Attacks/Breaches
4/12/2013
09:46 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous-Linked Hacker Claims North Korea Win

Botmaster "The Jester," whose DDoS attacks have targeted Westboro Baptist Church, PayPal and Mastercard, calls "tango down" on Pyongyang's new, third Internet connection.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
A botmaster who's launched distributed denial of service (DDoS) attacks against Westboro Baptist Church, as well as PayPal and MasterCard, this week announced new attacks against the Democratic People's Republic of Korea (DPRK), aka North Korea.

"'TANGO DOWN' -- Border Gateway Protocol CISCO IOS -- #DPRK," read a tweet from The Jester, aka "th3j35t3r." The hacktivist catchphrase tango down is army slang for "target down."

The Wednesday tweet linked to a "what it was" screenshot showing information for the disrupted 175.45.177.211 IP address, which is listed as being a Cisco IOS router registered to the DPRK that first came online March 30. The tweet also included a "why" link pointing to a Tuesday report on the North Korea Tech website about how North Korea recently added a third Internet connection to the country.

"The connection links just one of the DPRK's four blocks of Internet addresses," said journalist Martyn Williams, who maintains the North Korea Tech website. "The block in question isn't the one that hosts North Korea's handful of Web servers -- the ones that came under denial of service attack in the last few days. But it does host some computers, including an Internet gateway that serves as one of the ways traffic from inside North Korea gets to the rest of the Internet."

[ Congress has it wrong. Laws Can't Save Banks From DDoS Attacks. ]

The Jester's apparent takedown of North Korea's third Internet backbone followed DDoS attacks he'd launched against North Korea's official Air Koryo airline, as well as the government-run DPRK, Committee for Cultural Relations with Foreign Countries (Friend.com.kp) and Korea Computer Center (Naenara) websites.

The Jester is a self-described U.S. military veteran of Afghanistan now turned "hacktivist for good" who's dedicated to "obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys."

In December 2012, The Jester -- apparently in coordination with hacker "Cosmo The God" as well as the Anonymous hacktivist collective -- targeted Westboro Baptist Church, a controversial group which self-identifies as a church. After Westboro threatened to protest the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn., The Jester reported using DDoS attacks to disrupt approximately 10 of 19 different sites operated by the group.

Previously, The Jester had participated in the Operation Payback attacks against PayPal and MasterCard, and other sites perceived to be interrupting the flow of donations to WikiLeaks. While Anonymous had urged followers of Operation Payback to download a DDoS tool known as Low Orbit Ion Cannon (LOIC) and target offending sites, the sites were reportedly knocked offline only after The Jester brought his botnet to bear. Subsequently, investigators traced back and arrested numerous LOIC users.

Despite the occasional collaboration with Anonymous, The Jester appears to have an on-again, off-again relationship with the hacktivist collective. "To #Anonymous: You're all for 'free speech' right? But only when it's your opinion, you deny others 'free speech' w/ your attacks," read a tweet posted Thursday by The Jester.

Even so, both the Jester and Anonymous have recently been targeting North Korea -- The Jester using DDoS attacks, and Anonymous recently taking over and defacing Pyongyang's Twitter and Flickr accounts -- in collective protest against increasing provocations by the Pyongyang regime. Those provocations include conducting nuclear weapon tests, issuing an official declaration of war against South Korea, warning that foreigners should flee the country, as well as repositioning a medium-range missile launcher to put it within range of not only South Korea and Japan, but also Guam.

Thursday, South Korean government officials announced that a hacker's error allowed them to trace the March 20 wiper-malware attacks against multiple banks and broadcasters to an IP address (175.45.178.xx) tied to North Korea's capital, Pyongyang. Since June 2012, that IP address had been used 13 different times to access the systems ultimately targeted in the March 20 attacks.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Joey Ortega
50%
50%
Joey Ortega,
User Rank: Apprentice
4/25/2013 | 6:41:41 PM
re: Anonymous-Linked Hacker Claims North Korea Win
Jester or a troll? You decide. Starts at 95:15 http://www.blogtalkradio.com/b...

Turned it into this lol :) https://itunes.apple.com/us/al...
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3345
Published: 2014-08-28
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

CVE-2014-3347
Published: 2014-08-28
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid s...

CVE-2014-4199
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVE-2014-4200
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.