Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Facebook EU Security Social Networks

That North Korean Facebook Clone Has Already Been Hacked (vice.com) 84

Remember yesterday's story about an off-the-shelf Facebook clone in North Korea? Within a few hours that site was hacked by an 18-year-old college student in Scotland. An anonymous reader writes: Using the default credentials, Andrew McKean posted "Uh, I didn't create this site just found the login" in the site's box for Sponsored links. "McKean was able to become an admin for the site just by clicking on the 'Admin' link at the bottom of the site and guessing the username and password," writes Motherboard, which adds that the password was "password". McKean says the breach "was easy enough," and granted him the ability to "delete and suspend users, change the site's name, censor certain words and manage the eventual ads, and see everyone's emails."
The teenager said he had "no plans" for the compromised site -- except possibly redirecting it to an anti-North Korean page.
This discussion has been archived. No new comments can be posted.

That North Korean Facebook Clone Has Already Been Hacked

Comments Filter:
  • "Uh, I didn't create this site just found the login"

    Why not "Kim Jong-Un is a pussy! Sincerely yours, Park Geun-hye" or something more creative like that?

    • by Anonymous Coward
      Nah, you should be able to do better than that: Public Announcement: Following up on the policy of acceptable haircuts for students that need to follow the impeccable style of our beloved leader, we've decided to extend the required complance: Please report ot the nearest hospital for cosmetic surgery if your penis measures more than 2 inches to follow our beloved leaders standard.
    • How uninspired. The true gold would be:

      1. Make a few insanely absurd new rules for the North Korean people. This is actually the challenging part for a people that already had mandatory haircuts, I agree.
      2. Point a few western news networks at the page.
      3. Watch the ensuing hilarity when they start gobbling up your insanity as reality.

  • Hacked? Really? (Score:5, Insightful)

    by Frosty Piss ( 770223 ) * on Saturday May 28, 2016 @10:54PM (#52203867)

    The word "hacked" is overused. Making a fairly easy assumption that the default UID / PID has not been changed by some rube North Koreans who didbn't expect anyone to notice the demo site is hardly a "hack".

    On the other hand, I'll bet that the REAL North Korean intel guys gathered a whole lot of data from the honeypot site.

    • The word "hacked" is overused.

      That's only because the bar for people is set too low. Hack means to gain unauthorised access to a system. Whether that was via a SQL injection or because someone gave up the password in a phishing scam, or someone unauthorised simply guessed the password isn't part of the definition.

      It was a cheap hack which required no skill what so ever, but a hack none the less.

      • by turbidostato ( 878842 ) on Sunday May 29, 2016 @05:49AM (#52204673)

        "Hack means to gain unauthorised access to a system."

        That's a crack.

        A hack is any clever and usually unexpected use of technology to accomplish a task.

        • That was a crack. Language has moved on and left the old definitions in the past. That's the upside and the downside of English and while you like the distinction if you tell someone you cracked a system they will likely think you're inhaling a new kind of drug.

          • "That was a crack. Language has moved on and left the old definitions in the past."

            Only it has not moved. When a comment in code reads " # dirty hack: I did this because... " nobody thinks the author left a backdoor in the program.

            • Only it has not moved.

              I beg to differ, as do people who read newsspeak, read the internet, consume various forms of popular media, talk at the water cooler, and those who write dictionaries which document the present use of words. Note I said document. The dictionary does not define, it only documents the present popular usage and some nicer dictionaries give you a bit of history of the words too.

              To claim the distinction is to not move with the times which while you're right unfortunately makes you an "outcast" to the common usa

              • I beg to differ, as do people who read newsspeak, read the internet"

                It's funny then, that just yesterday, in the most sold newspaper in my country (so, for the masses), the CEO of one of the biggest telcos in the world presented his newly appointed Chief Data Officer as the "most famous hacker in the country". You can bet he was not talking about somebody that illegally breaks into others' systems.

            • Polysemy.

    • by AmiMoJo ( 196126 )

      Yep. It's either a honeypot trap that this guy just stumbled into, or it's some random student's university project and pretty far from the spectacular "hack" that TFA seems to think it is. How many people are actually using this site and are they posting anything interesting?

    • "The word "hacked" is overused."

      Still, if this was not a North Korean site but, say, a US Gov one, wouldn't this boy be already assaulted by a SWAT team, moved to gitmo and presented as public enemy number one?

      Why the double standard?

    • Agreed...this is not really worthy of the "hacked" label.

      To call this "hacking" is akin to microwaving a burrito and calling it "cooking".

  • by Anonymous Coward

    "which adds that the password was "password""

    He must have used a sophisticated brute force attack.

  • Next man up (Score:2, Interesting)

    by Anonymous Coward

    The poor shlub who administers that site has probably already been executed.

  • by fred911 ( 83970 ) on Saturday May 28, 2016 @11:56PM (#52204025) Journal

    "The teenager said he had "no plans" for the compromised site"

      Ah these young'ins, back in the day it would be goatse.cx 'ed or at the very minimum a penis bird!

      Jeeze what's this world become.

    • "The teenager said he had "no plans" for the compromised site"

      [...]

        Jeeze what's this world become.

      hopefully, more civilized. previous generations are really trying hard to ruin what's left of the world.

      • hopefully, more civilized. previous generations are really trying hard to ruin what's left of the world.

        Wow, found the captain of the fun police.

    • I can think of something more useful. See if the site computer has a modem or phone connection or something, and then bridge over onto the Kwangmyong intranet [wikipedia.org]. Port scan and download everything! ... although at dialup speeds, it would take a while.
    • by techno-vampire ( 666512 ) on Sunday May 29, 2016 @02:23AM (#52204293) Homepage
      I think that if I managed to hijack a site in North Korea, I'd simply redirect it to a tourism site in South Korea to let the North Koreans get a look at how the other half lives.
    • Linking to goatse? Why, it's North Korea, I'm pretty sure the page already showed a huge asshole on the front page.

  • seriously, this was an easily predicted outcome. [slashdot.org] PHP and security are at odds with each other.

    • by Tablizer ( 95088 )

      What's the safe language then?

    • He got in because the password was left as "password". In what programming language is "password" a secure password?

      Having said that, ten years or fifteen ago PHP had serious security issues, given that it is designed to be used on web, where the application will be attacked daily. It was literally impossible to write a secure program in PHP; literally "hello world" had a security vulnerability. Much has changed. PHP was originally a CMS, written in Perl with a bit of C. It's now an actual programming la

  • sarcasm on: He could have changed the password, and then they would not know how to regain it back....
  • Crime (Score:2, Interesting)

    by Anonymous Coward

    I hope he is prosecuted to the full extent of the law both UK and NK, any propaganda induced biased against NK is not reason enough to commit a crime.

    • it's not a crime to hack the DPRK.

      • 1.) since when it is not a crime to hack DPRK, just because its the DPRK, I think the UK computer fraud acts are pretty specific.

        The big exception is, when you would be part of the military or part of a secret service - then you can commit crimes sometimes even against humanity and go unpunished.

        2.) And there might be an exception when the hacking could go unpunished, exactly if it would be used to save lifes, for example or stop attrocities (by changing the execution list for example), or bring evidence fo

  • It was probably a student project, not a gov't sponsored site. I doubt the NK gov't gives a fuck.

  • This sounds like a default, or near-default install of a basic web application, made available from a public-facing IP. The only remotely interesting thing here is that the IP is in NK, but the only real story seems to be "someone in North Korea with the ability to allocate a public IP played with dolphinPHP." I mean, it could be an official party directive. Or it could be that some bureaucratic entity in DPRK did what bureaucratic entities love to do: had an idea that went nowhere, which may not have ever

  • Kinda amused to see this get put out as a story now. It didn't get much attention when I pointed it out yesterday. [slashdot.org] The little ninja character [imgur.com] was gone pretty fast, though.

  • Why is this news? Were people expecting North Korean admins of off-the-shelf websites to somehow be better than ones in the rest of the world?

  • How many North Corean people will die because of this ?
    Or is the crazyness not to that level yet ?

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...