×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

S. Korea Says Cyber Attack From North Wiped 48,700 Machines

Unknown Lamer posted 1 year,14 days | from the retaliation-will-be-swift-and-ineffective dept.

Security 186

wiredmikey writes "An official investigation into a major cyber attack on South Korean banks and broadcasters last month has determined that North Korea's military intelligence agency was responsible. An investigation into access records and the malware used in the attack pointed to the North's military Reconnaissance General Bureau as the source, the Korea Internet and Security Agency (KISA) said on Wednesday. To spread the malware, the attackers went through 49 different places in 10 countries including South Korea, the investigation found. The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

186 comments

Civillian cyber-casualties (2, Interesting)

Toe, The (545098) | 1 year,14 days | (#43411777)

Just makes me wonder what war is turning into. Instead of bombing cities, I can see nations targeting unprotected civilian computers in enemy nations. Massive destruction ensues, even though it's imprecise. In other words: bombing, but without all the mess.

Re:Civillian cyber-casualties (5, Insightful)

Anon, Not Coward D (2797805) | 1 year,14 days | (#43411801)

But I'm sure most civilians prefer an empty computer rather than being dead...

Re:Civillian cyber-casualties (4, Interesting)

Anonymous Coward | 1 year,14 days | (#43411881)

Speaking as a civilian, I'd much rather prefer to both be alive and not have my livelyhood threatened, thanks. That's the worst false dichotomy I've heard all week and you should feel bad.

Re:Civillian cyber-casualties (0)

Anonymous Coward | 1 year,14 days | (#43412109)

How would your livelihood be threatened if your PC was wiped? I guess you don't keep regular backups, which is the most idiotic thing I have heard all week.

Re:Civillian cyber-casualties (5, Insightful)

cayenne8 (626475) | 1 year,14 days | (#43412295)

How would your livelihood be threatened if your PC was wiped? I guess you don't keep regular backups, which is the most idiotic thing I have heard all week.

It isn't so much a person's personal PC that is the danger, but of having his bank disrupted, and he can't get money. If food distribution is messed up, if drugs can't be accessed...all this stuff is interconnected.

Let's see what happens when some extremely urban center gets hit, say like NYC...the power goes out, food can't get in/out, and see how long it takes for things to go bad really fast.

Hell, with so many out there living cashless....what are they going to use for payment for things, if that system is down for awhile? That alone would bring a lot of misery, even if you discount the more tragic events I put forth above.

Re:Civillian cyber-casualties (1)

Dr_Barnowl (709838) | 1 year,13 days | (#43412571)

I keep backups, but if my PC was wiped, there's a certain minimum amount of time before I'm back up and running again.

If you kept doing it, my job would turn into restoring backups instead of programming.

Even if you only get hit once, and then armour your systems against it, your economic activity is diverted away from something that was (presumably..) productive. That might be the difference between being able to compete with your foreign competitors and going under - unscrupulous states would be happy to sponsor such cyber-attacks if they thought their consulting business would benefit.

Re:Civillian cyber-casualties (3, Interesting)

NeverVotedBush (1041088) | 1 year,13 days | (#43412677)

Consider a live CD for the system connected to the net, and another PC (if necessary) that is isolated.

Re:Civillian cyber-casualties (2, Funny)

Anonymous Coward | 1 year,13 days | (#43412719)

Yeah that is convenient. Let me guess - you also wear a condom 24 hours a day "just in case".

Re:Civillian cyber-casualties (2, Interesting)

Anonymous Coward | 1 year,14 days | (#43412119)

If this is the evolution of war, then war has evolved to something that is distinctly more friendly to humanity.

Your point is that war is bad. Sure it is. But the actual point is this type of war is less bad.

Re:Civillian cyber-casualties (2, Insightful)

Anonymous Coward | 1 year,14 days | (#43412127)

If you're doing proper backups, your livelyhood shouldn't be threatened. But there ain't no restoring a dead person from backup.

Re:Civillian cyber-casualties (0)

Anonymous Coward | 1 year,14 days | (#43412135)

And a pony and 10 million dollars too!

Re:Civillian cyber-casualties (1)

gatkinso (15975) | 1 year,14 days | (#43412141)

I'll also take the wiped hard drive and non working ATM card over the 500 pounder coming through the living room window, thanks.

Re:Civillian cyber-casualties (0)

Anonymous Coward | 1 year,14 days | (#43412299)

If an enemy can really bring the banking system down for a few weeks, you'll be killed while your neighbors loot your house for dogfood. Just let people self-destruct, cheaper than bombs.

Re:Civillian cyber-casualties (3, Interesting)

tqk (413719) | 1 year,14 days | (#43412149)

But I'm sure most civilians prefer an empty computer rather than being dead.

Most civillians are ignorant morons wrt computers. If that empty computer was used to locate (see story yesterday) the poorly secured, net connected SCADA box that controls the spillways of the hydroelectric dam upstream of your place, an empty computer is the least of your worries.

Re:Civillian cyber-casualties (3, Insightful)

RabidReindeer (2625839) | 1 year,14 days | (#43412287)

But I'm sure most civilians prefer an empty computer rather than being dead...

Civilian computers are not the primary target. A military cyber-attack would primarily be focussed on leaving the target area without electrical power, water, transportation (including traffic lights) or communications, with its banking and financial capabilities damaged. Consider, for example, how Iran was targeted. Their nuclear centrifuges were deliberately made to spin "off-key" with the intent that the results would be useless and the centrifuges would be physically ruined.

Obviously, if you can keep everyone busy trying to restore their personal computers and devices at the same time, it's a bonus. That way they're distracted from working on core infrastructure.

Re:Civillian cyber-casualties (2)

jadv (1437949) | 1 year,13 days | (#43412593)

Speak for yourself, meat bag! These NK viruses will have to pry the pod bay door activation codes from my cold dead mechanical fingers!

Re:Civillian cyber-casualties (3, Insightful)

carlhaagen (1021273) | 1 year,14 days | (#43411813)

"but without all the mess" - as long as you don't count the mess that come with society's backbone starting to wobble. Our infrastructure's and societal functions' dependency on the Internet is grossly underestimated. This is a fact.

Re:Civillian cyber-casualties (4, Insightful)

camperdave (969942) | 1 year,14 days | (#43411947)

Well, like the old saying goes: If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.

Re:Civillian cyber-casualties (1)

khallow (566160) | 1 year,14 days | (#43411997)

Our infrastructure's and societal functions' dependency on the Internet is grossly underestimated.

Or overstated. That's the other general possibility. Maybe even both.

This is a fact.

Or more accurately, an opinion gussied up as a fact.

Re:Civillian cyber-casualties (1)

Airdorn (1094879) | 1 year,14 days | (#43411817)

Messy bombing BEST bombing.

Re:Civillian cyber-casualties (0)

Anonymous Coward | 1 year,14 days | (#43411837)

that's what your mom said after I bombed her last night!

Re:Civillian cyber-casualties (0)

Anonymous Coward | 1 year,14 days | (#43411897)

I thought it was, "Mooooo." -SC

Re:Civillian cyber-casualties (0)

Anonymous Coward | 1 year,14 days | (#43411845)

Star Trek (TOS) Season1 Episode 23: A Taste of Armageddon http://en.wikipedia.org/wiki/A_Taste_of_Armageddon

That's the war of the future.

Re:Civillian cyber-casualties (1)

Anonymous Coward | 1 year,14 days | (#43411865)

Kinda reminds me of an old Star Trek episode from the original series. War was just a computer simulation for calculating casualties and then people were sent for disintegration according to the simulation results.

Re:Civillian cyber-casualties (1)

AvitarX (172628) | 1 year,14 days | (#43411927)

I see this as, they cost 48 million over a large selection of banks (1000/each machine to repair).

hardly a terrible attack.

Re:Civillian cyber-casualties (4, Interesting)

KGIII (973947) | 1 year,14 days | (#43412021)

What I find amazing is that NK is technologically capable of causing that amount of damage both in terms of technology and infrastructure. I didn't believe they'd get enough bandwidth by using the soldiers to manually hand off the packets. I figured they'd be too busy eating grass and tree bark really.

Okay, okay. So I'm only a little kidding. I'm still surprised they had the tech chops to pull that off OR that they were so poorly defended. It could go either way I suppose.

Re:Civillian cyber-casualties (1)

AvitarX (172628) | 1 year,14 days | (#43412167)

I assumed they simply had more script kiddies than anonymous not fearing retribution.

Re:Civillian cyber-casualties (2)

KGIII (973947) | 1 year,14 days | (#43412253)

It is pretty clever. Someone linked to an autopsy down further in the thread. I'm kind of surprised though it does look like poor security practices were in place.

Re:Civillian cyber-casualties (2)

TWiTfan (2887093) | 1 year,14 days | (#43412239)

NK is the subject of a lot of Western propaganda. As such, you usually only hear the bad stuff about them. Any tech progress they've made would never be reported in the Western press, of course. So I suspect they're a lot more technologically advanced than most of us realize. It was the same way with the USSR in the 50's. One of the reasons a lot of Americans were so shocked by Sputnik was that they had been hearing for years that the USSR was all gulags and poverty, and had no idea that they were so technologically advanced in astronautics.

While life in NK is no-doubt pretty shitty for the average citizen, they have engineers and programmers just like everyone else (many of whom have probably studied in China and the West).

Re:Civillian cyber-casualties (3, Insightful)

tqk (413719) | 1 year,14 days | (#43412363)

I'm still surprised they had the tech chops to pull that off ...

You can buy tech chops. Cf. Werner von Braun. There's always been plenty of people who're easily persuaded to supress any sense of morality or ethics that might get in the way of them getting the filthy lucre. Some (WvB again) aren't even after money.

Re:Civillian cyber-casualties (4, Funny)

nospam007 (722110) | 1 year,13 days | (#43412453)

"I can see nations targeting unprotected civilian computers in enemy nations."

The South should immediately retaliate and wipe all the North's computers, both of them.

Propaganda (-1)

Anonymous Coward | 1 year,14 days | (#43411797)

Bullshit. Even NK themselves wouldn't be wayback enough to get hit by something like this.

This is the problem with using hacking as a weapon (0)

Anonymous Coward | 1 year,14 days | (#43411815)

Rice farmers in North Korea are not vulnerable to hacking. One of the most technologically sophisticated countries just South of that border is.

Re:This is the problem with using hacking as a wea (0)

Anonymous Coward | 1 year,14 days | (#43411945)

Rice farmers in SK aren't either. However, NK missiles are not Estes rockets connected to a car battery (even though a 12 year old with their finger on the button may be an accurate analogy). You are mistaken if you think NK doesn't have any technology.

Re:This is the problem with using hacking as a wea (2, Funny)

Sloppy (14984) | 1 year,13 days | (#43412535)

Rice farmers in North Korea are not vulnerable to hacking.

Have you audited all your rice's genes? A leaked Monsanto report said most versions have a buffer-overflow bug somewhere in chromosome 6, but they didn't say exactly where. Unless North Korea buys their seed rice from Theo De Raadt...

Amazing (0)

Anonymous Coward | 1 year,14 days | (#43411829)

Amazing how much damage an armada of russian ZX Spectrum clone can do.

Re:Amazing (0)

Anonymous Coward | 1 year,14 days | (#43412059)

"Amazing how much damage a Beowulf cluster of russian ZX Spectrum clones can do.

FTFY

Breakthrough Hack! (0)

Anonymous Coward | 1 year,14 days | (#43411859)

They must have found the ultimate hacking tool for data erasure.. the vulnerability, believe it or not.. is called fdisk

The Scoop (5, Informative)

camperdave (969942) | 1 year,14 days | (#43411863)

Symantec has an analysis [symantec.com] of the linux component. It relies on extracting a history of ssh connections from windows machines from an application called mRemote, an open source, multi-protocol remote connections manager.

Re:The Scoop (5, Informative)

iggymanz (596061) | 1 year,14 days | (#43411939)

more accurately, it checks for parameters of any ssh connection *with root privileges*. everyone see the problem there? every owner of every machine that fell to the n. korean attack richly deserved what they got. piss poor security will bite one in the ass.

Re:The Scoop (0)

Anonymous Coward | 1 year,14 days | (#43412305)

There's no mention of the number of linux boxes that might have been affected. It could have been 10, or 10000.

Re:The Scoop (4, Insightful)

chispito (1870390) | 1 year,13 days | (#43412575)

more accurately, it checks for parameters of any ssh connection *with root privileges*. everyone see the problem there? every owner of every machine that fell to the n. korean attack richly deserved what they got. piss poor security will bite one in the ass.

People with poor security do not *deserve* an attack.

Re:The Scoop (3, Informative)

Dr_Barnowl (709838) | 1 year,13 days | (#43412597)

Yup, this is why you should only accept standard user logins, let them use sudo if they need to administer the box.

Re:The Scoop (1)

Camembert (2891457) | 1 year,13 days | (#43412625)

> every owner of every machine that fell to the n. korean attack richly deserved what they got They don't deserve it. Nobody deserves it.

Re:The Scoop (1)

Vlad_the_Inhaler (32958) | 1 year,14 days | (#43411959)

Really nasty, if you run it as root. How do they escalate their privileges?

Re:The Scoop (2)

a_n_d_e_r_s (136412) | 1 year,14 days | (#43412025)

Not possible. Toot is the same as full access to everything - root has no access restrictions whatsoever. being root is being god on that computor.

Thus no one sane accept ssh to root.

Toot login (1)

Anonymous Coward | 1 year,14 days | (#43412143)

Toot is the same as full access to everything

The advantage of a toot login vs root is that it uses a double olfactory authentication. Plus it just feels good.

Re:The Scoop (2)

mark-t (151149) | 1 year,14 days | (#43412323)

The problem isn't accepting ssh as root, per se, the biggest problem is having passwords for usernames on another system stored on an easily compromisable computer, especially ones with sudo rights.

Re:The Scoop (2)

RabidReindeer (2625839) | 1 year,14 days | (#43412333)

Not possible. Toot is the same as full access to everything - root has no access restrictions whatsoever. being root is being god on that computor.

Thus no one sane accept ssh to root.

While it's rarely possible to login directly as root via ssh on current *n*x systems, it is common to be able to elevate oneself once logged in as an ordinary user. Otherwise remote administration would not be possible.

Conversely, root is not god if you have selinux switched on. Still immensely powerful, but not god.

Re:The Scoop (1)

Doug Otto (2821601) | 1 year,14 days | (#43412375)

Conversely, root is not god if you have selinux switched on. Still immensely powerful, but not god.
In many cases, however, root is all that's required to edit semanage.conf. Done like disco.

Re:The Scoop (2)

jasnw (1913892) | 1 year,14 days | (#43412113)

Evidently, mRemote is orphanware [royalts.com] , although it appears it was forked into mRemoteNG [mremoteng.org] . Sets up an interesting idea - what if mRemote was just a way to set up access to non-Windows systems from malware that first exploits one of the seemingly-endless entry points into Windows.

Re:The Scoop (1)

Doug Otto (2821601) | 1 year,14 days | (#43412223)

I love how they talk about Linux but from the case statement it was clearly going after Solaris, AIX and HPUX too. If you believe the media, all of those are "Linux systems" too.

backups (1)

Anonymous Coward | 1 year,14 days | (#43411869)

People, N. Korea has declared war. Time to make a backup...

Re:backups (2)

PNutts (199112) | 1 year,14 days | (#43412013)

NK waged war in 1950. What they just did was declare... Never mind, you've ignored history and current events until this point so I'll leave you with this [lmgtfy.com] .

Think of all of the StarCraft hours lost! (4, Funny)

kannibal_klown (531544) | 1 year,14 days | (#43411929)

Just think about all of those hours lost playing StarCraft.

In other news, the entire population of South Korea is now looking for that 1 StarCraft CD so they can install it on all their machines again.

Re:Think of all of the StarCraft hours lost! (0)

Anonymous Coward | 1 year,14 days | (#43412071)

Don't forget the key - 1234567890

Re:Think of all of the StarCraft hours lost! (1)

KGIII (973947) | 1 year,14 days | (#43412179)

It runs in Windows. They've likely had to reformat lately so the disks should be easy to find.

Re:Think of all of the StarCraft hours lost! (0)

Anonymous Coward | 1 year,14 days | (#43412371)

Not really, being South Korea it's the same WinXP install from 2001.

Hilarious (0)

Anonymous Coward | 1 year,14 days | (#43411943)

If this is true, they're significantly more of a threat than what their paltry nuclear and rocket propulsion levels convey.
I would laugh my ass off if N.Korea turned the world on its head with a sudden penchant for technology and digital security research.

Re:Hilarious (1)

niftydude (1745144) | 1 year,14 days | (#43411971)

This was my first reaction too. Who would have thought that a pudgy child dictator who hasn't even lost his baby fat yet could order a competent strike?

victims deserved it (0, Troll)

iggymanz (596061) | 1 year,14 days | (#43411953)

only made possible by piss poor security; wake up and smell the coffee, s. korea IT people

Re:victims deserved it (3, Insightful)

ScentCone (795499) | 1 year,14 days | (#43412015)

victims deserved it

Uh huh. And if NK decides to shell another island or sink another boat, it will be entirely SK's fault for not making a powerful magic force field that can deflect artillery shells and torpedoes. Victims are always to blame, because they definitely cause their attackers to attack them, because of their weakness, right?

What, is your junior high school out on lunch break right now? Go outside and get some exercise, and quit wasting time building up an interior justification for the future bad shit you're going to do to other people when you get your own computer and stuff.

Re:victims deserved it (4, Insightful)

iggymanz (596061) | 1 year,14 days | (#43412055)

logic fails you. these cyber attacks are preventable by proper security practices - the internet is a hostile place and there is no excuse for laziness in security by IT people. Do you keep your money stacked on the sidewalk in front of your house overnight, or do you make some effort to keep thieves from easily snatching it? your attitude is the problem we in IT face

Re:victims deserved it (1)

ScentCone (795499) | 1 year,14 days | (#43412233)

the internet is a hostile place

And it's the victims' fault that it is a hostile place, right? The people actually acting out the hostility are never to blame, because that might hurt their feelings, I guess.

Re:victims deserved it (0)

Anonymous Coward | 1 year,13 days | (#43412639)

No, logic fails YOU. Just because a person is lacking in something to protect themselves from a certain type of hostility does not mean they deserve to be hit where they're weakest.

By your "logic," every so-called nerd in high school should be tackled every day in the halls of their school by the bigger and stronger so-called jocks.

After all, the victim deserved it.

Re:victims deserved it (1)

Anonymous Coward | 1 year,13 days | (#43412641)

Do you keep your car outside? Do you walk around with a wallet on your person? Do you wear anything of value?

I suppose you will blame yourself if someone sets your car on fire (because you didn't put an automatic extinguisher system in). And you'll blame yourself for being pick-pocketed because your walled wasn't made of razor blades. And you'll blame yourself for wearing anything of value because hey, nobody should do that since it would get stolen.

This is the sort of anarchy an angsty high-school student enjoys, I have to agree with ScentCone here, you need to grow up.

Re:victims deserved it (0)

sildur (1383455) | 1 year,14 days | (#43412081)

Uh huh. And if NK decides to shell another island or sink another boat, it will be entirely SK's fault for not making a powerful magic force field that can deflect artillery shells and torpedoes.

It will, indeed, if they were able to make that powerful magic force field AND they did not enable it.

Re:victims deserved it (1)

ScentCone (795499) | 1 year,14 days | (#43412213)

It will, indeed, if they were able to make that powerful magic force field AND they did not enable it.

So SK is not the victim of an attack if NK launches a missle and it bounces off SK's magic shield. And SK is at fault for the attack if NK's missile isn't stopped by SK's defenses. But NK is not at fault for launching the missile in the first place. Are you even listening to yourself?

Re:victims deserved it (0)

Anonymous Coward | 1 year,14 days | (#43412395)

It will, indeed, if they were able to make that powerful magic force field AND they did not enable it.

So SK is not the victim of an attack if NK launches a missle and it bounces off SK's magic shield. And SK is at fault for the attack if NK's missile isn't stopped by SK's defenses. But NK is not at fault for launching the missile in the first place. Are you even listening to yourself?

Where do you get the idea that only one party can be at fault? If I put a mine at a certain place, and you are credibly warned by someone that the mine is exactly there, but ignore the warning and step on that very place, and the mine goes off, it's both my fault for placing the mine and your fault for stepping on it despite knowing it is there.

Re:victims deserved it (0)

Anonymous Coward | 1 year,13 days | (#43412481)

Shut up you fucking incoherent idiot.

Re:victims deserved it (2, Insightful)

Anonymous Coward | 1 year,14 days | (#43412211)

victims deserved it

Uh huh. And if NK decides to shell another island or sink another boat, it will be entirely SK's fault for not making a powerful magic force field that can deflect artillery shells and torpedoes. Victims are always to blame, because they definitely cause their attackers to attack them, because of their weakness, right?

And people who leave the logins set to the factory default account=Admin, password=1234, aren't to blame, either.

Nonetheless, they will provide examples that we may call "Natural Selection At Work".

Re:victims deserved it (0)

Anonymous Coward | 1 year,13 days | (#43412613)

The fact that this strawman+false dichotomy combo is modded up saddens me. What the fuck, mods?

But logical flaws aside - hey, the fuck do you think only one side must be blamed? If my bank forgets to lock the vault and someone walks in and takes my money, sure I'll blame the bank for negligence, but it sure won't mean I don't think that robber was not a criminal.

Re:victims deserved it (1)

Camembert (2891457) | 1 year,14 days | (#43412319)

They still don't deserve it. Nobody deserves it.

Re:victims deserved it (1)

iggymanz (596061) | 1 year,13 days | (#43412463)

lazy and stupid IT people, whose jobs are to at least adhere to minimal security practices, deserve to reap the rewards of their negligence. as do the people who hire and manage them.

Elite hackers from NK? Pull the other one. (-1)

Anonymous Coward | 1 year,14 days | (#43411975)

Elite hackers from North Korea? Pull the other one. Most people in NK don't even have access to computers. Those who do are stuck with Red Star OS and a BBS. No, something like this malware would have to come from an very advanced country. USA or South Korea maybe? It's all part of the propaganda war.

Re:Elite hackers from NK? Pull the other one. (1)

SpectreBlofeld (886224) | 1 year,14 days | (#43412023)

Wonder if North Korea was the original target, and the malware leaked out into the wild...

Re:Elite hackers from NK? Pull the other one. (2)

tqk (413719) | 1 year,13 days | (#43412663)

Wonder if North Korea was the original target, and the malware leaked out into the wild.

I wonder if the miscreant just used NK to carry out the attack, in order to incriminate them. I'm lookin' at you, CIA. I must say I'm also a bit surprised to learn that NK allows any connection to the net outside its borders, especially to SK (the enemy).

Re:Elite hackers from NK? Pull the other one. (0)

Anonymous Coward | 1 year,14 days | (#43412099)

Most norks have fuck all because their government spends all their money on the military. These were military hackers. Comprende?

Re:Elite hackers from NK? Pull the other one. (0)

Anonymous Coward | 1 year,14 days | (#43412139)

Pull the other what? And why did you say that twice?

Re:Elite hackers from NK? Pull the other one. (1)

bossk538 (1682744) | 1 year,13 days | (#43412585)

Elite hackers from North Korea? Pull the other one. Most people in NK don't even have access to computers. Those who do are stuck with Red Star OS and a BBS. No, something like this malware would have to come from an very advanced country. USA or South Korea maybe? It's all part of the propaganda war.

NK has a very strong IT sector - http://spectrum.ieee.org/podcast/at-work/tech-careers/for-outsourcing-it-have-you-considered-north-korea [ieee.org]

this just (0)

Anonymous Coward | 1 year,14 days | (#43412011)

highlights the need to do nightly backups of critical data!

so call up the backup engineer (1)

nimbius (983462) | 1 year,14 days | (#43412137)

have her drive down to the DC, start restoring tapes, and for the love of god quit with the pissing contest. its becoming apparent the US, as well as both koreas are incapable of understanding the repercussions of a thermonuclear war.

Suicide by Cop? (0, Interesting)

Anonymous Coward | 1 year,14 days | (#43412199)

It occurs to me that the North Korean regime is probably secretly very unpopular in North Korea, even among top military and government officials but the officials are too distrustful of each other to scheme together against the regime. So perhaps their current belligerence is actually their way of trying to end their own regime - they advocate seemingly patriotic actions such as attacking/threatening the rest of the world - while their true intention is to provoke the world into destroying their regime. Once an international force attacks, the officials go into hiding and decline to fight, allowing an international peacekeeping force to take over, like what happened in Iraq during the first gulf war.

Wait what?? (1)

Carnivore24 (467239) | 1 year,14 days | (#43412215)

How did the North get the equipment to do this? From China or Russia? I thought they were way behind the rest of the world in technology?!?!?

Re:Wait what?? (1)

sandytaru (1158959) | 1 year,14 days | (#43412379)

Surprisingly, they run on Windows machines in English. The hardware probably comes from China, as do the pirated copies of Win XP and Win 7. They refuse to acknowledge that Microsoft localizes Windows in Korean just for the south.

A computer? Newegg. NK government spends $$$ (1)

raymorris (2726007) | 1 year,13 days | (#43412685)

What equipment? A computer? From Newegg. The general population of NK is way behind, largely BECAUSE the government spends all the money on military and political posturing. Their military, apparently including cyber-warfare, is quite well funded.

"PermitRootLogin yes" fixes it .. or not (3, Interesting)

Sloppy (14984) | 1 year,14 days | (#43412227)

If I understand correctly (do I?) the way it attacked Linux systems was that some people use a ssh client, where they literally have a preference or setting stored, for logging into the Linux machine as root. User clicks something (which does the equivalent of "ssh root@whatever" and the software automatically supplies a key or passphrase) and the next thing they see is a root bash prompt. Wow.

If that's right, then assuming your Linux machines still have

PermitRootLogin no

in /etc/ssh/sshd_config, then your setup isn't compatible with this malware. You'll need an updated version of this malware.

All machines should have "PermitRootLogin no" and if yours doesn't, you're doing something very very strange. Maybe you should go check that, right now. It'll take .. seconds.

That said, things still aren't very rosy. Presumably the user of this ssh client would also have non-root passwords or keys stored too, to get non-root access. But how many of us usually login as a user with some sudoers powers? And how many of us have a very lazy sudoers configuration, where you're literally allowed to just do "sudo -s" and get a root shell, by only having to type in your password again?

So my earlier "joke" about you needing an updated version of malware, might not really be all that much of a joke.

Tighten up your sudoers file if you can. And whether you can or not, have ssh use key authentication instead of password authentication, so that no remote clients can, or need to, have your password stored in them.

Subject line error (1)

Sloppy (14984) | 1 year,14 days | (#43412247)

Of course I mean "PermitRootLogin no" fixes it .. or rather, might not really fix it.

Re:"PermitRootLogin yes" fixes it .. or not (1)

cayenne8 (626475) | 1 year,14 days | (#43412389)

If that's right, then assuming your Linux machines still have

PermitRootLogin no

Hmm..just looked on my home linux box I recently set up to play with....bydefault, with OpenSSh...it appears that is set to yes by default.

Just changed that and rebooted.

Scruffy-looking bot herders (1)

Guppy (12314) | 1 year,14 days | (#43412231)

I'm surprised they opted to wipe the compromised machines. North Korea has a long history of earning hard-currency funds through illicit activity (counterfeiting, drug-smuggling, etc). By wiping their targets, they've lost the possibility of using them to turn a fraudulent profit.

Probably means someone over there needed a short-term propaganda coup for internal political reasons.

Problem fixes itself (5, Interesting)

gnasher719 (869701) | 1 year,13 days | (#43412431)

All the vulnerable machines were wiped. So now there are no vulnerable machines anymore. Second attack will be much harder. And the percentage of Korean users doing proper backups will probably be growing :-) (Not that I'm saying people in Korea are more negligent with backups than others).

That was no wipe.... (1)

Anonymous Coward | 1 year,13 days | (#43412459)

That was Windows8....

WHAT A SCAM (0)

Anonymous Coward | 1 year,13 days | (#43412527)

is this the same attack that after a few days of investigation, they actually found out was coming from their own organization?

1) Shut down your own servers
2) claim you are the victim of "ULTRA DANGEROUS SUPER FATAL CYBERSEX RAPE!!111!1!"
3)???
4) PROFIT!11!

I felt a disturbance in the force (1)

Hoi Polloi (522990) | 1 year,13 days | (#43412667)

I felt a disturbance in the force. As if thousands of Korean Starcraft characters all cried out at once then were deleted.

Israel and the US created this software (-1)

Anonymous Coward | 1 year,13 days | (#43412687)

Using backdoors specifically programmed into Windows by Microsoft at the behest of the NSA, depraved terrorists at the heart of the US and Israeli governments created multiple trojans to be used (initially) against Muslim targets like Syria and Iran. There was a greater game, of course. The wider chaos that would be unleashed once other parties reverse engineered the terrorist code and used the knowledge to exploit current weaknesses in commercial software, and searched for other similar backdoors.

Did you know that Microsoft's regular patching of Windows is frequently 'closing' backdoors that have become too widely known, and introducing at the same time new backdoors for future acts of terror by your government agencies?

The 'wider chaos', alongside things like the spreading regional wars, and the manufactured financial disasters in banking, are designed to create a suitable landscape for WW3. The owners of Slashdot frequently promote stories attacking NK, Syria and Iran, and likewise seek stories praising the psychopathic racist states of Israel and Saudi Arabia, at the behest of their masters. You can see, if you care to examine the history, the same manipulations in the lead up to WW2.

NK is a threat to no-one. If the genocidal US armed forces withdrew from the South, the two Koreas would reunify faster than did East and West Germany, and like Germany, the reunification would be controlled by the capitalist half. The US is determined that this will never happen, since a unified Korea would destroy Japan economically.

Slashdot attempts to tell brain-dead beta Yanks to focus on NK's tiny nuclear industry, while telling the same Yanks to NEVER think about the obscene arsenal of nuclear, biological and chemical weapons held by the depraved racist zionists of Israel. Israel provided nuclear bombs and race specific weapons to the white racist regimes of South Africa and Rhodesia. Israel armed the Serbs with cluster munitions (military nail bombs- the zionist weapon of choice against civilians) when the Serbs were mass murdering the civilians of Bosnia.

Today, team Obama sows the seeds of chaos across our planet in whatever way is currently possible. The online world is certainly not exempt.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...