Honda Shuts Down Factory After Finding NSA-derived Wcry In Its Networks (arstechnica.com) 63
A Honda factory near Tokyo was shuttered for over 24 hours this week after its computers became infected with WannaCry, the same ransomware virus responsible for crippling systems in dozens of countries last month, the car manufacturer said Wednesday. From a report: The automaker shut down its Sayama plant northwest of Tokyo on Monday after finding that WCry had affected networks across Japan, North America, Europe, China, and other regions, Reuters reported Wednesday. Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm, which struck an estimated 727,000 computers in 90 countries. [...] Honda officials didn't explain why engineers found WCry in their networks 37 days after the kill switch was activated. One possibility is that engineers had mistakenly blocked access to the kill-switch domain. That would have caused the WCry exploit to proceed as normal, as it did in the 12 or so hours before the domain was registered. Another possibility is that the WCry traces in Honda's networks were old and dormant, and the shutdown of the Sayama plant was only a precautionary measure. In any event, the discovery strongly suggests that as of Monday, computers inside the Honda network had yet to install a highly critical patch that Microsoft released in March.
I'm so confused (Score:4, Insightful)
Last week we heard how the DPRK was responsible for Wannacry. Today it's back to the NSA. Can we at least keep our talking points consistent?
PS. Sucks for Toyota no matter who did it, and sucks even more if US "intelligence" is at fault for creating these tools and letting them out of a lab. (Intelligence is intentionally quoted because many who work in that area are quite frankly not.)
Re:I'm so confused (Score:5, Insightful)
Last week we heard how the DPRK was responsible for Wannacry. Today it's back to the NSA. Can we at least keep our talking points consistent?
The NSA was responsible for leaking the exploit that was used for WannaCry. DPRK may have been the ones to weaponize it. I don't understand the confusion.
Re: I'm so confused (Score:5, Informative)
Correction: Microsoft made coding errors leading to an exploit. The NSA found the exploit. They left their exploit tool and code on a server that was hacked by somone else (russians?). The Shadow Brokers (russians?) leaked those. Then the north koreans used it in wannacry.
So you can blame Microsoft, the NSA, Russian Intelligence AND the North Koreans. It's an equal opportunity blame game!
Re: I'm so confused (Score:1)
Re: (Score:2)
Never blame the person who found the flaw; blame only those tho create and exploit such flaws. Those who create open the door for those who exploit, while those who find open the door for those who fix.
Re: (Score:3)
Re: (Score:2)
Heartbleed was due to mistakes introduced into the OpenSSL cryptographic software library and has little to do with the OS, Linux or Linus Torvalds. You credit him with way too much.
I guess it's not just me. (Score:5, Insightful)
Microsoft code was the entry point, but if the NSA was actually performing it's function and protecting the citizens of the US they would have notified Microsoft of the problem and perhaps even helped with a fix. The chain would have ended then and there.
Not notifying the vendor of the most widely used OS in the USA, the NSA acted against the interests of US Citizens.
Further, claiming that the Shadow Brokers are Russian fails basic scrutiny. If there was such a group working for the FSB they would have absolutely zero interest in releasing the exploit to the wild for anyone else to access.
Re: (Score:2)
Re: (Score:2)
"Correction: Microsoft made coding errors leading to an exploit"
Exactly that.
It is not "networks" that are affected. It is not "computers" that are affected.
It is operating systems. And not any operating system: Microsoft operating systems.
Re: (Score:2)
"And both Linux and macOS"
So wannacry attacks Linux and macOS now? No? So I thought.
Re: (Score:2)
Software bugs are inevitable - especially in OS's that are 30+ years old. You can do all manner of testing, something will be left unturned.
I think the big crime here is the NSA for instead of responsibly disclosing the problem to the developer (Microsoft) they decided to keep it as a future weapon.
Re: (Score:2)
It's an equal opportunity blame game!
It's only an equal opportunity blame game when there is a perfect method of removing all human sources of error and every problem was systematic. Microsoft gets to share equal blame with malicious actors when you can show me evidence that an OS can be coded 100% without bugs. Until then the malicious actors deserve the majority of the blame, especially the one who enabled the exploit by keeping it secret, weaponising it and then failing to protect the weapon.
Re: (Score:2)
The NSA didn't leak it, they created the code, wikileaks and an anonymous leaker leaked it. The code was then incorporated into the Wcry ransomeware.
Re:I'm so confused (Score:5, Funny)
PS. Sucks for Toyota
Boy, you ARE confused. ;)
Re: (Score:2)
They should sue the NSA (Score:5, Insightful)
But as usual, criminal activity (and we have at the very least "criminally negligent" on the NSA's part here) by state actors has zero negative consequences for them. One of the corner-stones of a corrupt government that has forgotten that it serves the people.
Re: (Score:2)
and we have at the very least "criminally negligent" on the NSA's part here
That's an interesting legal theory. What law did they break? (Or even, what law did they break that "normal" people would be exposed to, since of course the NSA gets special treatment).
Re: (Score:2)
If anything fits, it's treason; good luck getting that to stick, though.
Re: (Score:2)
I'm sure they'd find something in the Computer Fraud and Abuse Act [wikipedia.org].
Re: (Score:2)
Not treason. It's explicitly defined in the Constitution. https://www.usconstitution.net/xconst_A3Sec3.html [usconstitution.net]
Re: (Score:2)
It's funny, you say Treason is explicitly defined in The Constitution, but it fails to define "aid" and ""comfort". All it takes
Re: (Score:2)
Which is exactly WHY they defined it (OK, loosely), in the Constitution. They didn't want the .gov to just be able to round up political enemies and charge them with treason. Broadening the definition is exactly the OPPOSITE of what the Founding Fathers would want
Re: (Score:2)
Re: (Score:2)
Creating weaponized code and then let that be stolen from them? I am sure a creative prosecutor could find a few centuries of prison time in there.
Re: (Score:2)
What law did they break?
interstate commerce.
there is surely some way that GREAT set of laws could be applied, here.
oblig: fuck the NSA. traitors to the american public. creating software bombs, knowing full well that 'the other bad guys' will soon have those same software bombs. the NSA has enough smart people that they should have KNOWN BETTER. they still act against the people they claim they are here to protect.
abolish the cia, nsa and all other spy agencies. they don't help us, and in fact, actua
Re: (Score:2)
One could argue they breached export controls by failing to protect their technology from foreign malicious actors.
Re: (Score:2)
For damage done: The organization itself. It has a budget.
For the criminal charges: Whoever was responsible for the theft being possible. Ultimately that will the the NSA heads in office when the relevant mistakes were made and subsequently not discovered or corrected. That responsible can move to people lower in the chain-of-command, for example if they ignored orders, falsified reports, etc.
See, not so difficult.
Re: (Score:2)
Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm
Seriously, WTF were they playing at not applying the security fixes that were released within days of WannaCry.
OK, so with MS's history it pays to be careful and test each fix before widely deploying it, but 5 fucking weeks ??
"Lost" computers that don't get maintenance, misplaced priorities, lots of reasons.
That's why to this day I still register several of the original SQL server attacks on my domain, even though I don't run SQL server. Someone out there is hoping to get lucky. Sometimes they do.
Protection vs. WannaCry 2 ways... apk (Score:1)
From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:
Disable SMBv1 on the SERVER, configure the following registry key:
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled
Enable SMBv2 on the SERVER, configure the following registry key:
Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2
REG_DWORD: 0 = Disab
Re: (Score:2)
Re: (Score:2)
And then, somehow, `ls -l` is too complex for systems "in the real world".
Re: (Score:2)
APK buddy, I gotta give you props as a longtime Slashdotter. Straight up, sometimes you get off the rails a bit when you're in 'the zone', and sometimes tend a bit too heavily towards "wall-o-text" for a forum post on /., but your posts on this and the hosts file posts, and more, have never been in error and/or bad advice.
I'm sure you get a lot of shit, so I just wanted to let you know we aren't all "nattering nabobs of negativity" here. :)
Strat
Re: (Score:2)
Or just run Windows Update I don't know why you insist on complicating things.