Attacks/Breaches
4/5/2013
10:36 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Seizes North Korean Twitter, Flickr Feeds

Breach follows joint DDoS attack with botmaster The Jester in retaliation for North Korea's declaration of war against South Korea.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Twitter and Flickr accounts run by the government of North Korea were seized and defaced Thursday by elements of the Anonymous hacktivist collective.

The North Korea Twitter feed, which normally includes Korean-language posts, Thursday saw five English-language tweets posted, referring to a number of North Korean websites that were reportedly "hacked." The photograph on the Twitter feed was replaced with an image of two monochrome figures in Anonymous masks dancing a tango, together with the hacktivist catchphrase "Tango Down" in red letters.

The North Korean Flickr feed, meanwhile, was defaced Thursday to include a $1 million "wanted poster" containing a caricature of Kim Jong-un, depicting him with pig ears and nose, and a Mickey Mouse tattoo on his stomach. The poster labeled him as a "nuke nuke Mickey lover" and accused him of "threatening world peace with ICBMs and nuclear weapons" as well as "the worst human rights violation in the world."

[ Are hackers exercising a constitutional right? Read Anonymous Says DDoS Attacks Like Free Speech. ]

By Friday, the Flickr feed's administrators appeared to have regained control of their account, although the Twitter feed was still displaying the English-language Anonymous posts.

North Korea first established an official Twitter presence in 2010 as part of a social media push that included creating a YouTube account. But experts on North Korea believed that very few people inside North Korea enjoy access to the services, given blocks in place on accessing foreign websites.

The social media seizure campaign was preceded by a data dump, or dox, from Anonymous, accompanied by a Tuesday declaration calling on 30-year-old Kim Jong-un to resign, as well as for "uncensored internet access for all the citizens" and the establishment of "a free direct democracy in North Korea." That data dump was made in response to rising tensions in the Korean peninsula, and North Korea issuing a declaration of war Saturday against South Korea, followed by the Pyongyang regime promising Sunday to quickly restart a nuclear reactor in the country.

"To Kim Jong-un: So you feel the need to create large nukes and threaten half the world with them? So you're into demonstrations of power?, here is ours," read the Anonymous statement, which included a link to alleged sample records -- including usernames, email addresses and hashed passwords -- stolen from the Uriminzokkiri ("Our Nation") website run by North Korea's central news agency. Hosted in China, the site distributes news and propaganda from the Pyongyang regime. Anonymous claimed to have obtained 15,000 user credentials for the site in total.

That dox followed distributed denial of service (DDoS) attacks launched Saturday by South Korean elements of Anonymous, working with the botmaster known as The Jester. "Tango Down -- Air Koryo -- North Korea's official airline. Flight schedules, office locations, a company history," read a related tweet from The Jester (‏@th3j35t3r). Other sites disrupted via DDoS attacks included the official website of the Democratic People's Republic of Korea (North Korea), the government's Committee for Cultural Relations with Foreign Countries (Friend.com.kp) and the Korea Computer Center (Naenara) websites.

The Jester seems to have an on-again, off-again relationship with Anonymous, bringing his botnet to bear on sites he deems worthy of disruption, such as the Westboro Baptist Church or in support of the 2010 Operation Payback attacks against PayPal, MasterCard, and other organizations perceived to be blocking the flow of donations to WikiLeaks.

Under the banner of "OpFreeKorea," Anonymous has announced plans to launch a second wave of doxing and DDoS disruptions against North Korea on April 19, unless their demands are met.

E2 is the only event of its kind, bringing together business and technology leaders looking for new ways to evolve their enterprise applications strategy and achieve business value. Join us June 17-19 for three days of 40+ conference sessions and workshops across eight tracks and discover the latest insights in enterprise social software, big data and analytics, mobility, cloud, SaaS and APIs, UI/U, and more. Register for E2 Conference Boston today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/22/2013 | 2:39:04 AM
re: Anonymous Seizes North Korean Twitter, Flickr Feeds
I love that someone is putting the North Korea government in check. I would have loved to see the faces of the IT guys scrambling to regain control of their Twitter feeds. In all seriousness, Anonymous doe have a valid point here and it seems to be the only way to get that across and have a direct reaction forum North Korea. I guess there is a downside to trying to control a countries Internet privileges that it leaves the whole system that controls that open for attacks as well.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.