
South Korea military cyber command was hacked - luck87
http://english.yonhapnews.co.kr/national/2016/10/01/82/0301000000AEN20161001001451315F.html
======
yongjik
1\. Government website gets hacked

2\. Government blames North Korea

3\. ???

4\. Profit! Err, I mean, government support goes up.

Well, maybe North Korea did it, maybe it didn't, but the current state of
South Korean politics created a perverse incentive structure. The more
severely the government is hacked (or otherwise attacked by North Korea), the
more it is politically rewarded.

So, expect nothing to change any time soon.

------
Eridrus
Sounds like someone running around with the Cisco IOS exploit from the
ShadowBrokers dump. Best Korea has obvious motive, but it could also be random
hackers running around hacking everything on shodan.

------
electic
No one will be safe until governments stop hoarding 0-days. Until we all
realize we live in a glass house, the hacks will continue. The best solution
is to split the NSA and similar agencies into two. One for developing new
tools that produces safer code and finding flaws and reporting them to
companies so they get patched. The second for offense.

~~~
thematt
I'm not sure how splitting up the NSA fixes anything. Wouldn't the new
offensive organization still be compelled to seek out zero-day exploits as
well for their mission? What happens when they find one that the defensive
organization hasn't found yet?

~~~
electic
Better than the current setup. The defensive side sole responsibility is to
find critical flaws and report them. This would also include investigating
breaches in US infra and making sure things get patched. Right now, you don't
even have the defensive side.

------
redsummer
IoT: what could go wrong:
[https://en.wikipedia.org/wiki/Samsung_SGR-A1](https://en.wikipedia.org/wiki/Samsung_SGR-A1)

~~~
sverige
I wonder what kinds of fail-safes these sentries have if they're hacked? It
says that there's a human operator. Do they have a kill switch to shut it down
if it turns the wrong way so it can't be used against them?

------
lifeisstillgood
I wonder if it is time for a reboot. If the castles we have built so far turn
out to be made of gauze instead of stone, maybe we need to rethink it all, in
the same way we need to rethink energy policy

Every Intel motherboard since 2008 has had a "spy" on board, almost every home
router is working for someone's botnet and will _never_ be patched, medical
devices and factory automation systems ship with default passwords because no
one assumed they would ever connect to the Internet and don't get me started
on browsers and JavaScript.

It was a multi-decade long fight to get the seat belt adopted, so I suspect
that we aren't going to fix this the old way - surely at some point we stop?

~~~
tmzt
RiscV, TCP+crypto offload, hardware switchports with luajit or nf rules.
Reactive UI with hardware rendering and compositing.

Hardware keystore with physical switch to generate and enroll keys, user/owner
controlled secrets, one-time programmable as an option, hardwired SAK and OS
personality switching key.

Real-time security isolation kernel, hardware-enforced containerization with
MMU-protected GPU passthrough.

~~~
lifeisstillgood
It will take a while to google-walk through all that, but thank you. Do you
feel this is a comprehensive recipie to move to a (enterprise wide) computing
platform where the attacker has the paying field tipped against them (it seems
the other way round today)

~~~
Jach
It doesn't sound comprehensive enough to me, though better than what's around.
My own comprehensive recipe is simply "put nickpsecurity in charge". :)

~~~
tmzt
I was thinking the same thing. What I was describing is about using the
disadvantages of a platform like RiscV yo our advantage. Rather than running
network stacks, compositing and other things on the main processor which will
likely trail intel processors in performance for a time, we design the
hardware to do what hardware does best.

------
ComodoHacker
>speculation that North Korea might be behind the latest cyber attack

Does North have hackers skilled enough to perform such (or any) attacks? How
did they acquire their skills given the internet is forbidden there?

~~~
SRSposter
The same way they got ahold of nuclear weapons knowledge.

~~~
noobermin
If after decades, they are only now developing nukes barely as powerful as the
earliest nuclear weapons (although still dangerous), one would wonder if their
decades delayed IT know-how really can pull off such an attack.

~~~
jasonwatkinspdx
The situation is a bit more complex than that. We don't know the yield of NK's
weapons based on the tests, because it's likely the tests have been sized to
minimize material usage and just confirm the physics. Given that they're
expanding their uranium mining it seems likely they have centrifuges operating
and they're building hybrid bombs. This is the same path China went down when
they were material limited.

So anyhow, it's not like a footrace where the major nuclear powers are at the
finish line and NK is trying to catch up. They're following their own path
appropriate for the situation they're in.

------
aburan28
This is most likely retaliation for North Korea's latest nuclear test

------
scurvy
"vaccine routing server" = next-gen firewall running UTM?

~~~
jlgaddis
From the context, my first thought was something like a centralized server
providing anti-virus software and/or updates hosts on the internal portion of
the network.

Considering the timeline (within the last month or two) and the recently
discovered issues in antivirus products from multiple vendors, I think that
this scenario (or something similar) is, at the least, plausible.

A compromised UTM firewall would not be unheard of either.

------
secult
So they have internet after all!

------
slyrus
Cyber is tough.

~~~
sverige
Especially for targets that are very attractive to a determined enemy.

