Skip to content

Top New Best Ask Show Jobs

South Korea military cyber command was hacked | Better HN

South Korea military cyber command was hacked (opens in new tab)

(english.yonhapnews.co.kr)

97 pointsluck879y ago58 comments

58 comments

1. Government website gets hacked

2. Government blames North Korea

3. ???

4. Profit! Err, I mean, government support goes up.

Well, maybe North Korea did it, maybe it didn't, but the current state of South Korean politics created a perverse incentive structure. The more severely the government is hacked (or otherwise attacked by North Korea), the more it is politically rewarded.

So, expect nothing to change any time soon.

Sounds like someone running around with the Cisco IOS exploit from the ShadowBrokers dump. Best Korea has obvious motive, but it could also be random hackers running around hacking everything on shodan.

No one will be safe until governments stop hoarding 0-days. Until we all realize we live in a glass house, the hacks will continue. The best solution is to split the NSA and similar agencies into two. One for developing new tools that produces safer code and finding flaws and reporting them to companies so they get patched. The second for offense.

I'm not sure how splitting up the NSA fixes anything. Wouldn't the new offensive organization still be compelled to seek out zero-day exploits as well for their mission? What happens when they find one that the defensive organization hasn't found yet?

Better than the current setup. The defensive side sole responsibility is to find critical flaws and report them. This would also include investigating breaches in US infra and making sure things get patched. Right now, you don't even have the defensive side.

Splitting IAD off from SIGINT wouldn't reduce the number of zero-days the government collected, but it would:

* Ensure that the advice IAD was generating was untainted by SIGINT influence

* Enable IAD to independently collect vulnerability intelligence and disseminate it (most importantly, to vendors) without having to endure a bogus equities process to ensure they weren't blowing a SIGINT operation.

Of course, this only works if IAD is stripped completely out of the NSA, and perhaps out of the DoD entirely. IAD probably belongs under DHS.

When a government researcher (or government-funded researcher) discovers a new Flash vulnerability, the government hasn't created the vulnerability, nor have they prevented anyone else from discovering that same vulnerability.

Lobbying against SIGINT vulnerability collection doesn't actually make us materially safer --- even if things like the "Shadow Brokers" became routine (rather than the unprecedented shitstorm it actually was), the number and caliber of the vulnerabilities we're talking about are a tiny fraction of the threat we face.

Thankfully those who shutdown biological weapons development in the DoD didn't follow the same logic. Purely from a strategic perspective: defense costs much more than offense, it doesn't make sense for a superpower to spend more on offense than defense when their potential adversaries can't afford to defend themselves against low cost attacks.

Why do you think it matters if NSA stops hoarding 0-days? Let's put that into perspective - iPhone jailbreaking community hacks every new release in days/weeks. And that's just a few people doing it for fun and not getting paid. Companies like Cellebrite have more people paid good money to do the same thing, so they're likely to have an even bigger stash of working exploits. And that's for a locked down device which has all the incentives of being a closed platform.

There's nothing special about NSA or 0-days here. We're using very generic platforms. Lots of organisations have exploits. We're still in a situation where you can point a fuzzer for a few hours at any popular app and get yourself a new 0-day. The only thing that will help you is getting rid of the possibility of exploitation, and limiting the scope when it happens.

It is special because it is government. We have tax payer money going to support thousands of people finding 0-days. What I am proposing is to move some of those funds to be defensive and since it is government, the intention and motivation is to make more secure software. It also forces companies and the industry in general to pay more attention to this stuff.

Right now, government doesn't care. Right now, it is cheaper to get hacked, spew all your information, and then say, "sorry". Not right.

nradov9y ago

So you would like the federal government to effectively subsidize large technology companies by providing free QA for commercial products?

superuser29y ago

We don't make every building a blast shelter and everyone wear body armor. People who walk through the steps of attacking the US physically are going to succeed.

Our security strategy is to:

A) surveil, infiltrate, and block conspiracies to do so before they happen, and

B) identify, track, and punish our attackers after the fact.

I don't think (and "cyber" policy makers don't seem to think) that making every piece of software free of vulnerabilities is realistic. Sabotaging hacking groups, and building sufficiently scary capabilities for retaliation against nation-states that might attack us, seems much more attainable.

The NSA is already partly split like this. There are parts that work to improve security.

alasdair_9y ago

Sadly, there are other parts that do things like pay RSA $10 Million to INTENTIONALLY make their security products easier to hack.

Actively harming the security of Americans is extremely wrong.

abysmallyideal9y ago

Being secure and having privacy is for the privileged. To actually have the same amount of security and privacy before the internet and device boom is prohibitively expensive for over 90% of the citizens.

They've made absolutely certain of it.

redsummer9y ago

IoT: what could go wrong: https://en.wikipedia.org/wiki/Samsung_SGR-A1

I wonder what kinds of fail-safes these sentries have if they're hacked? It says that there's a human operator. Do they have a kill switch to shut it down if it turns the wrong way so it can't be used against them?

lifeisstillgood9y ago

I wonder if it is time for a reboot. If the castles we have built so far turn out to be made of gauze instead of stone, maybe we need to rethink it all, in the same way we need to rethink energy policy

Every Intel motherboard since 2008 has had a "spy" on board, almost every home router is working for someone's botnet and will never be patched, medical devices and factory automation systems ship with default passwords because no one assumed they would ever connect to the Internet and don't get me started on browsers and JavaScript.

It was a multi-decade long fight to get the seat belt adopted, so I suspect that we aren't going to fix this the old way - surely at some point we stop?

tmzt9y ago

RiscV, TCP+crypto offload, hardware switchports with luajit or nf rules. Reactive UI with hardware rendering and compositing.

Hardware keystore with physical switch to generate and enroll keys, user/owner controlled secrets, one-time programmable as an option, hardwired SAK and OS personality switching key.

Real-time security isolation kernel, hardware-enforced containerization with MMU-protected GPU passthrough.

lifeisstillgood9y ago

It will take a while to google-walk through all that, but thank you. Do you feel this is a comprehensive recipie to move to a (enterprise wide) computing platform where the attacker has the paying field tipped against them (it seems the other way round today)

ComodoHacker9y ago

>speculation that North Korea might be behind the latest cyber attack

Does North have hackers skilled enough to perform such (or any) attacks? How did they acquire their skills given the internet is forbidden there?

fma9y ago

As much as the US Media wants to you think North Korea is cut off from the rest of the world, it's not. They have a space program and nuclear program, which is more than what a lot of other countries can say.

It's not a bunch of people living under thatch houses.

If the government wants to make strides in something, they will. They can send their students overseas and get their education there. They can collaborate with other countries.

It's not something every citizen can achieve, but you only need a subset to be effective in cyber warfare.

FrancoDiaz9y ago

As much as the US Media wants to you think North Korea is cut off from the rest of the world, it's not.

The US media doesn't say that. The average N. Korean is very much cut off from the rest of the world....somewhat changing with smuggled in phone and DVDs, but still.

I imagine that they can select the most promising students, enroll them in the military, and give them, under scrutiny, access to all the information they need.

ComodoHacker9y ago

Creating a layer of young intelligent people with access to information and exposure to foreign culture... This can be dangerous.

As other commenters have noted, they're not completely primitive. And while yes, their technical know-how is far behind South Korea's, with the state of modern cybersecurity its equivalently harder to keep people out than it is to get in.

For what it's worth, that problem works both ways; I'd imagine South Korea (and the CIA and whoever else is interested) has all sorts of access to North Korean systems.

I seem to recall that the Sony hack was attributed to North Korean hackers and while many people laughed it off, serious investigations pointed that it was really the case. (Just on top of my head, I'll let you dig for sources.)

serious analysis pointed to iran (malware shared traits with that used in saudi aramco hack a year or two prior), probably because nk and iran have some kind of offensive sharing arrangement on cyber, but the nuclear deal was in the works and the last thing the obama admin wanted to deal with was a perceived provocation.

SRSposter9y ago

The same way they got ahold of nuclear weapons knowledge.

noobermin9y ago

If after decades, they are only now developing nukes barely as powerful as the earliest nuclear weapons (although still dangerous), one would wonder if their decades delayed IT know-how really can pull off such an attack.

ComodoHacker9y ago

Physics was never forbidden. And they got much from Soviets.

If they don't, there are skilled hackers elsewhere who would sell their services.

This is most likely retaliation for North Korea's latest nuclear test

scurvy9y ago

"vaccine routing server" = next-gen firewall running UTM?

From the context, my first thought was something like a centralized server providing anti-virus software and/or updates hosts on the internal portion of the network.

Considering the timeline (within the last month or two) and the recently discovered issues in antivirus products from multiple vendors, I think that this scenario (or something similar) is, at the least, plausible.

A compromised UTM firewall would not be unheard of either.

secult9y ago

So they have internet after all!

slyrus9y ago

Cyber is tough.

Especially for targets that are very attractive to a determined enemy.

steego9y ago

I have a son—he’s 10 years old. He has computers. He is so good with these computers.

j / k navigate · click thread line to collapse