Attacks/Breaches
4/2/2013
10:24 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Hits North Korea Via DDoS

Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
The Anonymous hacktivist collective announced that it's released sensitive data about -- aka doxed -- the government of North Korea over its threat to restart a nuclear reactor in the country.

The dox was announced in an "Anonymous hits N. Korea" message posted Tuesday to Pastebin, claiming that 15,000 membership records had been stolen from the website of North Korea's Kim Il Sung Open University, which is run from China.

The Pastebin post, which railed against the governments of both North Korea and the United States, demanded that the Pyongyang regime "stop making nukes and nuke-threats" and called for the resignation of the country's 30-year-old ruler, Kim Jong-un.

[ Should DDoS attacks be protected under the First Amendment? Read Anonymous Says DDoS Attacks Like Free Speech. ]

The post included six records supposedly stolen from the Uriminzokkiri website, including names, email addresses and hashed passwords. "Enjoy these few records as a proof of our access to your systems (random innocent citizens, collateral damage, because they were stupid enough to choose idiot passwords), we got all over 15k membership records of www.uriminzokkiri.com and many more," it said. Decrypted password hashes in the post included "123456" and "loveme."

The veracity of the doxed information couldn't be verified. One of the published email addresses, however, was for smart grid product vendor KEPCO KDN, which is part of Korea Electric Power Co. Three of the "example records" contained Korean names, while the other three were Chinese names, according to journalist Martyn Williams, who maintains the North Korea Tech website.

The alleged data dump followed a series of distributed denial-of-service (DDoS) attacks launched Saturday against the official website of the Democratic People's Republic of Korea (North Korea), the government-owned airline Air Koryo, as well as the government's Committee for Cultural Relations with Foreign Countries (Friend.com.kp) and the Korea Computer Center (Naenara) websites.

Those attacks were carried out under the banner of Operation North Korea (OpNorthKorea) by the South Korean branch of Anonymous, and were made in response to increasing threats from Pyongyang that it plans to attack South Korea.

Last month, broadcasters and banks in South Korea were hit by a series of highly targeted "wiper" malware attacks that deleted an estimated 32,000 hard drives. While North Korea is generally the first suspect behind any attack against South Korea, no evidence has been published to track the cyber attacks to Pyongyang.

Still, the rhetoric between the two Korean governments has been heating up. According to a recently released North Korean government statement carried by the official government Korean Central News Agency (KCNA), "the whole country is now throbbing with voices urging the start of a sacred war for national reunification." Meanwhile, North Korea's Central Committee announced Sunday that the country "is a full-fledged nuclear weapons state," and a spokesman for the General Department of Atomic Energy said that a reactor located at Yongbyon will be restarted and that the "work will be put into practice without delay," according to KCNA.

North Korea has faced United Nations sanctions after conducting a nuclear weapons test in February. But Kim Jong-un said Sunday that the country will no longer use its nuclear program as a bargaining chip. "The enemies are using both blackmail, telling us that we cannot achieve economic development unless we give up nuclear weapons, and appeasement, saying that they will help us live well if we choose a different path," KCNA quoted Kim as saying.

In the face of the increasing tensions, the White House said it's monitoring the situation. "We haven't seen actions to back up the rhetoric," White House spokesman Jay Carney told reporters Monday, reported Reuters.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Apprentice
4/5/2013 | 5:23:38 PM
re: Anonymous Hits North Korea Via DDoS
Of course, the irony is that Anonymous is anything but friendly with the U.S. government.
2duBob
50%
50%
2duBob,
User Rank: Apprentice
4/3/2013 | 7:56:21 PM
re: Anonymous Hits North Korea Via DDoS
Anonymous is poking an angry bear and you can be sure that North Korea considers anonymous as a "tool" of the US. (CIA?) Only time will tell if these types of actions are good or bad... but they are definitely extremely dangerous..
jries921
50%
50%
jries921,
User Rank: Apprentice
4/3/2013 | 2:46:16 AM
re: Anonymous Hits North Korea Via DDoS
Of course, one of the questions is... Why should North Korea require economic assistance from its supposed enemies; especially when it claims to have a superior economic system, and has for the last 60 years preached national self-reliance?

I'm hoping this is all bluff, but if North Korea breaks the armistice, then the war should not end until the North Koreans surrender, the Korean Communist Party is dissolved, and its senior leaders are all either dead or in custody.

Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/3/2013 | 2:28:32 AM
re: Anonymous Hits North Korea Via DDoS
Get your popcorn ready - I was hoping that this day would come. Anonymous vs. DPRK (and possibly the PRC)... of course, the goading of the US at this point doesn't help.

Going a little afield from the story, it doesn't take a computer scientist to figure out that if a stealth bomber can reach operational theaters in Iraq and Afghanistan while based solely within the Continental United States, it wouldn't take much of a leap to assume that they can also reach North Korea.

It's also somewhat comforting to see that users in North Korea generally aren't smarter than those in the United States with respect to their password choices. I guess bad security practices know no boundaries...

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.