You are not logged in.
Heart of South Korea’s satellite operations breached in cyberattack
https://www.chosun.com/english/national … LOLWV4DJ4/
The Korea Satellite Operations Center, tasked with managing Multipurpose Satellites for reconnaissance satellites, and the Compact Advanced Satellite 500, a public satellite, has fallen victim to a hacking incident. The full extent of the breach remains uncertain, highlighting significant vulnerabilities in South Korea’s space infrastructure. This comes at a critical time, just before the inauguration of the Korea Aerospace Administration, a significant initiative under President Yoon Suk-yeol’s administration.
South Korea’s National Intelligence Service (NIS) has confirmed a recent cyber intrusion at the Korea Satellite Operations Center in Jeju.
KARI oversees critical Earth observation satellites, such as the Multipurpose Satellites and Compact Advanced Satellite 500, with the NIS being its principal client. The Arirang 3 satellite has an optical camera capable of detailed ground observations (to 70 centimeters), whereas the Arirang 3A features a 55-centimeter resolution camera and an infrared camera for nighttime surveillance.
The NIS is currently working to identify the perpetrators, the methods employed in the hack, and the nature of the compromised data. An NIS official emphasized the agency’s crucial collaborative efforts with the Ministry of Science and ICT.
A security control specialist suggested the likelihood of North Korea’s involvement, saying, “The hack likely originated from North Korea.” Given the history of cyber-attacks on governmental bodies, often traced back to North Korea, and the similarities in the hacking techniques observed, there is a strong suspicion that North Korea could be behind this incident. A breach of the Korean Satellite Operations Center by North Korean operatives could endanger a wide range of sensitive data, including security, economic, and environmental information, gathered by South Korea’s Multipurpose Satellites. These satellites have monitored South Korea and other global regions for over two decades, holding potentially sensitive data about crucial allies.
Offline
A major hacking seems to be under way....
Void reported the 404 Not Found for NewMars.com, and I decided to send email to a major US TV network, in hopes someone there would investigate and report on air if there is something major going on.
One interpretation of the behavior we are seeing is that DNS servers have been taken over, and not every web site is being intercepted, but ours obviously is.
The behavior we are seeing can be explained if a DNS server that is supposed to forward packets to us is returning the 404 message when it gets a match on the URL.
The hacking might be localized. Void and I are served by different DNS servers. Or the hacking could be at a higher level, so that more Internet users would see the error.
(th)
Offline
ChatGpt4 has some general advice...
Web Security Incident Report
Overview: We have observed unusual behavior on our website, characterized by a specific error message "404 Not Found CIPI CIPI CAPA CAPA DUBI DUBI" appearing in lieu of expected content. This incident suggests potential security concerns that warrant immediate attention.
Potential Causes:
DNS Hijacking or Poisoning: The possibility of DNS compromise, affecting traffic direction.
Web Server or Website Compromise: Indications of alterations or malicious rule injections on the web server.
Misconfiguration or Malicious Scripts: Potential misconfigurations or the presence of malicious scripts causing unintended behavior.
SEO Spam or Defacement: The unusual message might be an attempt at either SEO manipulation or simple defacement.
Recommended Actions:
Immediate Investigation: Review web server logs for anomalies and check for unauthorized changes to website files or configurations.
Security Audit: Conduct a thorough security audit for vulnerabilities and ensure all components are up to date.
Check DNS and Web Server Configuration: Verify the integrity of DNS settings and web server configurations.
Contact Hosting Provider: Notify your hosting service of the incident for additional support and insights.
Conclusion: While a broad DNS attack is less likely, the evidence suggests a compromise localized to our web infrastructure. Immediate and comprehensive measures are crucial to identify the breach, secure the website, and prevent future incidents.
(th)
Offline
Some in overseas places to avoid a spying government politically intrusive instead bounce their signals and use VPN. Not every fix solution offered will be helpful, you will have to use common sense some people can be a wolf in sheep's clothing, some offered solutions will be trying to collect your data or 'Phishing'. An attack and then something 'is inaccessible' Some build their own computers and networks, others said OpenDNS was maybe going to be a thing. This could be the new world we enter and we can expect more world website shutdowns and disruptions, life essential and safety sites like weather info getting hit? sometimes someone might wrongfully report a site for 'offense' to an Internet Company linked to government, file reports suddenly a biggest ISP will then start DNS blocking, other sites get reported for a copyright on images or song links, artist property or 'File Sharing site' goes down, a site can get hit because it has a post which criticized a certain Government.
The Best Free and Public DNS Servers (2024)
https://www.lifewire.com/free-and-publi … rs-2626062
Use 8.8.8.8 and 8.8.4.4 for Google's DNS service. Here are more options from other companies
2019 article
Internet gatekeeper warns of 'ongoing and significant' DNS attacks
https://www.engadget.com/2019-02-24-ica … tacks.html
It's urging tighter security for web domains.
'There have been escalating reports of attacks on DNS, ICANN said, including hijacking attempts that point domain visitors to rogue servers. Some of these appear to have been state-sponsored attacks from Iran'
one way I knew people got back into their site was to try directly accessing the IP addresses, the the future AI might fall into the wrong hands pressure from the political groups or gangsters is maybe going to be extreme. Some say Red Hat Hackers they say are Not to be confused with the Red Hat Linux OS or Red Hat Inc an open source software company...they say Red Hat are good guys but sometimes support vigilantes?
'introduction to Domain Name Servers article'
https://www.redhat.com/sysadmin/dns-domain-name-servers
Tahanson is it coming from within the US or is it an attack by proxy say India, Cambodia, Qatar, South Africa, Vietnam, if attacks come from one place you could put a temporary 24 hr ban on the origin of attack.
anyways some possible relevant stuff
'How can you tell if HNS is working?'
https://www.privateinternetaccess.com/b … ystem-hns/
Build your own DNS server on Linux
https://opensource.com/article/17/4/bui … ame-server
Learn how to use BIND to set up your own server for resolving domain names.
Offline
For Mars_B4_Moon re #154
Thank you for your review of multiple topics in the theme of hacking...
I wondered about your suggestion of using the IP address, and got this:
Site Not Found
Well, this is awkward. The site you're looking for is not here.Is this your site? Get more info or contact support.
This message comes from Dreamhost, which is our Internet provider. I interpret this as a sign they are aware of and working on the problem.
The web page that should appear is not available, but it is not a major attraction for us or for Mars Society.
It is helpful that the subfolder "forums" is still operating normally.
The main function of the top level page was to provide a link to the forums.
For a while it appears we need to make sure anyone we point to the forum is aware they need to add the folder "/forums" to the URL.
***
If anyone is interested, the main Mars Society site is working normally...
we are still operating with http: (no security)
I expect that this incident will lead to pressure to convert the forum to https....
Our current work on FluxBB to enable it to run with modern PHP and MySQL would be a step toward that goal.
(th)
Offline
hackers and bots backed up by Hindu Nationalism?
Intelligence Report Says Bots and Fake Accounts Linked to India’s Governing Party are Harassing Canadians
https://pressprogress.ca/intelligence-r … canadians/
Offline
For SpaceNut ....
Thanks to your leadership, our forum is free of hacker attack successes.... We are still being attacked by bots every day and every minute of every day, but for several years now not ONE of those bots has penetrated the strong defense you set up.
However, Dr. Lewis Dartnell's older phpBB forum is under serious attack and the hackers have found a way to promote themselves from Newbee to Regular Member. I've notified Dr. Dartnell, and he responded recently to acknowledge the situation.
Below I will show the status of the Knowledge forum as of a few minutes ago. I'm planning to post similar messages to show the progress of the assault. Eventually I assume/hope Dr. Dartnell will decide on a response. In the meantime, the number of fake members is growing at the rate of hundreds per day.
WHO IS ONLINE
In total there are 372 users online :: 2 registered, 0 hidden and 370 guests (based on users active over the past 5 minutes)
Most users ever online was 437 on Thu Apr 18, 2024 9:51 pmRegistered users: Barbarafrers, tahanson43206
STATISTICS
Total posts 2371 • Total topics 323 • Total members 27849 • Our newest member eseiceseqav
Note: there are only about a 1000 ** real ** members in the Knowledge forum, just as we have about 1000 ** real ** members in NewMars.
The total number of fake accounts is therefore on the order of 27,000 and growing rapidly.
***
Update ... here is the corresponding report for NewMars...
Newest registered user: GStanley2023
Registered users online: 0
Guests online: 115
Of the 115 "guest" I am the only "real" entity. All 114 of the others are bots.
In our multiple initiatives to investigate options for the forum, we have the opportunity to investigate whether we might be able to characterize the "guests". There may be a way to determine if they are human or bot, but at this point, I don't know what such a method might be. Analysis of the IP address ** is ** possible, and we could easily report the country of origin of each "guest". Google does something similar with it's web site reporting tool.
Come to think of it, we might be able to install the Google web site reporting tool. We set that up for the Living Universe web site, and it produced interesting results.
(th)
Offline
For SpaceNut re Turning off Registrations...
If you will document how to do that, I'd be happy to forward your instructions to Dr. Dartnell.
As you do so, please keep in mind that it has literally been years (since 2018) that he opened a session on the Knowledge forum.
Your advice needs to be written for someone who has forgotten almost everything about how to run the site, and in any case, never knew how to shut off Registration. While you're at it, please find out where the text we see at our Registration page is stored. That needs to be changed to point to our new registration procedure, and now that we have a Webmaster (kbd512) we can change it. (Assuming you cannot, which is possible).
(th)
Offline
For SpaceNut re Turning off Registrations....
Please document how to do that in the new phpBB3 test site.
I'd be happy to forward your instructions to Dr. Dartnell at discuss.the-knowledge.org
***
Here is the status of the hacker assault today:
WHO IS ONLINE
In total there are 156 users online :: 3 registered, 0 hidden and 153 guests (based on users active over the past 5 minutes)
Most users ever online was 582 on Fri Apr 19, 2024 10:08 pm
Registered users: epehobo, tahanson43206, valtrex 500mg coupon
STATISTICS
Total posts 2382 • Total topics 323 • Total members 28274 • Our newest member valtrex 500mg coupon
Here is yesterday's report:
Total posts 2371 • Total topics 323 • Total members 27849 • Our newest member eseiceseqav
The increase of "members" is 425 That's a ** lot ** ... the hackers seem to have found a weak site and are going after it.
(th)
Offline
For SpaceNut re hacker attacks on Knowledge web site...
Just FYI ... this is like watching a slow train wreck ...
206,944,697 km [26.5 km/s] Update Monday 2024/04/22 12:20 UTC Sun Mars Distance
Total posts 2383 • Total topics 323 • Total members 29137 • Our newest member abigiux
29137 - 28278 >> 859 << Number of new spammer accounts added in 24 hours
(th)
Offline
So, if we can do what we have done with registration and spammer account conversion then there is no reason from what I have seen to turn it off as we have done here.
Offline
For SpaceNut re #161
Thanks for thinking about Dr. Dartnell's situation.... His forum is being flooded with spammer applications for "membership".
He has written (by email) to confirm that he is (now) aware of the situation.
I have recommended turning off registration as you have done.
However, to this point, Dr. Dartnell has not logged in.
I'll continue to report on the increases of spammer accounts.
(th)
Offline
Status of Knowledge forum on 2024/04/24...
206,880,333 km [26.5 km/s] Update Wednesday 2024/04/24 12:10 UTC Sun Mars Distance
Total posts 2383 • Total topics 323 • Total members 30015 • Our newest member ufwrasikosm
30015 - 29578 >> 437 << Number of new spammer accounts added in 24 hours (crossed 30,000)
For SpaceNut ... if this pace keeps up, and Dr. Dartnell takes no action to stem the flood, the site will cross 40,000 in 25 days or so.
One benefit of all this activity is that it gives the Knowledge forum server some exercise.
(th)
Offline