09:46 AM

Anonymous-Linked Hacker Claims North Korea Win

Botmaster "The Jester," whose DDoS attacks have targeted Westboro Baptist Church, PayPal and Mastercard, calls "tango down" on Pyongyang's new, third Internet connection.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
A botmaster who's launched distributed denial of service (DDoS) attacks against Westboro Baptist Church, as well as PayPal and MasterCard, this week announced new attacks against the Democratic People's Republic of Korea (DPRK), aka North Korea.

"'TANGO DOWN' -- Border Gateway Protocol CISCO IOS -- #DPRK," read a tweet from The Jester, aka "th3j35t3r." The hacktivist catchphrase tango down is army slang for "target down."

The Wednesday tweet linked to a "what it was" screenshot showing information for the disrupted IP address, which is listed as being a Cisco IOS router registered to the DPRK that first came online March 30. The tweet also included a "why" link pointing to a Tuesday report on the North Korea Tech website about how North Korea recently added a third Internet connection to the country.

"The connection links just one of the DPRK's four blocks of Internet addresses," said journalist Martyn Williams, who maintains the North Korea Tech website. "The block in question isn't the one that hosts North Korea's handful of Web servers -- the ones that came under denial of service attack in the last few days. But it does host some computers, including an Internet gateway that serves as one of the ways traffic from inside North Korea gets to the rest of the Internet."

[ Congress has it wrong. Laws Can't Save Banks From DDoS Attacks. ]

The Jester's apparent takedown of North Korea's third Internet backbone followed DDoS attacks he'd launched against North Korea's official Air Koryo airline, as well as the government-run DPRK, Committee for Cultural Relations with Foreign Countries ( and Korea Computer Center (Naenara) websites.

The Jester is a self-described U.S. military veteran of Afghanistan now turned "hacktivist for good" who's dedicated to "obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys."

In December 2012, The Jester -- apparently in coordination with hacker "Cosmo The God" as well as the Anonymous hacktivist collective -- targeted Westboro Baptist Church, a controversial group which self-identifies as a church. After Westboro threatened to protest the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn., The Jester reported using DDoS attacks to disrupt approximately 10 of 19 different sites operated by the group.

Previously, The Jester had participated in the Operation Payback attacks against PayPal and MasterCard, and other sites perceived to be interrupting the flow of donations to WikiLeaks. While Anonymous had urged followers of Operation Payback to download a DDoS tool known as Low Orbit Ion Cannon (LOIC) and target offending sites, the sites were reportedly knocked offline only after The Jester brought his botnet to bear. Subsequently, investigators traced back and arrested numerous LOIC users.

Despite the occasional collaboration with Anonymous, The Jester appears to have an on-again, off-again relationship with the hacktivist collective. "To #Anonymous: You're all for 'free speech' right? But only when it's your opinion, you deny others 'free speech' w/ your attacks," read a tweet posted Thursday by The Jester.

Even so, both the Jester and Anonymous have recently been targeting North Korea -- The Jester using DDoS attacks, and Anonymous recently taking over and defacing Pyongyang's Twitter and Flickr accounts -- in collective protest against increasing provocations by the Pyongyang regime. Those provocations include conducting nuclear weapon tests, issuing an official declaration of war against South Korea, warning that foreigners should flee the country, as well as repositioning a medium-range missile launcher to put it within range of not only South Korea and Japan, but also Guam.

Thursday, South Korean government officials announced that a hacker's error allowed them to trace the March 20 wiper-malware attacks against multiple banks and broadcasters to an IP address (175.45.178.xx) tied to North Korea's capital, Pyongyang. Since June 2012, that IP address had been used 13 different times to access the systems ultimately targeted in the March 20 attacks.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Joey Ortega
Joey Ortega,
User Rank: Apprentice
4/25/2013 | 6:41:41 PM
re: Anonymous-Linked Hacker Claims North Korea Win
Jester or a troll? You decide. Starts at 95:15

Turned it into this lol :)
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio