Ongoing Meow attack has nuked >1,000 databases without telling anyone why:
More than 1,000 unsecured databases so far have been permanently deleted in an ongoing attack that leaves the word "meow" as its only calling card, according to Internet searches over the past day.
The attack first came to the attention of researcher Bob Diachenko on Tuesday, when he discovered a database that stored user details of the UFO VPN had been destroyed. UFO VPN had already been in the news that day because the world-readable database exposed a wealth of sensitive user information[...]
[...] Besides amounting to a serious privacy breach, the database was at odds with the Hong Kong-based UFO's promise to keep no logs. The VPN provider responded by moving the database to a different location but once again failed to secure it properly. Shortly after, the Meow attack wiped it out.
Since then, Meow and a similar attack have destroyed more than 1,000 other databases. At the time this post went live, the Shodan computer search site showed that 987 ElasticSearch and 70 MongoDB instances had been nuked by Meow. A separate, less-malicious attack tagged an additional 616 ElasticSearch, MongoDB, and Cassandra files with the string "university_cybersec_experiment." That attackers in this case seem to be demonstrating to the database maintainers that the files are vulnerable to being viewed or deleted.
[...] In other cases—including the current Meow attacks—the data is simply wiped out with no ransomware note or any other explanation. The only thing left behind in the current attacks in the word "meow."
(Score: 0) by Anonymous Coward on Thursday July 23 2020, @08:46PM (9 children)
meow
(Score: 3, Funny) by Thexalon on Thursday July 23 2020, @09:21PM
Meow what is so damned funny? You stop laughing right meow!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 4, Funny) by driverless on Thursday July 23 2020, @09:52PM (7 children)
Oh for fscks sake is there no-one who owns a cat here? Whenever any random unexplained act of destruction, or occasionally a pile of barf, occurs in the house, the cause is most likely "meow". So this is a cat going round sharpening its claws on various open databases.
(Score: 4, Funny) by leon_the_cat on Friday July 24 2020, @06:13AM (2 children)
Right its always the cats fault never the humans. Like the human though he wanted a cat but more like the idea of a cat or even an ideal cat. He wanted it like he wanted a new pair of trainers or a painting he saw online. Of course this leads to unstimulated and unconnected cats who may in very rare and extreme cases resort to database abuse. But the name here is a dead giveaway, as were it perpetrated by cats it would be known as "Woof Attack" and we can deduce that this is the work of dogs.
#CLM
(Score: 2) by RS3 on Friday July 24 2020, @02:25PM
Oink oink?
(Score: 0) by Anonymous Coward on Friday July 24 2020, @07:11PM
That's just what the cats would like you to believe.
(Score: 2) by TrentDavey on Friday July 24 2020, @06:25PM (3 children)
There is nothing that will get you moving faster than that unmistakable sound of the cat starting its throwing-up/wretching/dry-heaves sound it makes just before it delivers its gastronomic payload to the carpet. It will wake you from a sleep-of-the-dead/hangover rest and get you scooping/kicking Missy to the door as if someone lit a firecracker up your ass.
(Score: 0) by Anonymous Coward on Friday July 24 2020, @08:36PM
Have you ever noticed how they will always position themselves over there most stainable surface, and actively avoid using any towels you may place in front of them?
(Score: 2) by driverless on Sunday July 26 2020, @07:21AM
And then you get a trail of cat projectile vomit from where Missy started all the way over to the door.
Mind you not as bad as my cousin who offered to babysit my other cousin's kitten, which was ejecting stuff from the other end...
(Score: 2) by Joe Desertrat on Sunday July 26 2020, @02:09PM
How about the same sound on a bed? Nothing better to stimulate a cat barfing than fresh sheets...
(Score: 1, Insightful) by Anonymous Coward on Thursday July 23 2020, @08:53PM (10 children)
I know it's hard for millennials to do anything that isn't encapsulated in a Ruby gem, but backup and replicate.
(Score: 0) by Anonymous Coward on Thursday July 23 2020, @09:02PM (1 child)
Like rule 34, there's a gem for that: https://github.com/backup/backup [github.com]
(Score: 1, Funny) by Anonymous Coward on Thursday July 23 2020, @09:40PM
Gee, I ran your backup program and now every database field is filled with the word "meow".
(Score: 5, Insightful) by looorg on Thursday July 23 2020, @09:04PM
Backups are for old white men, young data live on as a cloud of collective feelings.
(Score: 2) by sjames on Thursday July 23 2020, @10:07PM (5 children)
Restricting modification privileges to authenticated accounts might also be a good idea.
(Score: 3, Insightful) by PartTimeZombie on Thursday July 23 2020, @10:29PM (4 children)
That is a good idea, but this person might be doing a public service.
(Score: 1, Insightful) by Anonymous Coward on Friday July 24 2020, @12:18AM
As sad as it is, this is the only way some people will ever learn, and others never will. Thinning the herd makes it stronger.
(Score: 0) by Anonymous Coward on Friday July 24 2020, @08:29AM
Like this malware is performing a public service?
(Score: 0) by Anonymous Coward on Saturday July 25 2020, @08:20PM
Basically you want them to drink from the poisoned well first, rather than destroying the well completely.
(Score: 2) by sjames on Sunday July 26 2020, @01:44PM
I can't say the world is likely to miss most of those databases, especially the ones the owners claimed they never kepty in the first place...
(Score: 2) by ikanreed on Friday July 24 2020, @02:41AM
It is in a ruby gem [rubygems.org]
(Score: 2) by Runaway1956 on Thursday July 23 2020, @09:50PM (9 children)
Wipe out the NSA's databases. And, the FBI, and CIA, the DOD, and all the rest of the alphabet soup in Washington.
(Score: 4, Insightful) by Mojibake Tengu on Thursday July 23 2020, @10:03PM (6 children)
You cannot wipe theirs every now and then.
It is much more effective to continuously feed their probes with irrelevant data, which they themselves put into their funny databases.
Adds costs to data ownership.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by Thexalon on Friday July 24 2020, @03:20AM (4 children)
So you've just changed which line-item in the vast classified budget of the organizations running the government database gets slightly more money? That doesn't help, say, an agent using the data illegally to track down their ex.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 1) by khallow on Friday July 24 2020, @05:15AM
(Score: 2) by Mojibake Tengu on Friday July 24 2020, @06:34PM (1 child)
Costs is not about money at all.
Storage, backup, seek, even just a mark as irrelevant and dismissal, every operation with particular information consumes real resources.
As real, as energy, time, space, material and real people is real.
While you can throw an inductively infinite amount of artificially created money on any government project, you never have an infinite amount of real resources.
A curse of growth. Ask
CIAGoogle why they had to bury a G+.That's the meaning of costs I had on my mind.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 0) by Anonymous Coward on Friday July 24 2020, @08:41PM
Taxpayers will cover that.
(Score: 2) by Azuma Hazuki on Saturday July 25 2020, @12:44AM
Oh, I don't know :) Done correctly, hard enough, and randomly enough that it can't be algorithm'd around, Bayesian Poisoning (the proper name for this sort of thing) could be very effective indeed. If the Alphabet Soup Brigade wants to slurp our data, by all means, crank that firehose on full force until they explode.
I am "that girl" your mother warned you about...
(Score: 2) by Bot on Sunday July 26 2020, @09:28AM
>feed their probes with irrelevant data
so, facebook IS an useful site, after all.
Account abandoned.
(Score: 2) by EJ on Thursday July 23 2020, @10:03PM (1 child)
They're only wiping out the databases of stupid people who deserve it.
(Score: 2) by DECbot on Friday July 24 2020, @04:28PM
According to your argument, the three letter agencies should already had their databases wiped; unless you are arguing that maintaining government databases provides them with qualified immunity. (Alright, yes the DBAs that operate the database may be brilliant and competent admins, but if those databases were managed by the political sock-puppet appointees that speak for those organizations.... you know, the same ones that want to mandate backdoors in crypto...)
cats~$ sudo chown -R us /home/base
(Score: 5, Interesting) by Opportunist on Thursday July 23 2020, @10:52PM (3 children)
It is an automated attack that nukes insecure databases so they cannot be used by ransomware extortionists, thus undercutting their business model and cutting criminals off from a source of income.
Care to point out why I should not like that?
(Score: 4, Funny) by Anonymous Coward on Thursday July 23 2020, @11:08PM (1 child)
Will they stop if the ransomware guys pay them enough?
(Score: 2) by Opportunist on Friday July 24 2020, @11:08AM
The beating will continue until morale improves.
(Score: 2) by VLM on Friday July 24 2020, @10:25PM
Its bad because it evolves them smarter.
Its trivial to set up mongo on AWS to periodically dump into S3. Then some idiot will just set up his S3 as world readable and attackers will get the whole thing not just access.
In the long run you're better off having dumb sheep being really dumb so as to work around them the easiest. Sheep that are too smart are going to be a PITA for everyone.
The bad part is unqualified people storing evil data for evil purposes, not that one evil person rips off another evil person. We're all better off with them outta business not slightly safer and in business but still evil/dumb/both.
(Score: 1) by Zinnia Zirconium on Thursday July 23 2020, @11:58PM (1 child)
I guess remote code execution could truncate an SQLite file.
Bobby Tables, send your best cat.
(Score: 0) by Anonymous Coward on Friday July 24 2020, @12:20AM
SQLite has no network code, but that says nothing about whatever unsecured, insecure, internet visible program might be using it.
(Score: 2) by maxwell demon on Friday July 24 2020, @10:04AM
You knew it had to happen some time. I mean, the cats already domesticated the humans to act as their servants, but now the next level of their world domination plan has started.
The Tao of math: The numbers you can count are not the real numbers.