S. Korea Says Cyber Attack From North Wiped 48,700 Machines 186
wiredmikey writes "An official investigation into a major cyber attack on South Korean banks and broadcasters last month has determined that North Korea's military intelligence agency was responsible. An investigation into access records and the malware used in the attack pointed to the North's military Reconnaissance General Bureau as the source, the Korea Internet and Security Agency (KISA) said on Wednesday. To spread the malware, the attackers went through 49 different places in 10 countries including South Korea, the investigation found. The attacks used malware that can wipe the contents of a computer's hard disk (including Linux machines) and damaged 48,700 machines including PCs, ATMs, and servers."
Civillian cyber-casualties (Score:2, Interesting)
Just makes me wonder what war is turning into. Instead of bombing cities, I can see nations targeting unprotected civilian computers in enemy nations. Massive destruction ensues, even though it's imprecise. In other words: bombing, but without all the mess.
Re:Civillian cyber-casualties (Score:4, Interesting)
Speaking as a civilian, I'd much rather prefer to both be alive and not have my livelyhood threatened, thanks. That's the worst false dichotomy I've heard all week and you should feel bad.
Re:Civillian cyber-casualties (Score:5, Interesting)
What I find amazing is that NK is technologically capable of causing that amount of damage both in terms of technology and infrastructure. I didn't believe they'd get enough bandwidth by using the soldiers to manually hand off the packets. I figured they'd be too busy eating grass and tree bark really.
Okay, okay. So I'm only a little kidding. I'm still surprised they had the tech chops to pull that off OR that they were so poorly defended. It could go either way I suppose.
Re:Civillian cyber-casualties (Score:2, Interesting)
If this is the evolution of war, then war has evolved to something that is distinctly more friendly to humanity.
Your point is that war is bad. Sure it is. But the actual point is this type of war is less bad.
Re:Civillian cyber-casualties (Score:4, Interesting)
But I'm sure most civilians prefer an empty computer rather than being dead.
Most civillians are ignorant morons wrt computers. If that empty computer was used to locate (see story yesterday) the poorly secured, net connected SCADA box that controls the spillways of the hydroelectric dam upstream of your place, an empty computer is the least of your worries.
Suicide by Cop? (Score:0, Interesting)
"PermitRootLogin yes" fixes it .. or not (Score:4, Interesting)
If I understand correctly (do I?) the way it attacked Linux systems was that some people use a ssh client, where they literally have a preference or setting stored, for logging into the Linux machine as root. User clicks something (which does the equivalent of "ssh root@whatever" and the software automatically supplies a key or passphrase) and the next thing they see is a root bash prompt. Wow.
If that's right, then assuming your Linux machines still have
in /etc/ssh/sshd_config, then your setup isn't compatible with this malware. You'll need an updated version of this malware.
All machines should have "PermitRootLogin no" and if yours doesn't, you're doing something very very strange. Maybe you should go check that, right now. It'll take .. seconds.
That said, things still aren't very rosy. Presumably the user of this ssh client would also have non-root passwords or keys stored too, to get non-root access. But how many of us usually login as a user with some sudoers powers? And how many of us have a very lazy sudoers configuration, where you're literally allowed to just do "sudo -s" and get a root shell, by only having to type in your password again?
So my earlier "joke" about you needing an updated version of malware, might not really be all that much of a joke.
Tighten up your sudoers file if you can. And whether you can or not, have ssh use key authentication instead of password authentication, so that no remote clients can, or need to, have your password stored in them.
Problem fixes itself (Score:5, Interesting)
Re:Civillian cyber-casualties (Score:4, Interesting)
Re:Civillian cyber-casualties (Score:5, Interesting)
Yeah just look at what happened at Royal Bank of Scotland last year. Some people at Ulster Bank (a subsidiary of RBS) where unable to access their account for the best part of a month.
http://en.wikipedia.org/wiki/2012_RBS_computer_system_problems [wikipedia.org]
Now imagine that every bank is in the same situation as RBS along with VISA and Mastercard.