should do their job. But, no, it doesn't mean that they deserve to get hacked. There is no justification for criminal behaviour of the aggressor. You can easily apply your incorrect reasoning to various other things in life and see how wrong it is.
17. Re:victims deserved it by Anonymous Coward · 2013-04-10 18:34 · Score: 0
  
  Ah, you're one of those people. Yeah, no, we who actually do work with information security do not quite view it that way. Also, if you get beaten up badly on the street some day, it'll be your fault for not having learned self defense, according to your line of thinking. That'll be fun to watch.
this just by Anonymous Coward · 2013-04-10 02:38 · Score: 0

highlights the need to do nightly backups of critical data!
Re:Elite hackers from NK? Pull the other one. by SpectreBlofeld · 2013-04-10 02:39 · Score: 1

Wonder if North Korea was the original target, and the malware leaked out into the wild...
Re:Elite hackers from NK? Pull the other one. by Anonymous Coward · 2013-04-10 02:46 · Score: 0

Most norks have fuck all because their government spends all their money on the military. These were military hackers. Comprende?
so call up the backup engineer by nimbius · 2013-04-10 02:48 · Score: 1

have her drive down to the DC, start restoring tapes, and for the love of god quit with the pissing contest. its becoming apparent the US, as well as both koreas are incapable of understanding the repercussions of a thermonuclear war.

--
Good people go to bed earlier.
Re:Elite hackers from NK? Pull the other one. by Anonymous Coward · 2013-04-10 02:48 · Score: 0

Pull the other what? And why did you say that twice?
Toot login by Anonymous Coward · 2013-04-10 02:49 · Score: 1

Toot is the same as full access to everything
The advantage of a toot login vs root is that it uses a double olfactory authentication. Plus it just feels good.
Suicide by Cop? by Anonymous Coward · 2013-04-10 02:55 · Score: 0, Interesting

It occurs to me that the North Korean regime is probably secretly very unpopular in North Korea, even among top military and government officials but the officials are too distrustful of each other to scheme together against the regime. So perhaps their current belligerence is actually their way of trying to end their own regime - they advocate seemingly patriotic actions such as attacking/threatening the rest of the world - while their true intention is to provoke the world into destroying their regime. Once an international force attacks, the officials go into hiding and decline to fight, allowing an international peacekeeping force to take over, like what happened in Iraq during the first gulf war.
1. Re:Suicide by Cop? by umghhh · 2013-04-10 04:10 · Score: 1
  
  That may be and may make a difference AFTER the regime fails but in case they start shooting the difference is irrelevant. I guess it was similar with Germans at the end of the second big one - it was clear for almost everybody that it was over and there were only two parties then: those that resigned and just waited till all is over and those who were inclined to fight till the last drop of blood of everybody else.
Wait what?? by Carnivore24 · 2013-04-10 02:57 · Score: 1

How did the North get the equipment to do this? From China or Russia? I thought they were way behind the rest of the world in technology?!?!?
1. Re:Wait what?? by sandytaru · 2013-04-10 03:12 · Score: 1
  
  Surprisingly, they run on Windows machines in English. The hardware probably comes from China, as do the pirated copies of Win XP and Win 7. They refuse to acknowledge that Microsoft localizes Windows in Korean just for the south.
  
  --
  Occasionally living proof of the Ballmer peak.
"PermitRootLogin yes" fixes it .. or not by Sloppy · 2013-04-10 02:57 · Score: 3, Interesting

If I understand correctly (do I?) the way it attacked Linux systems was that some people use a ssh client, where they literally have a preference or setting stored, for logging into the Linux machine as root. User clicks something (which does the equivalent of "ssh root@whatever" and the software automatically supplies a key or passphrase) and the next thing they see is a root bash prompt. Wow.
If that's right, then assuming your Linux machines still have

PermitRootLogin no
in /etc/ssh/sshd_config, then your setup isn't compatible with this malware. You'll need an updated version of this malware.
All machines should have "PermitRootLogin no" and if yours doesn't, you're doing something very very strange. Maybe you should go check that, right now. It'll take .. seconds.
That said, things still aren't very rosy. Presumably the user of this ssh client would also have non-root passwords or keys stored too, to get non-root access. But how many of us usually login as a user with some sudoers powers? And how many of us have a very lazy sudoers configuration, where you're literally allowed to just do "sudo -s" and get a root shell, by only having to type in your password again?
So my earlier "joke" about you needing an updated version of malware, might not really be all that much of a joke.
Tighten up your sudoers file if you can. And whether you can or not, have ssh use key authentication instead of password authentication, so that no remote clients can, or need to, have your password stored in them.

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
1. Re:"PermitRootLogin yes" fixes it .. or not by cayenne8 · 2013-04-10 03:12 · Score: 1
  
  If that's right, then assuming your Linux machines still have
  PermitRootLogin no
  Hmm..just looked on my home linux box I recently set up to play with....bydefault, with OpenSSh...it appears that is set to yes by default.
  Just changed that and rebooted.
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
2. Re:"PermitRootLogin yes" fixes it .. or not by jabuzz · 2013-04-10 03:50 · Score: 1
  
  And exactly how does key authentication stop the malware loging onto remote machines. Clue it does not. Even if I ditched key based authentication as well and kerberosied everything in sight that would still not help, because presumably I have a valid kerberos ticket when I log on...
  The only solution is to stop being lazy and require a password ever time you log into a remote machine and/or to run anything under sudo require a password.
3. Re:"PermitRootLogin yes" fixes it .. or not by Anonymous Coward · 2013-04-10 03:51 · Score: 0
  
  Hmm..just looked on my home linux box I recently set up to play with....bydefault, with OpenSSh...it appears that is set to yes by default.
  Just changed that and rebooted.
  Why reboot? All you need is
  # service sshd restart
4. Re:"PermitRootLogin yes" fixes it .. or not by Sloppy · 2013-04-10 04:13 · Score: 2
  
  And exactly how does key authentication stop the malware loging onto remote machines.
  It doesn't. What it would stop, is the malware (once logged in) having an easy-to-guess sudo password. sudo doesn't care if you know the ssh key and are therefore allowed to log in; it wants a password (not an ssh key) before it'll let you rm -rf /.
  
  --
  As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
5. Re:"PermitRootLogin yes" fixes it .. or not by petermgreen · 2013-04-10 04:38 · Score: 3, Informative
  
  Even that doesn't do much, if the attacker has control of your user account and your user account can create psuedo terminals (and if you cant create psuedo terminals then you can't use anything like xterm or screen) then they can easilly change your bash profile to add a directory under your homedir to the path. Then add malicious su and sudo wrappers in there which record the credentials.
  
  --
  note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
6. Re:"PermitRootLogin yes" fixes it .. or not by knorthern+knight · 2013-04-10 10:33 · Score: 1
  
  > Why reboot? All you need is
  > # service sshd restart
  For the non-RedHatters in the audience, it's...
  # /etc/init.d/sshd restart
  
  --
  
  I'm not repeating myself
  I'm an X window user; I'm an ex-Windows user
Scruffy-looking bot herders by Guppy · 2013-04-10 02:58 · Score: 1

I'm surprised they opted to wipe the compromised machines. North Korea has a long history of earning hard-currency funds through illicit activity (counterfeiting, drug-smuggling, etc). By wiping their targets, they've lost the possibility of using them to turn a fraudulent profit.
Probably means someone over there needed a short-term propaganda coup for internal political reasons.
Subject line error by Sloppy · 2013-04-10 02:59 · Score: 1

Of course I mean "PermitRootLogin no" fixes it .. or rather, might not really fix it.

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Problem fixes itself by gnasher719 · 2013-04-10 03:15 · Score: 5, Interesting

All the vulnerable machines were wiped. So now there are no vulnerable machines anymore. Second attack will be much harder. And the percentage of Korean users doing proper backups will probably be growing :-) (Not that I'm saying people in Korea are more negligent with backups than others).
1. Re:Problem fixes itself by WheezyJoe · 2013-04-10 06:09 · Score: 1
  
  Seems odd that the machines were wiped. Didn't that come and go in the 90's? I thought by now the whole point was to hijack a computer without wiping the machine so it can be exploited. Amateurs? or was destruction the idea in the first place? or NK brass fears what their hackers might do with access to computers outside their control?
  
  --
  Take it easy, Charlie, I've got an Angle...
2. Re:Problem fixes itself by caspy7 · 2013-04-10 07:02 · Score: 1
  
  Indeed, if mere destruction was their aim, they succeeded. But beyond taking out the vulnerable machines, if this attack has left enough of a cultural impact, it may have instilled a greater vigilance among South Koreans, such that not only will the [presumably] reinstalled machines be fully patched and secured, but the defenses of the still-standing machines will be shored up higher in the future.
  If a large enough amount of computers in my city were wiped, it would make the news, people would be talking about it, people would be asking how to protect themselves, installing antivirus, grandmas calling grandsons, etc, etc.
  North Korea may have just made it much more difficult to cyber-attack South Korea in the future.
3. Re:Problem fixes itself by swilly · 2013-04-10 13:31 · Score: 1
  
  Destructive malware stopped being common simply because it is more profitable to keep the machine compromised. (And perhaps because with the death of DOS and Win9x, destruction became harder to do.) Unless you are a government or other political entity, most hacking is done for money or for lulz. For governments and terrorist organizations, destruction is still a valid goal.
That was no wipe.... by Anonymous Coward · 2013-04-10 03:17 · Score: 1

That was Windows8....
WHAT A SCAM by Anonymous Coward · 2013-04-10 03:24 · Score: 0

is this the same attack that after a few days of investigation, they actually found out was coming from their own organization?
1) Shut down your own servers
2) claim you are the victim of "ULTRA DANGEROUS SUPER FATAL CYBERSEX RAPE!!111!1!"
3)???
4) PROFIT!11!
Re:This is the problem with using hacking as a wea by Sloppy · 2013-04-10 03:25 · Score: 2, Funny

Rice farmers in North Korea are not vulnerable to hacking.
Have you audited all your rice's genes? A leaked Monsanto report said most versions have a buffer-overflow bug somewhere in chromosome 6, but they didn't say exactly where. Unless North Korea buys their seed rice from Theo De Raadt...

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Re:Elite hackers from NK? Pull the other one. by bossk538 · 2013-04-10 03:32 · Score: 1

Elite hackers from North Korea? Pull the other one. Most people in NK don't even have access to computers. Those who do are stuck with Red Star OS and a BBS. No, something like this malware would have to come from an very advanced country. USA or South Korea maybe? It's all part of the propaganda war.
NK has a very strong IT sector - http://spectrum.ieee.org/podcast/at-work/tech-careers/for-outsourcing-it-have-you-considered-north-korea
Re:Elite hackers from NK? Pull the other one. by Dr_Barnowl · 2013-04-10 03:35 · Score: 2

I will never think of the word "norks" quite the same again.
Re:Elite hackers from NK? Pull the other one. by tqk · 2013-04-10 03:42 · Score: 2

Wonder if North Korea was the original target, and the malware leaked out into the wild.
I wonder if the miscreant just used NK to carry out the attack, in order to incriminate them. I'm lookin' at you, CIA. I must say I'm also a bit surprised to learn that NK allows any connection to the net outside its borders, especially to SK (the enemy).

--
"Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
I felt a disturbance in the force by Hoi+Polloi · 2013-04-10 03:43 · Score: 1

I felt a disturbance in the force. As if thousands of Korean Starcraft characters all cried out at once then were deleted.

--
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
A computer? Newegg. NK government spends $$$ by raymorris · 2013-04-10 03:45 · Score: 1

What equipment? A computer? From Newegg. The general population of NK is way behind, largely BECAUSE the government spends all the money on military and political posturing. Their military, apparently including cyber-warfare, is quite well funded.
Also: PermitRootLogin without-password (key only) by raymorris · 2013-04-10 03:52 · Score: 1

If for some reason you can't use: PermitRootLogin no Consider allowing root login only with a key, not with a password: PermitRootLogin without-password If you do allow root login with a key by using "without-password", use a passphrase on the key if possible. That gives two factor security. something you have (the key) plus something you know (the passphrase). For automated SSH login such as remote cron, consider "command=" to an ssh key, so it can run as root, but it can only execute that one command.
Re:Also: PermitRootLogin without-password (key onl by jabuzz · 2013-04-10 03:59 · Score: 1

None of which helps if you have a piece of software storing all the credentials you need to log onto a remote machine.
Re:This is the problem with using hacking as a wea by fazey · 2013-04-10 04:01 · Score: 1, Funny

If they got them from Theo De Raadt, they will be secure, but hard to grow, and not very healthy. His mouth will also tempt people to attack your rice fields.
So your house is surrounded by razor wire, thief? by raymorris · 2013-04-10 04:01 · Score: 1

I've heard "the victim deserves it for not protecting themselves" a couple of dozen times, ad ALWAYS from thieves, as an excuse. Therefore, most likely sildur and iggy are simply common thieves who are too stupid to even come up with a halfway logical sounding excuse to tell themselves.

sildur, your house must be surrounded by razor wire, and you've replaced all those nice breakable windows in your house and car with solid steel, right?
You COULD do those things to protect yourself, so if you don't do them, it's perfectly okay for me to smash your windows and steal your stuff, right? That's what you said, is it not?
Re:So your house is surrounded by razor wire, thie by Anonymous Coward · 2013-04-10 04:09 · Score: 0

Most likely you fail at logic forever, because for no reason you equate "victim deserves it == perpetrator is innocent" and "didn't take basic steps to secure it == didn't go over US Defense Budget to secure it".
I'm pretty sure sildur locks his front door when going out to the bar instead of leaving it wide open, and I'm pretty sure you'd at least raise a brow hearing about him getting robbed if he didn't.
Re:Elite hackers from NK? Pull the other one. by Anonymous Coward · 2013-04-10 04:10 · Score: 0

I once had a colleague who talked incessantly about norks, or "norx" as he spelt it. Chebs was his other favourite word. I've always been partial to jubblies myself.
Re:This is the problem with using hacking as a wea by subanark · 2013-04-10 04:36 · Score: 1

Audit *all* genes? That is like asking someone to determine if a database has hidden data when all you can do is use a SELECT statement. In other words, you aren't going to find anything bad unless you know what to look for.
Yes, I know I'm completely missing the point of the comment.
Re:Elite hackers from NK? Pull the other one. by Anonymous Coward · 2013-04-10 04:41 · Score: 0

Sometimes the world seems so big. I had never come across a meaning of "nork" other than as short for "north korean" until now. Needless to say, I like your norks better. Wait...
(including Linux machines) by slashmydots · 2013-04-10 04:54 · Score: 0

Well, there you go. Did you hear that? That was the sound of the last Slashdot reader FINALLY realizing Linux is basically the Mac OS (insecure but not typically targeted). Oooooh, you Windows PC users get soooo many viruses! You should switch to this Linux PC because it's magic and invincible and has ground up unicorn horns as thermal paste on the CPU. Get over it.
1. Re:(including Linux machines) by Anonymous Coward · 2013-04-10 05:06 · Score: 1
  
  ... Except if you read about those attacks on Linux, you'll realise those are actually attacks on Windows finding saved Linux credentials in terminal program's settings.
  Stop the presses, slashmydots had an epiphany - it doesn't matter what locks you use, your house is not secure if you just leave your keys under the rug!
2. Re:(including Linux machines) by Anonymous Coward · 2013-04-10 05:43 · Score: 0
  
  and has ground up unicorn horns as thermal paste on the CPU
  Everyone knows this makes hardware run better, Windoze or Leenux or otherwise. Bringing this up is a little distracting from the true value of your rant.
3. Re:(including Linux machines) by Anonymous Coward · 2013-04-10 06:27 · Score: 0
  
  You should switch to this Linux PC because it's magic and invincible and has ground up unicorn horns as thermal paste on the CPU. Once I did it, my PC has never been so cool and clean. and I have a constant erection once my machine has heated up.
4. Re:(including Linux machines) by Anonymous Coward · 2013-04-10 07:35 · Score: 0
  
  DOwnmoDD this fucking SHIL!$
Re:This is the problem with using hacking as a wea by Sloppy · 2013-04-10 05:07 · Score: 2

If you think my comment actually had a point, then you missed the point. :-)

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Re:So your house is surrounded by razor wire, thie by ScentCone · 2013-04-10 05:47 · Score: 1

Most likely you fail at logic forever
Why, because he pointed out the truth?

victim deserves it == perpetrator is innocent
If the victim deserves it, then you mean that they are morally culpable. Which can only mean that the other party - which is solely responsible for taking the action in question, and absent taking that action nothing would happen - is morally in the right in taking that action.

Your own weasle words ("most likely" on a matter of logic?) show you're just another spineless moral relativist.

--
Don't disappoint your bird dog. Go to the range.
Re:So your house is surrounded by razor wire, thie by Anonymous Coward · 2013-04-10 06:29 · Score: 0

No, because he repeats same strawman as you. By the way, "most likely" there was just mirroring parent post, but hey, attacking word choice and adding ad hominem to your list of logic errors feels good, eh?

If the victim deserves it, then you mean that they are morally culpable. Which can only mean that the other party - which is solely responsible for taking the action in question, and absent taking that action nothing would happen - is morally in the right in taking that action.
Yay, ain't it nice living in a binary world? Black and white's all we need.
Anyways, yeah, applying your logic, as failure to take steps for basic security of your computer creates unnecessary potential hazard for other computers on the net, those NK hackers did a good thing to simpy disable them by wiping, instead of realizing that hazard by installing a DDoS bots. I see you agree with GGGP then, no need for "bombing innocent population" strawmen there.
Too bad you don't think they could done a good thing by hacking into and then fixing the security on those computers instead, so here I disagree with you.
A better choice by Roger+W+Moore · 2013-04-10 07:37 · Score: 1

Personally I'd prefer no internet access to North Korea over a wiped computer. So how about we just disconnect them from the global internet instead?
Is that what you really want? by Anonymous Coward · 2013-04-10 08:13 · Score: 0

I pop high security locks with slivers of steel for fun. There are many of us. To me, outside the DoD everyone's physical security is poor. Do you believe that you deserve your car to be stolen and your house to be ransacked just because you aren't a domain expert in physical security? I don't. Are you inviting me to take all your stuff? That is wrong. It always has been wrong. In this case it is wrong and you are wrong.
1. Re:Is that what you really want? by rastoboy29 · 2013-04-12 08:20 · Score: 1
  
  There is a slight difference. If you're running a web server, this is a service designed to share your information with the rest of the world. If, for example, you have some data that is only accessible by typing in a URL--ie. you don't have a link to it--is someone "hacking" if they access it? In other words, the analogy with physical security is a false one.
  
  --
  expandfairuse.org
2. Re:Is that what you really want? by rastoboy29 · 2013-04-20 21:06 · Score: 1
  
  Are you out of your mind? Have you never hacked a site *on accident*?
  
  --
  expandfairuse.org
Linux? by Anonymous Coward · 2013-04-10 08:49 · Score: 0

From the symantec analysis:
"The bash script is a wiper designed to work with any Linux distribution, with specific commands for SunOS, AIX, HP-UX distributions."
Sorry, but when did those three become linux distros/
Re:A computer? Newegg. NK government spends $$$ by Oakey · 2013-04-10 12:12 · Score: 1

Funded by what? What is NK exporting that gives them money to actually buy shit?

--
"Dre don't get as high as me.... I'm Cheech and Chong" - Snoop Dogg
Re:So your house is surrounded by razor wire, thie by ScentCone · 2013-04-10 13:36 · Score: 1

Yay, ain't it nice living in a binary world? Black and white's all we need.
Asserting that SK deserves being attacked is exactly such a binary position. They either do deserve to be attacked, or they do not. Tap-dancing around that is just BS.

--
Don't disappoint your bird dog. Go to the range.
Re:A computer? Newegg. NK government spends $$$ by Reservoir+Penguin · 2013-04-10 15:27 · Score: 1

Among other things missiles and missile tech. Iran pays hard cash for that.

--
US-UK-Israel: The real Axis of Evil
Re:A computer? Newegg. NK government spends $$$ by Camembert · 2013-04-10 17:56 · Score: 1

I have am not mistaken they also have mines digging up some valuable elements.
thanks, rkhunter by yusing · 2013-04-10 19:58 · Score: 1

Interestingly, I just started playing with Rootkit Hunter a couple of weeks back, and it complained when it saw "PermitRootLogin yes".
Since I didn't know that existed, it was either set that way by the very popular distribution I'm using OR (unlikely) by an external force. I'm sure no expert, but allowing login as root via SSH just didn't sound like a good idea. Maybe it's all those 'Security Now' episodes.

--
"You must try to forget all you have learned. You must begin to dream." -- Sherwood Anderson
don't believe the hype by Anonymous Coward · 2013-04-11 00:23 · Score: 0

No way North Korea did that.
It's pointless, from the military prospective, and so unfit for their way of thinking.
Either, some kid hacker messed things up, and the South needs someone to blame,
or someone is trying to sell "security" to the South.
Yes it does by raymorris · 2013-04-11 01:25 · Score: 1

None of which helps if you have a piece of software storing all the credentials you need to log onto a remote machine.
If you follow my suggestion and use command="", it certainly DOES help that that login can only run "startbackup" and nothing else.