back to article Your server remote login isn't root:password, right? Cool. You can keep your data. Oh sh... your IoT gear, though?

Not content to be the focus of the geopolitical news cycle, Iran now also finds itself in the middle of two major developments in the security world. Earlier this week, infosec outfit Recorded Future claimed a Tehran-backed group known as Elfin, or APT33, has been increasingly active in recent months, largely targeting …

  1. Pascal Monett Silver badge
    Coat

    "targeting [..] companies within Saudi Arabia [..]"

    So they are wreaking havoc on their own instead of attempting to attack US industrial facilities.

    Could it be that Moscow told them it had that covered and they should go play elsewhere ?

    1. Jimmy2Cows Silver badge

      Re: "targeting [..] companies within Saudi Arabia [..]"

      Being rivals, Iran treating Saudi as 'one of their own' is not a thing.

    2. Anonymous Coward
      Anonymous Coward

      Re: "targeting [..] companies within Saudi Arabia [..]"

      It would be far more true to say that when the US are locking up Mexican kids, that they're "wreaking havoc on their own", than to say the same about Iran and Saudi.

      1. IGotOut Silver badge

        Re: "targeting [..] companies within Saudi Arabia [..]"

        I think he thinks all brown Muslim are in it together.

        Just like both sets of white Christians got on so well in Ireland / Northern Ireland

        1. Pascal Monett Silver badge
          Pint

          Actually, I forgot the part where the hackers were Iranian when typing my comment.

          I stand corrected and, because it is now Friday, this round is on me.

  2. _LC_
    Facepalm

    "a teenager from Europe who had only been using the Iranian machine as a proxy to control the bots"

    But let's face the facts, only teenagers are able to do this. ;-)

  3. lglethal Silver badge
    Mushroom

    This is a controversial opinion, no doubt, but....

    So Silexbot checks IoT devices for root:password and if found, trashes the device, and moves on.

    Seems to me like they're performing a public service by removing potential botnet machines from the internet. If you cant be bothered to change the root password on your internet facing devices, then you probably dont deserve to have them on the internet.

    Nuking from orbit, sometimes it's the only way to be sure...

    1. Halfmad

      Re: This is a controversial opinion, no doubt, but....

      Agreed, I genuinely don't think I've ever seen anyone in IT not change a default password. It's almost like a rite of passage when a device comes in to make it "ours". Same at home.

      If it's sitting on default, I don't trust it and even when it's not, I still think it's an IoT piece of junk usually.

      1. Doctor Syntax Silver badge

        Re: This is a controversial opinion, no doubt, but....

        In fact I don't recall a regular Linux or other Unix installation process* that attempted to set a default root password. It's a feature of pre-built images which are used on IoT gadgets.

        * Pi distros are something of an exception being based on regular distros such as Debian but are pre-built images. Although the default password should be changed - and a non-root ID set up - ASAP but if that isn't done and the OS got banjaxed by something like this the device itself isn't affected, the SD card can be reloaded. Too bad about any user data on it, however.

        1. Deryk Barker

          Re: This is a controversial opinion, no doubt, but....

          You beat me to it. I've installed/tried out many linux distros since I started using the OS in 1993, but not once have I had a default root password set up. Indeed, many distros disable root logins and use sudo instead.

          So whose unix *does* have default root passwords?

      2. NetBlackOps
        Unhappy

        Re: This is a controversial opinion, no doubt, but....

        On the contrary, I've seen a lot of IT where default passwords were the norm. That's with 48 years experience and has only increased as the years have gone by, not decreased.

        1. Anonymous Coward
          Anonymous Coward

          Re: This is a controversial opinion, no doubt, but....

          I worked somewhere awhile back, where not only did they use the same password for EVERYTHING, they also gave it to users as their initial password! So not only did everyone know it, people would say it's "____" password. Glad I'm no longer there.

  4. rmason

    SO...

    While there are many things I could comment on here, I'm afraid I cant get past the fact the guy is called Larry Cashdollar.

    Larry. Cashdollar.

    1. lglethal Silver badge
      Joke

      Re: SO...

      If he has a daughter, I hope he names her Penny...

    2. mics39
      Trollface

      Re: SO...

      He doesn’t take credit?

    3. SonOfDilbert

      Re: SO...

      Personally, I think it's a sterling name.

  5. I ain't Spartacus Gold badge
    Unhappy

    Trump is going to be so angry!

    He's got US Cyber Command. The Iranians have got Supreme Cyberspace Center!

    Supreme is so much better!

    Admittedly Centre is a bit weak compared to Command. I mean my town has a Dennis's Kebab Centre (top name chaps), and thinking about it, how much better would that sound it it was Dennis's Kebab Command?

    But clearly Trump needs to act here.

    I suggest US Cyber Finish Quantum Ultimate Command.

    Although you can still beat even that, as Finish now have a Quantum Ultimate box with New Improved written on it. It must be great to improve on ultimate...

    1. Ugotta B. Kiddingme
      Joke

      Re: Trump is going to be so angry!

      you forgot "times infinity!" just to be absolutely certain...

      1. Jamie Jones Silver badge

        Re: Trump is going to be so angry!

        plus 1, no returnies!

    2. Anonymous Coward
      Anonymous Coward

      Re: Trump is going to be so angry!

      Ultimate Supreme Hyper Cyber Force!

      1. F Seiler

        Re: Trump is going to be so angry!

        Now that sounds more like an ova anime from the eighties

    3. Anonymous Coward
      Anonymous Coward

      Re: Trump is going to be so angry!

      Dumpy pants is always angry. Perhaps that's why he looks orange? Either way, SEND HIM BACK!!!

  6. Nick Kew

    Commodity malware is an attractive option for nation-state threat actors ...

    That's kind-of the opposite to your report this morning (or was it yesterday) about China spying on lots of companies. And indeed the one a day or two earlier where a US security firm said "looks like [chinese group] but could also be false flag" about spyware lurking in telcos.

    I guess the line is whatever fits the story. And to be fair, there's no inherent reason they should be consistent.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like