Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security News

Iran and North Korea Team Up To Fight State-Sponsored Malware 191

An anonymous reader writes, quoting the article: "At the start of this month, news broke that Iran and North Korea have strengthened their ties, specifically by signing a number of cooperation agreements on science and technology. The two states signed the pact on Saturday, declaring that it represented a united front against Western powers. Ayatollah Ali Khamenei, Iran's Supreme Leader, told Kim Yong Nam, North Korea's ceremonial head of state, the two countries have common enemies and aligned goals. On Monday, security firm F-Secure weighed in on the discussion. The company believes Iran and North Korea may be interested in collaborating against government-sponsored malware attacks such as Duqu, Flame, and Stuxnet."
This discussion has been archived. No new comments can be posted.

Iran and North Korea Team Up To Fight State-Sponsored Malware

Comments Filter:
  • Hmm... (Score:5, Insightful)

    by The Grim Reefer ( 1162755 ) on Monday September 03, 2012 @09:03PM (#41218641)
    I'm guessing that was an unintended consequence of those malware programs. Unless there's an advantage I don't see with Iran and North Korea strengthening ties.
    • Ya I think driving Iran and North Korea into having stronger bonds is an unintended consequence. I also am not looking forward to the political mud slinging over this.
      • Re:Hmm... (Score:4, Insightful)

        by Anonymous Coward on Monday September 03, 2012 @09:26PM (#41218811)

        Unintended, but hardly unforeseeable, so why would there be mudslinging? Any sort of broad-based sanction will likely lead to increased ties between people who can't do business anywhere else. National self interest is an older game than you seem to think.

        • Unintended, but hardly unforeseeable, so why would there be mudslinging?

          'Cause that's what politicians and demagogues do.

          Now you can blame your least favorite politician of the past 30 years for "allowing this to happen".

          • by jd2112 ( 1535857 )

            Unintended, but hardly unforeseeable, so why would there be mudslinging?

            'Cause that's what politicians and demagogues do.

            Now you can blame your least favorite politician of the past 30 years for "allowing this to happen".

            Just 30 years? I want to blame all of them at least back to Nixon.

          • by Genda ( 560240 )

            Allowing what to happen? Fred Flintstone and Barny Rubble become partners in building weapons of mass destruction? Oh be still my heart. Anybody with an IQ above small single digits should be able to manipulate this situation all day long to hilarious situation-comedic effect. Think of it as "Laverne and Shirley" with fissionable materials... "One, Two, Three, Four, Five, Six, Seven, Eight, Schlemiel, Shlemazel, Hasenpfefffer Incorpor BOOM!

            • I can imagine the scene in Tehran when Iran's diplomats return to give the good news to the Supreme Obsessive Compulsive. In North Korea they found a country led by a man whose dad invented electricity and basketball. How can they fail when allied to such genius?

        • Re:Hmm... (Score:4, Insightful)

          by Dyinobal ( 1427207 ) on Monday September 03, 2012 @09:41PM (#41218935)

          Republicans will say Obama, some how caused North Korea and Iran to hop into bed, and forget to mention that they would of followed the exact same policies or done worse and got us into another unfunded pointless war in the middle east.

          I'm not sure if there will be any mud slinging about this before the election as I doubt the republicans want to draw attention to foreign affairs after Romney's rather terrible overseas trip and the fact his ticket has no foreign policy experience at all but still I can see it happen.

          • Re: (Score:2, Insightful)

            by khallow ( 566160 )

            I'm not sure if there will be any mud slinging about this before the election as I doubt the republicans want to draw attention to foreign affairs after Romney's rather terrible overseas trip and the fact his ticket has no foreign policy experience at all but still I can see it happen.

            I on the other hand hope there's lots of mudslinging. There's no more truth or objectivity in placid campaigns than enraged ones. And the latter have a lot more spirit and engagement to them. Politeness is vastly overrated in politics anyway.

            And "Romney's rather terrible overseas trip"? Ignoring that that's an awfully weak talking point, how is that worse than the typical Obama overseas trip? At least, he hasn't tried to insult his hosts or murmured the exact same platitudes to numerous different host co

        • So is fanatical hatred of foreign nations that don't share your ideology.

    • Re:Hmm... (Score:5, Insightful)

      by Jah-Wren Ryel ( 80510 ) on Monday September 03, 2012 @09:17PM (#41218749)

      I'm guessing that was an unintended consequence of those malware programs. Unless there's an advantage I don't see with Iran and North Korea strengthening ties.

      The military-industrial complex needs enemies. I'm on the edges of the "cybersecurity" business and its been apparent for years now that there is a huge push to play up the risks with respect to national security because there are Cosmos-level contracting dollars at stake (i.e. billions and billions). This sort of escalation perfectly feeds that narrative.

      Stuxnet is going to pay huge dividends for the company that wrote it, not because of the success in Iran, but because of the massive funding for the coming "cyberwar" that stuxnet provoked - imaginary or otherwise.

      • This sort of escalation perfectly feeds that narrative.

        I'm afraid you're right. The call to war just might be more well received by the voters now. Exactly what the doctor ordered. It won't be limited to 'cyber' either. "This is WAR!" Hail, Hail, Freedonia, land of the brave and free...

      • but this does not mean that enemies are just made up hoaxes

        the venom from north korea and iran is real. just ask a japanese, or a syrian

        this is where you lecture me on how these are peace loving harmless countries that have been turned into monsters, just to slake a thirst to spend money by an industrial complex in the usa

        you know, there are actually real breathing human beings in north korea and iran who think and have their own ideas, completely of their own will and independent volition. some of their ideas come from concepts they dearly believe that are older than the united states' existence. not just cardboard cut out reflections of some western propaganda from decades ago from a dead cold war era. maybe you should conceptionalize the fantasty that there exists real people outside the usa with their own agenda that did not start in washington dc

        some of them have agendas that carry some malice for peace on this earth, not just malice for the economies of the west. what they believe and think is their own original creation, and may require defeat on a battlefield

        i say that not because i love drinking oil from the skulls of dead children, or whatever nonsense you believe about someone like myself who would say such a thing, but because i understand, unlike you, that menace does not only flow from one place in the world, and the usa is not the only country with a military industrial complex

        in fact, if you want to see the most complete representation of the idea of a military industrial complex controlling a country in all avenues of power, try pyongyang. tehran, not so much, but the revolutionary guard there is trying its best to defang the mullahs and be more of a direct military industrial complex dominating a country, just like pyongyang

        so if you oppose the idea of the military industrial complex, you oppose north korea. unless your supposed principles are not so much real principles, just a thin veneer for the same old tired tribalism of hating a country or nationality such as the usa just out of the same old tired empty chest thumping avarice you believe you are above somehow?

        • by Taco Cowboy ( 5327 ) on Tuesday September 04, 2012 @01:00AM (#41219921) Journal

          the venom from north korea and iran is real. just ask a japanese ....

           
          Say what??
           
          Ask Japanese about the Koreans?
           
          For Your Information, it was the Japanese who invaded Korea multiple times throughout history
           
          Not the other way around
           

      • In other words, same shit as always, but now with much lower body counts? And instead of developing better explosives, we'll be developing better software security that might actually have real uses?

        Don't get me wrong, I hate to go on the internet and be optimistic, I know that's not cool, but this sounds positive...
        • Re:Hmm... (Score:4, Insightful)

          by Jah-Wren Ryel ( 80510 ) on Monday September 03, 2012 @10:56PM (#41219425)

          In other words, same shit as always, but now with much lower body counts?

          Depends on how you measure "body count" - if it takes death by kinetic weapon to qualify, then sure. If it means slow deaths, like losing 10 years off a person's lifespan due to poor medical care, malnutrition, environmental pollution or whatever because resources were poorly allocated then no.

          Furthermore, just as tasers seem to encourage misuse because of their advertised non-lethality, we stand a good chance of finding escalation of international conflict because of the less-obvious lethality of this sort of engagement.

    • Re:Hmm... (Score:5, Interesting)

      by gman003 ( 1693318 ) on Monday September 03, 2012 @10:00PM (#41219073)

      Unless there's an advantage I don't see with Iran and North Korea strengthening ties.

      It's called the "Slytherin Plan" - gather all your troublemakers and ne'er-do-wells and put them in one spot, so you always know where the next attack is coming from (pro-tip: it's coming from the hive of scum and villainy you just made by doing so).

      • Re:Hmm... (Score:4, Interesting)

        by circletimessquare ( 444983 ) <circletimessquar ... m ['gma' in gap]> on Tuesday September 04, 2012 @02:51AM (#41220285) Homepage Journal

        the USA didn't make iran and north korea. this would disavow the existence of millions of human beings who of their own volition have made it their life's work to militarize and issue bellicose language for decades

        oh i know "in ancient history cold war, the USA did {XYZ} to country {ABC}. therefore, the USA is forevermore 100% responsible for what country {ABC} does." with such stunning intellectual analysis, nevermind completely condescension and patronization of iranians and north koreans as nothing but cardboard cutouts of american actions, how can one argue?

        also, i like how it disavows the USA of anything that happens in afghanistan. since because the USSR invaded it in the 1980s, by some idiot's logic, that means 100% of everything in afghanistan is Russia's fault forever. Oh wait, I'm sorry! We sold Osama bin Laden a stinger missile in the 1980s, so therefore, everything the man does after that is 100% our fault. sorry, i have to get with the mindless blanket blame game program and stop thinking of these people as having free will and the ability to create their own agenda, and remember that they are all just reflections of past american actions, of course

    • by Genda ( 560240 )

      I see this as an opportunity. Slip North Korea a couple faulty nuclear triggers and some time next week both county's nuclear programs should be lazily drifting downwind from a large blue glass ashtray. Whoops! Go straight from tickling the dragons tail to kissing its ass... can you say critical mass!

      The best part is we can all just shake our heads and say "Hey, ya need a little technical assistance? We've done this before, be glad to help you bandage that owwy... 2,000 lbs of yellow cake? $10.5 million dol

    • The two most backward nations, totally reliant on imported technology for everything, join hands on technology. To do what exactly? Getter better deals on German equipment by placing their orders together?

      You also got to wonder how this alliance will work. One hates religion, the other hates communism. A marriage made in heaven!

  • by maxbash ( 1350115 ) on Monday September 03, 2012 @09:10PM (#41218689)
    You think 1930s Germany and Italy working together was bad. This totally freaks me out.
    • You think 1930s Germany and Italy working together was bad.

      To a pretty close first approximation, "Germany and Italy working together" = "Germany".

    • Re: (Score:3, Informative)

      by Animats ( 122034 )

      More like Israel and South Africa working together [guardian.co.uk] to build nuclear weapons back in the 1970s.

    • Bullshit. (Score:5, Insightful)

      by bmo ( 77928 ) on Tuesday September 04, 2012 @12:21AM (#41219781)

      What are they possibly going to do? They are outgunned in every respect - technologically, economically, and militarily by everyone who won't put up with their shit. Pre-WWII Germany had built itself back up to a manufacturing and academic (well, before they chased out the jewish PhDs) powerhouse. Meanwhile we've got the Mullahs afraid that people might actually learn things while at university and a North Korean populace that is reduced to eating grass every 10 years or so. Comparing Iran and North Korea to pre-war Nazi Germany doesn't even pass the belly laugh test.

      Did you even see the ludicrous North Korean attempt at a supposed satellite launch? What about the photoshopped missile launch test from Iran?

      Compare and contrast to the years between WWII and Yeltsin shelling Parliament when I would see maps in the Providence Journal of what would happen if a nuclear warhead detonated over Quonset Point Naval Air Station - an actual, credible, threat. That's what gets me about this "war on terrorism" and "axis of evil" bullshit which chews up trillions of dollars and ruins soldiers' lives for few actual results over imaginary threats to the US. We're supposed to soil our underwear over some technologically backwards regimes who don't even have actual long-range missiles and their medium range missiles leave much to be desired?

      You want cyberwar? How about "accidentally" "dragging an anchor" over an undersea cable in the Persian Gulf or off the coast of North Korea? Because that's what our response is going to be if Iran and North Korea become offensive with malware botnets and they can do fuck-all about it. It's not like it hasn't happened before.

      Threat? Please.

      What fucking threat?

      The people playing up this "threat" of Iran and North Korea are a bunch of pants-wetters and chickenhawks with only one thing in mind - making money off the unjustified fear and advancing the ideologies of PNAC and FPI banging the drums for boots-on-the-ground war with Iran and probably NK. Dan Senor isn't exactly a "potted plant" to take a term from Ollie North's lawyer.

      Oh yeah, and guess who Dan Senor works for?

      --
      BMO

      • somebody who constantly militarizes and issues bellicose language for decades isn't someone you look at for the idea of rational self-restraint

        if north korea randomly sinks a ship or shells an island, as it has done in the last few years, killing dozens of south koreans, you could ask why, but the answer is simply: who knows? the problem is that therefore you can't depend upon them for anything rational or stable. they'll launch a missile at tokyo tomorrow. why? who knows?

        then there is another argument you

        • by bmo ( 77928 )

          there's an argument for nipping the problem in the bud before the mistake happens. an unstable idiot with a gun is a problem. no matter how faulty the gun or how many cops are standing around him

          There is an argument, but the argument needs to be tempered with "how many lives is this going to cost us nipping it in the bud?" Because you *know* that an actual invasion over the DMZ or by sea means that everything stationed by NK behind the DMZ gets launched.

          Diplomacy has worked over the past decades, because i

  • Considering all the trade and economical sanction, and the collapsed economy, where does North Korea get its computers from? People in that country are starving, and they cannot afford computers. That reduces the talent pool for the malware defence team. Also I don't think communism ethos is compatible with hacker culture, so the people who get to use computers are as thick as wooden planks...

    • by 93 Escort Wagon ( 326346 ) on Monday September 03, 2012 @09:32PM (#41218857)

      Considering all the trade and economical sanction, and the collapsed economy, where does North Korea get its computers from?

      Well up until recently, Kim Jung Il designed and built them all himself.

    • Considering all the trade and economical sanction, and the collapsed economy, where does North Korea get its computers from? People in that country are starving, and they cannot afford computers. That reduces the talent pool for the malware defence team. Also I don't think communism ethos is compatible with hacker culture, so the people who get to use computers are as thick as wooden planks...

      Sanctions are disproportionately passed on to the little guy, after the Glorious Leader and his military get their cut of whatever's left.

    • by Guppy06 ( 410832 ) on Monday September 03, 2012 @09:34PM (#41218871)

      where does North Korea get its computers from?

      Probably from the same place they got their nuclear technology: our dear friend and ally Pakistan.

    • by Mashiki ( 184564 )

      They get them from China. The elite are very well off, it's very similar as to how it was in the USSR. The peasants are broke, poor, and downtrodden, but the elites? You know, they get a pat on the head and a few hours of luxury. And if you're in the inner circle, you get even more privileges.

      Don't worry though, through years of careful brainwashing they teach that the western world is out to "steal" their(n.korean) paradise.

      • They get them from China. The elite are very well off, it's very similar as to how it was in England and whatever other country American emigrated from. The factory workers are broke, poor and downtrodden but the farmers and the elite? You know, they get massive subsidies and bailouts and a few decades of luxury. And if you're in politics, you get even more privileges like state funded medical care.

        Don't worry though, through years of TV watching, they teach their subjects that the socialists are out to ste

        • by Mashiki ( 184564 )

          I'm guessing you haven't been to China anytime in the last 10 years, and only listen to what the media here keeps telling you. That bulging middle class, that didn't exist 15 years ago is exploding as much as we didn't have one 200 years ago here.

    • by c0lo ( 1497653 )

      Considering all the trade and economical sanction, and the collapsed economy, where does North Korea get its computers from?

      Up until recently, I don't know... however, I can guess that they'll mostly get them from Iran from now on.

  • the enemy of my enemy is my friend who has a BSOD just like mine

  • FreeBSD (Score:5, Funny)

    by Anonymous Coward on Monday September 03, 2012 @09:39PM (#41218921)

    Oh, to be a fly on the wall when those two get together one weekend to install FreeBSD for the first time.

  • by msevior ( 145103 ) on Monday September 03, 2012 @10:09PM (#41219135)

    It's all pretty funny really. They have malware because they're heavy uses of American Software. ie They NEED their hated enemy to make their software.

    • It's all pretty funny really. They have malware because they're heavy uses of American Software. ie They NEED their hated enemy to make their software.

      I dont think they actually need their enemies to make their software, but they use it because it exists and is available.

    • They have malware because they're heavy uses of American Software.

      Stuxnet came first and it was highly targeted at specific hardware configurations that would only be found in Iranian nuclear facilities.

      I don't think it would have mattered what software the Iranians had installed,
      since the (alleged) American/Israeli coders had all the time in the world to replicate the setup and probe for exploits.

      The problem isn't American software, it's that flaws will creep into the most carefully crafted code.
      Even the OSS theory that 'given enough eyeballs, all bugs are shallow' hasn'

  • This is like two clinically brain damaged boxers, one with delusions of grandeur, the other with terminal paranoia, both apoplectic with grotesque rage, each reeling and barely able to stand, stammering and slurring the simplest verbalizations, unable to sign their own names or feed themselves, hands shaking so badly they can't wee on their own without soaking the whole bathroom, bumping gloves and (attempting to unsteadily) stand together, thinking "NOW we'll show the bastards!".

    I doubt this is going to st

    • Seriously. They don't speak the same language, they don't look the same, their cultures are both extraordinarily xenophobic, and both of them are perceived on the world stage to be technologically incompetent. In Iran, the education system was there, but it's being rapidly dismantled, and anyway the mullahs make sure Iranians who learn things aren't allowed to do anything with what they learn, and North Korea is, well, a collection of peasants.

      Punchdrunk boxers indeed.

  • by acidradio ( 659704 ) on Monday September 03, 2012 @10:25PM (#41219231)

    I could see an ironic twist to all of this. Iran and North Korea could end up pooling all of their resources and make really cutting-edge antivirus and antimalware software. We've seen other countries put government money behind a problem (ie. Japan funded research to make better car factories) and solve it in this way. And when Iran and North Korea make this wonderful new software the rest of the world might just line up to to buy it. Who knows what else they will innovate. We could be creating a monster here!

    • In one corner, the defenders Iran and North Korea, stubborn to the end and willing to die for the cause...

      In the other corner, all the resources of the west including but not limited to the NSA, the Israelis and Microsoft itself, willing to do anything to win...

      I know where I'd put my bet.

  • This will probably make their cyber defense efforts easier to infiltrate.

  • It's the Axis of e-Evil.
  • that we manage to get an atheist state and a theocracy in bed with one other.
  • North Korea has already developed an unbreakable defence against cyber attacks: they don't have internet or computers strong enough to run a modern virus.

  • In related news.. no one was surprised that the master password to the top secret PRK government networks is 1-2-3-4-5. Iran couldn't be reached for comment but was seen to be changing the combinations on all the official state luggage.

  • They should buy out McAfee. Everyone already hates McAfee so it'd be a perfect fit. By the way, nobody in human history has teamed up to stop malware in any form ever. They'd have to fire all their human employees and get rid of all their computers, lol.
  • by Kazoo the Clown ( 644526 ) on Tuesday September 04, 2012 @02:31AM (#41220215)
    While I'm all for throwing a monkey wrench in Iran's nuclear program, having used techniques like this legitimizes and raises awareness of them to an extent, and I would suggest that the US may be far more vulnerable to such techniques in the long run. I do wonder if it was a good idea....
  • Hello,

    It is interesting in reading the article and comments here on Slashdot that no one has talked about the effect cooperation between Iran and North Korea would have on either accelerating the pace of malicious software deployed against these nation-states, or even worse, the use of other means to combat their nuclear ambitions.

    The Stuxnet worm was designed to target a single specific network. Yes, it spread in other ways, but the payload it deployed would was engineered so that it would only work on the Natanz nuclear facility's network. That is an insane level of precision and it clearly shows the huge investment made by the attacker(s) to ensure that this "cyberweapon" could only be triggered by the correct environmental conditions. It costs money to develop the targeting, payload and telemetry systems to support that, and the attacker(s) are only going to make that type of investment in what has to have been a highly-speculative "cyberweapon" if they believe they are going to get some value out of it.

    The value in malicious software like this (as well as in commercial spyware offerings, like FinFisher) is in their ability to perform without being detected by anti-malware software. As soon as that happens, the malicious software no longer has any value. The attacker may attempt to update their malicious software for a few generations, but once they are on the radar of anti-malware companies, samples of the new variants will make their way to the researchers at the anti-malware companies, possibly with metadata or telemetry that allows the point of origin to be identified. Which is not so good for plausible deniability. It is also possible that the countermeasures introduced to foil detection by anti-malware programs will introduce unforeseen errors into the malicious program, simply because it was not as fully tested as the original attack.

    If one is to believe that the Stuxnet worm was jointly-created by the United States and Israeli to (1) degrade Iran's nuclear ambitions; and (2) as a means of delaying an attack by Israel on Iran than one has to wonder about what sort of options are to be considered if malicious software is no longer an option.

    From the defender's point of view, Iran's response to the Flame malware was probably the most effective thing they could do to combat it: The Iranian CERT blasted out copies of it to anti-malware companies around the world, ensuring that detection would be added in a matter of hours. Anti-malware companies add detection of malicious software sent to them; that's what they do, after all.

    The idea that an anti-malware company would not add detection for a threat because it may have been created by or used by a governmentâ"or they were told not to by their governmentâ"does not hold water. While anti-malware software may be thought of as an American or Western European creation, there are plenty of anti-malware companies in South America, the Middle East, Asia, Eastern Europe and other parts of the globe, and any anti-malware company that did not add detection for such a threat would be subject to speculation and scrutiny about why. It would be a tacit admission by the country the anti-malware company operated in that their government was responsible for the malware.

    Maintaining plausible deniability means not blocking or otherwise interfering with the detection of malware by anti-malware companies, and when they respond to a threat in hours that may have taken weeks, months or even years to develop, well, you start looking for other ways to get more bang for your buck. My fear is the emphasis will be on the bang.

    Regards,

    Aryeh Goretsky

  • Well, I think this makes it pretty clear what kind of people the Iranian regime consists of. Anyone who is prepared to ally itself with North Korea, the greatest gangster -1984 nightmare- regime in the world, loses all credibility in my book.

Avoid strange women and temporary variables.

Working...