10:24 AM
Connect Directly

Anonymous Hits North Korea Via DDoS

Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
The Anonymous hacktivist collective announced that it's released sensitive data about -- aka doxed -- the government of North Korea over its threat to restart a nuclear reactor in the country.

The dox was announced in an "Anonymous hits N. Korea" message posted Tuesday to Pastebin, claiming that 15,000 membership records had been stolen from the website of North Korea's Kim Il Sung Open University, which is run from China.

The Pastebin post, which railed against the governments of both North Korea and the United States, demanded that the Pyongyang regime "stop making nukes and nuke-threats" and called for the resignation of the country's 30-year-old ruler, Kim Jong-un.

[ Should DDoS attacks be protected under the First Amendment? Read Anonymous Says DDoS Attacks Like Free Speech. ]

The post included six records supposedly stolen from the Uriminzokkiri website, including names, email addresses and hashed passwords. "Enjoy these few records as a proof of our access to your systems (random innocent citizens, collateral damage, because they were stupid enough to choose idiot passwords), we got all over 15k membership records of and many more," it said. Decrypted password hashes in the post included "123456" and "loveme."

The veracity of the doxed information couldn't be verified. One of the published email addresses, however, was for smart grid product vendor KEPCO KDN, which is part of Korea Electric Power Co. Three of the "example records" contained Korean names, while the other three were Chinese names, according to journalist Martyn Williams, who maintains the North Korea Tech website.

The alleged data dump followed a series of distributed denial-of-service (DDoS) attacks launched Saturday against the official website of the Democratic People's Republic of Korea (North Korea), the government-owned airline Air Koryo, as well as the government's Committee for Cultural Relations with Foreign Countries ( and the Korea Computer Center (Naenara) websites.

Those attacks were carried out under the banner of Operation North Korea (OpNorthKorea) by the South Korean branch of Anonymous, and were made in response to increasing threats from Pyongyang that it plans to attack South Korea.

Last month, broadcasters and banks in South Korea were hit by a series of highly targeted "wiper" malware attacks that deleted an estimated 32,000 hard drives. While North Korea is generally the first suspect behind any attack against South Korea, no evidence has been published to track the cyber attacks to Pyongyang.

Still, the rhetoric between the two Korean governments has been heating up. According to a recently released North Korean government statement carried by the official government Korean Central News Agency (KCNA), "the whole country is now throbbing with voices urging the start of a sacred war for national reunification." Meanwhile, North Korea's Central Committee announced Sunday that the country "is a full-fledged nuclear weapons state," and a spokesman for the General Department of Atomic Energy said that a reactor located at Yongbyon will be restarted and that the "work will be put into practice without delay," according to KCNA.

North Korea has faced United Nations sanctions after conducting a nuclear weapons test in February. But Kim Jong-un said Sunday that the country will no longer use its nuclear program as a bargaining chip. "The enemies are using both blackmail, telling us that we cannot achieve economic development unless we give up nuclear weapons, and appeasement, saying that they will help us live well if we choose a different path," KCNA quoted Kim as saying.

In the face of the increasing tensions, the White House said it's monitoring the situation. "We haven't seen actions to back up the rhetoric," White House spokesman Jay Carney told reporters Monday, reported Reuters.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/5/2013 | 5:23:38 PM
re: Anonymous Hits North Korea Via DDoS
Of course, the irony is that Anonymous is anything but friendly with the U.S. government.
User Rank: Apprentice
4/3/2013 | 7:56:21 PM
re: Anonymous Hits North Korea Via DDoS
Anonymous is poking an angry bear and you can be sure that North Korea considers anonymous as a "tool" of the US. (CIA?) Only time will tell if these types of actions are good or bad... but they are definitely extremely dangerous..
User Rank: Apprentice
4/3/2013 | 2:46:16 AM
re: Anonymous Hits North Korea Via DDoS
Of course, one of the questions is... Why should North Korea require economic assistance from its supposed enemies; especially when it claims to have a superior economic system, and has for the last 60 years preached national self-reliance?

I'm hoping this is all bluff, but if North Korea breaks the armistice, then the war should not end until the North Koreans surrender, the Korean Communist Party is dissolved, and its senior leaders are all either dead or in custody.

Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
4/3/2013 | 2:28:32 AM
re: Anonymous Hits North Korea Via DDoS
Get your popcorn ready - I was hoping that this day would come. Anonymous vs. DPRK (and possibly the PRC)... of course, the goading of the US at this point doesn't help.

Going a little afield from the story, it doesn't take a computer scientist to figure out that if a stealth bomber can reach operational theaters in Iraq and Afghanistan while based solely within the Continental United States, it wouldn't take much of a leap to assume that they can also reach North Korea.

It's also somewhat comforting to see that users in North Korea generally aren't smarter than those in the United States with respect to their password choices. I guess bad security practices know no boundaries...

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-09-30 in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Published: 2014-09-30
The sandbox whitelisting function ( in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

Published: 2014-09-30 in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.