Slashdot Mirror

← Back to Stories (view on slashdot.org)

That North Korean Facebook Clone Has Already Been Hacked (vice.com)

Posted by EditorDavid on from the suggested-posts dept.

Remember yesterday's story about an off-the-shelf Facebook clone in North Korea? Within a few hours that site was hacked by an 18-year-old college student in Scotland. An anonymous reader writes: Using the default credentials, Andrew McKean posted "Uh, I didn't create this site just found the login" in the site's box for Sponsored links. "McKean was able to become an admin for the site just by clicking on the 'Admin' link at the bottom of the site and guessing the username and password," writes Motherboard, which adds that the password was "password". McKean says the breach "was easy enough," and granted him the ability to "delete and suspend users, change the site's name, censor certain words and manage the eventual ads, and see everyone's emails."
The teenager said he had "no plans" for the compromised site -- except possibly redirecting it to an anti-North Korean page.

44 of 84 comments (clear)

  1. That's the best you could think of? by K.+S.+Kyosuke · · Score: 1, Troll

    "Uh, I didn't create this site just found the login"

    Why not "Kim Jong-Un is a pussy! Sincerely yours, Park Geun-hye" or something more creative like that?

    --
    Ezekiel 23:20
    1. Re:That's the best you could think of? by Anonymous Coward · · Score: 1

      Nah, you should be able to do better than that: Public Announcement: Following up on the policy of acceptable haircuts for students that need to follow the impeccable style of our beloved leader, we've decided to extend the required complance: Please report ot the nearest hospital for cosmetic surgery if your penis measures more than 2 inches to follow our beloved leaders standard.

    2. Re:That's the best you could think of? by Opportunist · · Score: 2

      How uninspired. The true gold would be:

      1. Make a few insanely absurd new rules for the North Korean people. This is actually the challenging part for a people that already had mandatory haircuts, I agree.
      2. Point a few western news networks at the page.
      3. Watch the ensuing hilarity when they start gobbling up your insanity as reality.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Hacked? Really? by Frosty+Piss · · Score: 4, Insightful

    The word "hacked" is overused. Making a fairly easy assumption that the default UID / PID has not been changed by some rube North Koreans who didbn't expect anyone to notice the demo site is hardly a "hack".

    On the other hand, I'll bet that the REAL North Korean intel guys gathered a whole lot of data from the honeypot site.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Hacked? Really? by thegarbz · · Score: 1

      The word "hacked" is overused.

      That's only because the bar for people is set too low. Hack means to gain unauthorised access to a system. Whether that was via a SQL injection or because someone gave up the password in a phishing scam, or someone unauthorised simply guessed the password isn't part of the definition.

      It was a cheap hack which required no skill what so ever, but a hack none the less.

    2. Re:Hacked? Really? by AmiMoJo · · Score: 1

      Yep. It's either a honeypot trap that this guy just stumbled into, or it's some random student's university project and pretty far from the spectacular "hack" that TFA seems to think it is. How many people are actually using this site and are they posting anything interesting?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Hacked? Really? by turbidostato · · Score: 1

      "The word "hacked" is overused."

      Still, if this was not a North Korean site but, say, a US Gov one, wouldn't this boy be already assaulted by a SWAT team, moved to gitmo and presented as public enemy number one?

      Why the double standard?

    4. Re:Hacked? Really? by turbidostato · · Score: 4, Insightful

      "Hack means to gain unauthorised access to a system."

      That's a crack.

      A hack is any clever and usually unexpected use of technology to accomplish a task.

    5. Re:Hacked? Really? by JustAnotherOldGuy · · Score: 1

      Agreed...this is not really worthy of the "hacked" label.

      To call this "hacking" is akin to microwaving a burrito and calling it "cooking".

      --
      Just cruising through this digital world at 33 1/3 rpm...
    6. Re:Hacked? Really? by thegarbz · · Score: 1

      That was a crack. Language has moved on and left the old definitions in the past. That's the upside and the downside of English and while you like the distinction if you tell someone you cracked a system they will likely think you're inhaling a new kind of drug.

    7. Re:Hacked? Really? by turbidostato · · Score: 1

      "That was a crack. Language has moved on and left the old definitions in the past."

      Only it has not moved. When a comment in code reads " # dirty hack: I did this because... " nobody thinks the author left a backdoor in the program.

    8. Re:Hacked? Really? by thegarbz · · Score: 1

      Only it has not moved.

      I beg to differ, as do people who read newsspeak, read the internet, consume various forms of popular media, talk at the water cooler, and those who write dictionaries which document the present use of words. Note I said document. The dictionary does not define, it only documents the present popular usage and some nicer dictionaries give you a bit of history of the words too.

      To claim the distinction is to not move with the times which while you're right unfortunately makes you an "outcast" to the common usage. Not that this is a bad thing, its actually part of being intelligent, but there's no denying that the language in common use has well and truly moved on.

    9. Re:Hacked? Really? by turbidostato · · Score: 1

      I beg to differ, as do people who read newsspeak, read the internet"

      It's funny then, that just yesterday, in the most sold newspaper in my country (so, for the masses), the CEO of one of the biggest telcos in the world presented his newly appointed Chief Data Officer as the "most famous hacker in the country". You can bet he was not talking about somebody that illegally breaks into others' systems.

    10. Re:Hacked? Really? by mcswell · · Score: 1

      Polysemy.

  3. Hacked by Anonymous Coward · · Score: 1

    "which adds that the password was "password""

    He must have used a sophisticated brute force attack.

  4. Re:Link the front page to factnet.org by Frosty+Piss · · Score: 1, Troll

    No one cares about your Scientology obsession, because no one cares about Scientology. If you were stupid enough to get sucked into it in the first place, you're still stupid.

    --
    If you want news from today, you have to come back tomorrow.
  5. Next man up by Anonymous Coward · · Score: 2, Interesting

    The poor shlub who administers that site has probably already been executed.

  6. The new generation by fred911 · · Score: 4, Funny

    "The teenager said he had "no plans" for the compromised site"

      Ah these young'ins, back in the day it would be goatse.cx 'ed or at the very minimum a penis bird!

      Jeeze what's this world become.

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    1. Re:The new generation by Gravis+Zero · · Score: 1

      "The teenager said he had "no plans" for the compromised site"

      [...]

        Jeeze what's this world become.

      hopefully, more civilized. previous generations are really trying hard to ruin what's left of the world.

      --
      Anons need not reply. Questions end with a question mark.
    2. Re:The new generation by Some+nick+or+other · · Score: 1

      I can think of something more useful. See if the site computer has a modem or phone connection or something, and then bridge over onto the Kwangmyong intranet. Port scan and download everything! ... although at dialup speeds, it would take a while.

    3. Re:The new generation by techno-vampire · · Score: 4, Interesting

      I think that if I managed to hijack a site in North Korea, I'd simply redirect it to a tourism site in South Korea to let the North Koreans get a look at how the other half lives.

      --
      Good, inexpensive web hosting
    4. Re:The new generation by thegarbz · · Score: 1

      hopefully, more civilized. previous generations are really trying hard to ruin what's left of the world.

      Wow, found the captain of the fun police.

    5. Re:The new generation by Opportunist · · Score: 1

      Linking to goatse? Why, it's North Korea, I'm pretty sure the page already showed a huge asshole on the front page.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. totally called it by Gravis+Zero · · Score: 1

    seriously, this was an easily predicted outcome. PHP and security are at odds with each other.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:totally called it by Tablizer · · Score: 1

      What's the safe language then?

      --
      Table-ized A.I.
  8. They were lucky by ruir · · Score: 1

    sarcasm on: He could have changed the password, and then they would not know how to regain it back....

  9. Crime by Anonymous Coward · · Score: 2, Interesting

    I hope he is prosecuted to the full extent of the law both UK and NK, any propaganda induced biased against NK is not reason enough to commit a crime.

    1. Re:Crime by Noah+Haders · · Score: 1

      it's not a crime to hack the DPRK.

  10. NK U? by Tablizer · · Score: 1

    It was probably a student project, not a gov't sponsored site. I doubt the NK gov't gives a fuck.

    --
    Table-ized A.I.
  11. In what language is "password" a secure password? by raymorris · · Score: 1, Interesting

    He got in because the password was left as "password". In what programming language is "password" a secure password?

    Having said that, ten years or fifteen ago PHP had serious security issues, given that it is designed to be used on web, where the application will be attacked daily. It was literally impossible to write a secure program in PHP; literally "hello world" had a security vulnerability. Much has changed. PHP was originally a CMS, written in Perl with a bit of C. It's now an actual programming language, one used by clueless little companies like Facebook. Seriously, it has improved a lot. The world's largest web sites wouldn't be running on PHP if it were junk.

    Having said THAT, it's still an "easy" language to start learning. You can start writing little PHP scripts without being trained and educated as a programmer. If you do that in any language and put your scripts on the web, you'll get hacked. While PHP as a language is pretty decent now, PHP "scripters" who don't know any programming language other than PHP are still mostly people who don't know much. But the same is true of .Net or many other languages. If you learned a bit of a language but never learned programming and especially security issues of web programming, you probably shouldn't expose your software to internet hackers.

  12. Non-story by Wuhao · · Score: 1

    This sounds like a default, or near-default install of a basic web application, made available from a public-facing IP. The only remotely interesting thing here is that the IP is in NK, but the only real story seems to be "someone in North Korea with the ability to allocate a public IP played with dolphinPHP." I mean, it could be an official party directive. Or it could be that some bureaucratic entity in DPRK did what bureaucratic entities love to do: had an idea that went nowhere, which may not have ever been understood by anyone in the first place, and led to some amount of useless effort being expended.

  13. Since when? by burni2 · · Score: 1

    1.) since when it is not a crime to hack DPRK, just because its the DPRK, I think the UK computer fraud acts are pretty specific.

    The big exception is, when you would be part of the military or part of a secret service - then you can commit crimes sometimes even against humanity and go unpunished.

    2.) And there might be an exception when the hacking could go unpunished, exactly if it would be used to save lifes, for example or stop attrocities (by changing the execution list for example), or bring evidence forth about violation of human rights.

    1. Re:Since when? by Noah+Haders · · Score: 1

      Who from the DPRK is going to press charges? That would make the Dear Leader look like a Deer Breeder. Also, what kind of jury would convict on something like that? Also, I'd like to see the evidence.

    2. Re:Since when? by Joe_Dragon · · Score: 1

      and if the DPRK fakes evidence or clams that the hacked killed someone then what?

    3. Re:Since when? by Noah+Haders · · Score: 1

      A gold medal.

  14. Re:Password is in english? by hcs_$reboot · · Score: 1

    Shouldn't the password have been in Korean?

    The guy pumped and untared a tar.gz he found on the Net somewhere in a "docs" folder. Probably from the billions available from the US. That happens all the time in Western countries, but since it's NK, that makes the news.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  15. Oh? This is a story now? by SeaFox · · Score: 1

    Kinda amused to see this get put out as a story now. It didn't get much attention when I pointed it out yesterday. The little ninja character was gone pretty fast, though.

  16. Re:Safety by Opportunist · · Score: 1

    As unpredictable as the average child with a water gun full of ink. Yes, in theory he could ruin your dress, but in the end he's more afraid of the spanking he'd get for it than you are about your suit.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  17. Re:Safety by Mr+D+from+63 · · Score: 2

    I'm not sure I'd put my real name on any sort of embarrassment to the North Koreans. They are rather unpredictable.

    I predict North Korea will have at least one less (living) IT staff members.

  18. I don't get it. by hey! · · Score: 1

    Why is this news? Were people expecting North Korean admins of off-the-shelf websites to somehow be better than ones in the rest of the world?

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  19. Re:In what language is "password" a secure passwor by raymorris · · Score: 1

    >> Ten or fifteen years ago PHP sucked
    > I'm maintaining/refactoring a large legacy PHP

    I feel your pain. I've done the same with a million-line PHP project called Moodle.

        Since you are refactoring, I hope you study modern PHP and apply it where it makes sense.

  20. Re:In what language is "password" a secure passwor by jordanjay29 · · Score: 1

    Having used Moodle for a university class, I bow to your unholy patience and fortitude.

  21. Deathtoll ? by Thanatiel · · Score: 1

    How many North Corean people will die because of this ?
    Or is the crazyness not to that level yet ?

    --
    Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
  22. An older vesion, I'm guessing by raymorris · · Score: 1

    I'm guessing you used an older version. Moodle too has improved dramatically in the last four years. It has really grown up.