Slashdot Mirror

← Back to Stories (view on slashdot.org)

Honda Shuts Down Factory After Finding NSA-derived Wcry In Its Networks (arstechnica.com)

Posted by msmash on from the security-woes dept.

A Honda factory near Tokyo was shuttered for over 24 hours this week after its computers became infected with WannaCry, the same ransomware virus responsible for crippling systems in dozens of countries last month, the car manufacturer said Wednesday. From a report: The automaker shut down its Sayama plant northwest of Tokyo on Monday after finding that WCry had affected networks across Japan, North America, Europe, China, and other regions, Reuters reported Wednesday. Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm, which struck an estimated 727,000 computers in 90 countries. [...] Honda officials didn't explain why engineers found WCry in their networks 37 days after the kill switch was activated. One possibility is that engineers had mistakenly blocked access to the kill-switch domain. That would have caused the WCry exploit to proceed as normal, as it did in the 12 or so hours before the domain was registered. Another possibility is that the WCry traces in Honda's networks were old and dormant, and the shutdown of the Sayama plant was only a precautionary measure. In any event, the discovery strongly suggests that as of Monday, computers inside the Honda network had yet to install a highly critical patch that Microsoft released in March.

34 of 63 comments (clear)

  1. I'm so confused by s.petry · · Score: 3, Insightful

    Last week we heard how the DPRK was responsible for Wannacry. Today it's back to the NSA. Can we at least keep our talking points consistent?

    PS. Sucks for Toyota no matter who did it, and sucks even more if US "intelligence" is at fault for creating these tools and letting them out of a lab. (Intelligence is intentionally quoted because many who work in that area are quite frankly not.)

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:I'm so confused by gnick · · Score: 4, Insightful

      Last week we heard how the DPRK was responsible for Wannacry. Today it's back to the NSA. Can we at least keep our talking points consistent?

      The NSA was responsible for leaking the exploit that was used for WannaCry. DPRK may have been the ones to weaponize it. I don't understand the confusion.

      --
      He's getting rather old, but he's a good mouse.
    2. Re:I'm so confused by Anonymous Coward · · Score: 5, Funny

      PS. Sucks for Toyota

      Boy, you ARE confused. ;)

    3. Re: I'm so confused by jeffasselin · · Score: 4, Informative

      Correction: Microsoft made coding errors leading to an exploit. The NSA found the exploit. They left their exploit tool and code on a server that was hacked by somone else (russians?). The Shadow Brokers (russians?) leaked those. Then the north koreans used it in wannacry.

      So you can blame Microsoft, the NSA, Russian Intelligence AND the North Koreans. It's an equal opportunity blame game!

      --
      If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
    4. Re: I'm so confused by buffetw · · Score: 1

      Chances are an NSA government contractor found it.

    5. Re: I'm so confused by hairyfeet · · Score: 2

      If we follow your logic we get to blame Linus Torvalds for everything from kernel panics to Heartbleed, it IS his OS after all.

      Of course for those of us living in reality and not la la land we all know that OSes are some of the most complex pieces of software ever written, millions upon millions of lines of code that not only has to manage hardware as diverse as a maker board to huge server clusters but also provide the foundation upon which hundreds of thousands of pieces of software is built upon.

      Anybody who thinks something as complex as a full featured (as opposed to some stripped down embedded OS) Operating System can be made 100% bug free? Is a fucking idiot that knows jack shit about how OSes actually work or a bleating fanboy desperately trying to wave his little flag for the OS of his choice by attacking the perceived competition, probably because he has serious self esteem issues....so which are you?

      --
      ACs don't waste your time replying, your posts are never seen by me.
    6. Re:I'm so confused by rahvin112 · · Score: 1

      The NSA didn't leak it, they created the code, wikileaks and an anonymous leaker leaked it. The code was then incorporated into the Wcry ransomeware.

    7. Re:I'm so confused by BronsCon · · Score: 1

      Pretty sure it sucks for Honda; Toyota might sell more cars due to Honda's reduced production.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    8. Re: I'm so confused by BronsCon · · Score: 1

      ... which is how we know about it now, so we should thank that contractor. Had they not found it, someone else may have ; and that entity may have protected that knowledge better.

      Never blame the person who found the flaw; blame only those tho create and exploit such flaws. Those who create open the door for those who exploit, while those who find open the door for those who fix.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    9. Re: I'm so confused by erapert · · Score: 1

      How do we know the NSA didn't pay M$ or apply pressure to insert that coding error in the first place? They've done similar things in the past.

    10. Re: I'm so confused by turbidostato · · Score: 1

      "Correction: Microsoft made coding errors leading to an exploit"

      Exactly that.

      It is not "networks" that are affected. It is not "computers" that are affected.

      It is operating systems. And not any operating system: Microsoft operating systems.

    11. Re: I'm so confused by jimtheowl · · Score: 1

      "get to blame Linus Torvalds for everything from kernel panics to Heartbleed"

      Heartbleed was due to mistakes introduced into the OpenSSL cryptographic software library and has little to do with the OS, Linux or Linus Torvalds. You credit him with way too much.

    12. Re: I'm so confused by Skuld-Chan · · Score: 1

      Software bugs are inevitable - especially in OS's that are 30+ years old. You can do all manner of testing, something will be left unturned.

      I think the big crime here is the NSA for instead of responsibly disclosing the problem to the developer (Microsoft) they decided to keep it as a future weapon.

    13. Re: I'm so confused by turbidostato · · Score: 1

      "And both Linux and macOS"

      So wannacry attacks Linux and macOS now? No? So I thought.

    14. Re: I'm so confused by thegarbz · · Score: 1

      It's an equal opportunity blame game!

      It's only an equal opportunity blame game when there is a perfect method of removing all human sources of error and every problem was systematic. Microsoft gets to share equal blame with malicious actors when you can show me evidence that an OS can be coded 100% without bugs. Until then the malicious actors deserve the majority of the blame, especially the one who enabled the exploit by keeping it secret, weaponising it and then failing to protect the weapon.

  2. They should sue the NSA by gweihir · · Score: 4, Insightful

    But as usual, criminal activity (and we have at the very least "criminally negligent" on the NSA's part here) by state actors has zero negative consequences for them. One of the corner-stones of a corrupt government that has forgotten that it serves the people.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:They should sue the NSA by phantomfive · · Score: 1

      and we have at the very least "criminally negligent" on the NSA's part here

      That's an interesting legal theory. What law did they break? (Or even, what law did they break that "normal" people would be exposed to, since of course the NSA gets special treatment).

      --
      "First they came for the slanderers and i said nothing."
    2. Re:They should sue the NSA by BronsCon · · Score: 1

      Okay, but what is the crime as defined by law? Those may be the acts which comprise the crime that was committed, but what would the actual charge be?

      If anything fits, it's treason; good luck getting that to stick, though.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    3. Re:They should sue the NSA by R3d+M3rcury · · Score: 1

      I'm sure they'd find something in the Computer Fraud and Abuse Act.

    4. Re:They should sue the NSA by sconeu · · Score: 1

      Not treason. It's explicitly defined in the Constitution. https://www.usconstitution.net/xconst_A3Sec3.html

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    5. Re:They should sue the NSA by gweihir · · Score: 1

      Creating weaponized code and then let that be stolen from them? I am sure a creative prosecutor could find a few centuries of prison time in there.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:They should sue the NSA by gweihir · · Score: 1

      For damage done: The organization itself. It has a budget.

      For the criminal charges: Whoever was responsible for the theft being possible. Ultimately that will the the NSA heads in office when the relevant mistakes were made and subsequently not discovered or corrected. That responsible can move to people lower in the chain-of-command, for example if they ignored orders, falsified reports, etc.

      See, not so difficult.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:They should sue the NSA by TheGratefulNet · · Score: 1

      What law did they break?

      interstate commerce.

      there is surely some way that GREAT set of laws could be applied, here.

      oblig: fuck the NSA. traitors to the american public. creating software bombs, knowing full well that 'the other bad guys' will soon have those same software bombs. the NSA has enough smart people that they should have KNOWN BETTER. they still act against the people they claim they are here to protect.

      abolish the cia, nsa and all other spy agencies. they don't help us, and in fact, actually cost us money and perhaps more ;(

      --

      --
      "It is now safe to switch off your computer."
    8. Re:They should sue the NSA by BronsCon · · Score: 1

      This argument is made time and time again and, well, some would say the NSA gave aid (in attacking us) and comfort (in knowing which vulnerabilities we can attack and how to defend against them) to enemies of this country by not disclosing vulnerabilities to vendors to have them fixed and by allowing them to be leaked to the greater public, which includes enemies of this country.

      It's funny, you say Treason is explicitly defined in The Constitution, but it fails to define "aid" and ""comfort". All it takes is for someone to successfully argue the above and Treason suddenly becomes a much broader offense. Providing means of attack and means of defense from attack sure seems like something that could be twisted into "aid" and "comfort" by more than a handful of the more lawyerly types, does it not?

      In short, it's not something I'd want to take a gamble on, even if I think it's unlikely the argument would be made successfully (see above, where I said "good luck getting that to stick").

      Put another way, I never said I thought it was Treason, I merely implied that someone might; and now I've gone so far as to explain how.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    9. Re:They should sue the NSA by thegarbz · · Score: 1

      One could argue they breached export controls by failing to protect their technology from foreign malicious actors.

    10. Re:They should sue the NSA by sconeu · · Score: 1

      Which is exactly WHY they defined it (OK, loosely), in the Constitution. They didn't want the .gov to just be able to round up political enemies and charge them with treason. Broadening the definition is exactly the OPPOSITE of what the Founding Fathers would want

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    11. Re:They should sue the NSA by BronsCon · · Score: 1

      Yet, and I repeat myself because I apparently have to on this site anymore, they didn't define "aid" or "comfort", which leaves the wiggle room I'm pointing out.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  3. Re:WTF?? by RabidReindeer · · Score: 1

    Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm

    Seriously, WTF were they playing at not applying the security fixes that were released within days of WannaCry.
    OK, so with MS's history it pays to be careful and test each fix before widely deploying it, but 5 fucking weeks ??

    "Lost" computers that don't get maintenance, misplaced priorities, lots of reasons.

    That's why to this day I still register several of the original SQL server attacks on my domain, even though I don't run SQL server. Someone out there is hoping to get lucky. Sometimes they do.

  4. I guess it's not just me. by s.petry · · Score: 4, Insightful

    Microsoft code was the entry point, but if the NSA was actually performing it's function and protecting the citizens of the US they would have notified Microsoft of the problem and perhaps even helped with a fix. The chain would have ended then and there.

    Not notifying the vendor of the most widely used OS in the USA, the NSA acted against the interests of US Citizens.

    Further, claiming that the Shadow Brokers are Russian fails basic scrutiny. If there was such a group working for the FSB they would have absolutely zero interest in releasing the exploit to the wild for anyone else to access.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  5. Protection vs. WannaCry 2 ways... apk by Anonymous Coward · · Score: 1

    From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:

    Disable SMBv1 on the SERVER, configure the following registry key:

    Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1

    REG_DWORD: 0 = Disabled
    REG_DWORD: 1 = Enabled

    Default: 1 = Enabled

    Enable SMBv2 on the SERVER, configure the following registry key:

    Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2

    REG_DWORD: 0 = Disabled
    REG_DWORD: 1 = Enabled

    Default: 1 = Enabled

    ---

    Disable SMBv1 on the CLIENT, run the following commands:

    sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi

    sc.exe config mrxsmb10 start= disabled

    Enable SMBv2 & SMBv3 on the CLIENT, run the following commands:

    sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi

    sc.exe config mrxsmb20 start= auto

    ---

    * The above is per https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012/

    APK

    P.S.=> For a SINGLE 'standalone' non-networked PC (no home network/LAN but TCP/IP connected online) turn off Server & Workstation services.

    That shuts off any "handles" (port 445) this thing propogates thru + turn off NetBIOS over TCP/IP in your internet connection & uncheck/disable Client for Microsoft Networks + File and Print Sharing. Port 139 & 445 always pop up issues over time. It also makes your packet trains smaller (no encapsulation of LanMan)

    I covered all this 11++ yrs. ago in a security guide I wrote for users with a single system & apparently, its advice STILL STANDS THE "TEST OF TIME" https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/ vs. even today's threats like this one.

    * This effectively makes this threat a non-issue + saves you CPU cycles/RAM & other I/O wasted on services you don't NEED as a single PC user only... & you don't. They're just wastes with a single PC really. Many services are (covered in guide above based on CIS Tool guidance (who took fixes to their ware from "yours truly" too, no less)) & again, no more encapsulated packet bulk.

    AND?

    Don't be STUPID & click on attachments in bogus malicious emails this thing propogates thru also (Chrome/Opera/Webkit users - BEWARE of the ShellControlFile issue that just popped up (.scf file) noted here-> http://www.theregister.co.uk/2017/05/17/chrome_on_windows_has_credential_theft_bug/ ) ... apk

    1. Re:Protection vs. WannaCry 2 ways... apk by ELCouz · · Score: 1

      Done.....oh wait?!!

    2. Re:Protection vs. WannaCry 2 ways... apk by turbidostato · · Score: 1

      And then, somehow, `ls -l` is too complex for systems "in the real world".

    3. Re:Protection vs. WannaCry 2 ways... apk by BlueStrat · · Score: 1

      APK buddy, I gotta give you props as a longtime Slashdotter. Straight up, sometimes you get off the rails a bit when you're in 'the zone', and sometimes tend a bit too heavily towards "wall-o-text" for a forum post on /., but your posts on this and the hosts file posts, and more, have never been in error and/or bad advice.

      I'm sure you get a lot of shit, so I just wanted to let you know we aren't all "nattering nabobs of negativity" here. :)

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    4. Re:Protection vs. WannaCry 2 ways... apk by thegarbz · · Score: 1

      Or just run Windows Update I don't know why you insist on complicating things.