Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Businesses The Almighty Buck

Honda Shuts Down Factory After Finding NSA-derived Wcry In Its Networks (arstechnica.com) 63

A Honda factory near Tokyo was shuttered for over 24 hours this week after its computers became infected with WannaCry, the same ransomware virus responsible for crippling systems in dozens of countries last month, the car manufacturer said Wednesday. From a report: The automaker shut down its Sayama plant northwest of Tokyo on Monday after finding that WCry had affected networks across Japan, North America, Europe, China, and other regions, Reuters reported Wednesday. Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm, which struck an estimated 727,000 computers in 90 countries. [...] Honda officials didn't explain why engineers found WCry in their networks 37 days after the kill switch was activated. One possibility is that engineers had mistakenly blocked access to the kill-switch domain. That would have caused the WCry exploit to proceed as normal, as it did in the 12 or so hours before the domain was registered. Another possibility is that the WCry traces in Honda's networks were old and dormant, and the shutdown of the Sayama plant was only a precautionary measure. In any event, the discovery strongly suggests that as of Monday, computers inside the Honda network had yet to install a highly critical patch that Microsoft released in March.
This discussion has been archived. No new comments can be posted.

Honda Shuts Down Factory After Finding NSA-derived Wcry In Its Networks

Comments Filter:
  • I'm so confused (Score:4, Insightful)

    by s.petry ( 762400 ) on Wednesday June 21, 2017 @01:11PM (#54662883)

    Last week we heard how the DPRK was responsible for Wannacry. Today it's back to the NSA. Can we at least keep our talking points consistent?

    PS. Sucks for Toyota no matter who did it, and sucks even more if US "intelligence" is at fault for creating these tools and letting them out of a lab. (Intelligence is intentionally quoted because many who work in that area are quite frankly not.)

    • Re:I'm so confused (Score:5, Insightful)

      by gnick ( 1211984 ) on Wednesday June 21, 2017 @01:20PM (#54662965) Homepage

      Last week we heard how the DPRK was responsible for Wannacry. Today it's back to the NSA. Can we at least keep our talking points consistent?

      The NSA was responsible for leaking the exploit that was used for WannaCry. DPRK may have been the ones to weaponize it. I don't understand the confusion.

      • Re: I'm so confused (Score:5, Informative)

        by jeffasselin ( 566598 ) <cormacolinde AT gmail DOT com> on Wednesday June 21, 2017 @01:35PM (#54663125) Journal

        Correction: Microsoft made coding errors leading to an exploit. The NSA found the exploit. They left their exploit tool and code on a server that was hacked by somone else (russians?). The Shadow Brokers (russians?) leaked those. Then the north koreans used it in wannacry.

        So you can blame Microsoft, the NSA, Russian Intelligence AND the North Koreans. It's an equal opportunity blame game!

        • Chances are an NSA government contractor found it.
          • ... which is how we know about it now, so we should thank that contractor. Had they not found it, someone else may have ; and that entity may have protected that knowledge better.

            Never blame the person who found the flaw; blame only those tho create and exploit such flaws. Those who create open the door for those who exploit, while those who find open the door for those who fix.
        • Comment removed based on user account deletion
          • "get to blame Linus Torvalds for everything from kernel panics to Heartbleed"

            Heartbleed was due to mistakes introduced into the OpenSSL cryptographic software library and has little to do with the OS, Linux or Linus Torvalds. You credit him with way too much.
        • by s.petry ( 762400 ) on Wednesday June 21, 2017 @02:45PM (#54663697)

          Microsoft code was the entry point, but if the NSA was actually performing it's function and protecting the citizens of the US they would have notified Microsoft of the problem and perhaps even helped with a fix. The chain would have ended then and there.

          Not notifying the vendor of the most widely used OS in the USA, the NSA acted against the interests of US Citizens.

          Further, claiming that the Shadow Brokers are Russian fails basic scrutiny. If there was such a group working for the FSB they would have absolutely zero interest in releasing the exploit to the wild for anyone else to access.

        • by e r ( 2847683 )
          How do we know the NSA didn't pay M$ or apply pressure to insert that coding error in the first place? They've done similar things in the past [reuters.com].
        • "Correction: Microsoft made coding errors leading to an exploit"

          Exactly that.

          It is not "networks" that are affected. It is not "computers" that are affected.

          It is operating systems. And not any operating system: Microsoft operating systems.

        • Software bugs are inevitable - especially in OS's that are 30+ years old. You can do all manner of testing, something will be left unturned.

          I think the big crime here is the NSA for instead of responsibly disclosing the problem to the developer (Microsoft) they decided to keep it as a future weapon.

        • It's an equal opportunity blame game!

          It's only an equal opportunity blame game when there is a perfect method of removing all human sources of error and every problem was systematic. Microsoft gets to share equal blame with malicious actors when you can show me evidence that an OS can be coded 100% without bugs. Until then the malicious actors deserve the majority of the blame, especially the one who enabled the exploit by keeping it secret, weaponising it and then failing to protect the weapon.

      • The NSA didn't leak it, they created the code, wikileaks and an anonymous leaker leaked it. The code was then incorporated into the Wcry ransomeware.

    • by Anonymous Coward on Wednesday June 21, 2017 @01:23PM (#54663005)

      PS. Sucks for Toyota

      Boy, you ARE confused. ;)

    • Pretty sure it sucks for Honda; Toyota might sell more cars due to Honda's reduced production.
  • by gweihir ( 88907 ) on Wednesday June 21, 2017 @01:15PM (#54662927)

    But as usual, criminal activity (and we have at the very least "criminally negligent" on the NSA's part here) by state actors has zero negative consequences for them. One of the corner-stones of a corrupt government that has forgotten that it serves the people.

    • and we have at the very least "criminally negligent" on the NSA's part here

      That's an interesting legal theory. What law did they break? (Or even, what law did they break that "normal" people would be exposed to, since of course the NSA gets special treatment).

      • by gweihir ( 88907 )

        Creating weaponized code and then let that be stolen from them? I am sure a creative prosecutor could find a few centuries of prison time in there.

      • What law did they break?

        interstate commerce.

        there is surely some way that GREAT set of laws could be applied, here.

        oblig: fuck the NSA. traitors to the american public. creating software bombs, knowing full well that 'the other bad guys' will soon have those same software bombs. the NSA has enough smart people that they should have KNOWN BETTER. they still act against the people they claim they are here to protect.

        abolish the cia, nsa and all other spy agencies. they don't help us, and in fact, actua

      • One could argue they breached export controls by failing to protect their technology from foreign malicious actors.

  • by Anonymous Coward

    From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:

    Disable SMBv1 on the SERVER, configure the following registry key:

    Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1

    REG_DWORD: 0 = Disabled
    REG_DWORD: 1 = Enabled

    Default: 1 = Enabled

    Enable SMBv2 on the SERVER, configure the following registry key:

    Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2

    REG_DWORD: 0 = Disab

    • And then, somehow, `ls -l` is too complex for systems "in the real world".

    • APK buddy, I gotta give you props as a longtime Slashdotter. Straight up, sometimes you get off the rails a bit when you're in 'the zone', and sometimes tend a bit too heavily towards "wall-o-text" for a forum post on /., but your posts on this and the hosts file posts, and more, have never been in error and/or bad advice.

      I'm sure you get a lot of shit, so I just wanted to let you know we aren't all "nattering nabobs of negativity" here. :)

      Strat

    • Or just run Windows Update I don't know why you insist on complicating things.

No spitting on the Bus! Thank you, The Mgt.

Working...