Attacks/Breaches
4/12/2013
09:46 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous-Linked Hacker Claims North Korea Win

Botmaster "The Jester," whose DDoS attacks have targeted Westboro Baptist Church, PayPal and Mastercard, calls "tango down" on Pyongyang's new, third Internet connection.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
A botmaster who's launched distributed denial of service (DDoS) attacks against Westboro Baptist Church, as well as PayPal and MasterCard, this week announced new attacks against the Democratic People's Republic of Korea (DPRK), aka North Korea.

"'TANGO DOWN' -- Border Gateway Protocol CISCO IOS -- #DPRK," read a tweet from The Jester, aka "th3j35t3r." The hacktivist catchphrase tango down is army slang for "target down."

The Wednesday tweet linked to a "what it was" screenshot showing information for the disrupted 175.45.177.211 IP address, which is listed as being a Cisco IOS router registered to the DPRK that first came online March 30. The tweet also included a "why" link pointing to a Tuesday report on the North Korea Tech website about how North Korea recently added a third Internet connection to the country.

"The connection links just one of the DPRK's four blocks of Internet addresses," said journalist Martyn Williams, who maintains the North Korea Tech website. "The block in question isn't the one that hosts North Korea's handful of Web servers -- the ones that came under denial of service attack in the last few days. But it does host some computers, including an Internet gateway that serves as one of the ways traffic from inside North Korea gets to the rest of the Internet."

[ Congress has it wrong. Laws Can't Save Banks From DDoS Attacks. ]

The Jester's apparent takedown of North Korea's third Internet backbone followed DDoS attacks he'd launched against North Korea's official Air Koryo airline, as well as the government-run DPRK, Committee for Cultural Relations with Foreign Countries (Friend.com.kp) and Korea Computer Center (Naenara) websites.

The Jester is a self-described U.S. military veteran of Afghanistan now turned "hacktivist for good" who's dedicated to "obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys."

In December 2012, The Jester -- apparently in coordination with hacker "Cosmo The God" as well as the Anonymous hacktivist collective -- targeted Westboro Baptist Church, a controversial group which self-identifies as a church. After Westboro threatened to protest the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn., The Jester reported using DDoS attacks to disrupt approximately 10 of 19 different sites operated by the group.

Previously, The Jester had participated in the Operation Payback attacks against PayPal and MasterCard, and other sites perceived to be interrupting the flow of donations to WikiLeaks. While Anonymous had urged followers of Operation Payback to download a DDoS tool known as Low Orbit Ion Cannon (LOIC) and target offending sites, the sites were reportedly knocked offline only after The Jester brought his botnet to bear. Subsequently, investigators traced back and arrested numerous LOIC users.

Despite the occasional collaboration with Anonymous, The Jester appears to have an on-again, off-again relationship with the hacktivist collective. "To #Anonymous: You're all for 'free speech' right? But only when it's your opinion, you deny others 'free speech' w/ your attacks," read a tweet posted Thursday by The Jester.

Even so, both the Jester and Anonymous have recently been targeting North Korea -- The Jester using DDoS attacks, and Anonymous recently taking over and defacing Pyongyang's Twitter and Flickr accounts -- in collective protest against increasing provocations by the Pyongyang regime. Those provocations include conducting nuclear weapon tests, issuing an official declaration of war against South Korea, warning that foreigners should flee the country, as well as repositioning a medium-range missile launcher to put it within range of not only South Korea and Japan, but also Guam.

Thursday, South Korean government officials announced that a hacker's error allowed them to trace the March 20 wiper-malware attacks against multiple banks and broadcasters to an IP address (175.45.178.xx) tied to North Korea's capital, Pyongyang. Since June 2012, that IP address had been used 13 different times to access the systems ultimately targeted in the March 20 attacks.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joey Ortega
50%
50%
Joey Ortega,
User Rank: Apprentice
4/25/2013 | 6:41:41 PM
re: Anonymous-Linked Hacker Claims North Korea Win
Jester or a troll? You decide. Starts at 95:15 http://www.blogtalkradio.com/b...

Turned it into this lol :) https://itunes.apple.com/us/al...
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.