10:24 AM
Connect Directly

Anonymous Hits North Korea Via DDoS

Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
The Anonymous hacktivist collective announced that it's released sensitive data about -- aka doxed -- the government of North Korea over its threat to restart a nuclear reactor in the country.

The dox was announced in an "Anonymous hits N. Korea" message posted Tuesday to Pastebin, claiming that 15,000 membership records had been stolen from the website of North Korea's Kim Il Sung Open University, which is run from China.

The Pastebin post, which railed against the governments of both North Korea and the United States, demanded that the Pyongyang regime "stop making nukes and nuke-threats" and called for the resignation of the country's 30-year-old ruler, Kim Jong-un.

[ Should DDoS attacks be protected under the First Amendment? Read Anonymous Says DDoS Attacks Like Free Speech. ]

The post included six records supposedly stolen from the Uriminzokkiri website, including names, email addresses and hashed passwords. "Enjoy these few records as a proof of our access to your systems (random innocent citizens, collateral damage, because they were stupid enough to choose idiot passwords), we got all over 15k membership records of and many more," it said. Decrypted password hashes in the post included "123456" and "loveme."

The veracity of the doxed information couldn't be verified. One of the published email addresses, however, was for smart grid product vendor KEPCO KDN, which is part of Korea Electric Power Co. Three of the "example records" contained Korean names, while the other three were Chinese names, according to journalist Martyn Williams, who maintains the North Korea Tech website.

The alleged data dump followed a series of distributed denial-of-service (DDoS) attacks launched Saturday against the official website of the Democratic People's Republic of Korea (North Korea), the government-owned airline Air Koryo, as well as the government's Committee for Cultural Relations with Foreign Countries ( and the Korea Computer Center (Naenara) websites.

Those attacks were carried out under the banner of Operation North Korea (OpNorthKorea) by the South Korean branch of Anonymous, and were made in response to increasing threats from Pyongyang that it plans to attack South Korea.

Last month, broadcasters and banks in South Korea were hit by a series of highly targeted "wiper" malware attacks that deleted an estimated 32,000 hard drives. While North Korea is generally the first suspect behind any attack against South Korea, no evidence has been published to track the cyber attacks to Pyongyang.

Still, the rhetoric between the two Korean governments has been heating up. According to a recently released North Korean government statement carried by the official government Korean Central News Agency (KCNA), "the whole country is now throbbing with voices urging the start of a sacred war for national reunification." Meanwhile, North Korea's Central Committee announced Sunday that the country "is a full-fledged nuclear weapons state," and a spokesman for the General Department of Atomic Energy said that a reactor located at Yongbyon will be restarted and that the "work will be put into practice without delay," according to KCNA.

North Korea has faced United Nations sanctions after conducting a nuclear weapons test in February. But Kim Jong-un said Sunday that the country will no longer use its nuclear program as a bargaining chip. "The enemies are using both blackmail, telling us that we cannot achieve economic development unless we give up nuclear weapons, and appeasement, saying that they will help us live well if we choose a different path," KCNA quoted Kim as saying.

In the face of the increasing tensions, the White House said it's monitoring the situation. "We haven't seen actions to back up the rhetoric," White House spokesman Jay Carney told reporters Monday, reported Reuters.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/5/2013 | 5:23:38 PM
re: Anonymous Hits North Korea Via DDoS
Of course, the irony is that Anonymous is anything but friendly with the U.S. government.
User Rank: Apprentice
4/3/2013 | 7:56:21 PM
re: Anonymous Hits North Korea Via DDoS
Anonymous is poking an angry bear and you can be sure that North Korea considers anonymous as a "tool" of the US. (CIA?) Only time will tell if these types of actions are good or bad... but they are definitely extremely dangerous..
User Rank: Apprentice
4/3/2013 | 2:46:16 AM
re: Anonymous Hits North Korea Via DDoS
Of course, one of the questions is... Why should North Korea require economic assistance from its supposed enemies; especially when it claims to have a superior economic system, and has for the last 60 years preached national self-reliance?

I'm hoping this is all bluff, but if North Korea breaks the armistice, then the war should not end until the North Koreans surrender, the Korean Communist Party is dissolved, and its senior leaders are all either dead or in custody.

Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
4/3/2013 | 2:28:32 AM
re: Anonymous Hits North Korea Via DDoS
Get your popcorn ready - I was hoping that this day would come. Anonymous vs. DPRK (and possibly the PRC)... of course, the goading of the US at this point doesn't help.

Going a little afield from the story, it doesn't take a computer scientist to figure out that if a stealth bomber can reach operational theaters in Iraq and Afghanistan while based solely within the Continental United States, it wouldn't take much of a leap to assume that they can also reach North Korea.

It's also somewhat comforting to see that users in North Korea generally aren't smarter than those in the United States with respect to their password choices. I guess bad security practices know no boundaries...

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.