Breach follows joint DDoS attack with botmaster The Jester in retaliation for North Korea's declaration of war against South Korea.

Mathew J. Schwartz, Contributor

April 5, 2013

4 Min Read

Anonymous: 10 Things We Have Learned In 2013

Anonymous: 10 Things We Have Learned In 2013


Anonymous: 10 Things We Have Learned In 2013 (click image for larger view and for slideshow)

Twitter and Flickr accounts run by the government of North Korea were seized and defaced Thursday by elements of the Anonymous hacktivist collective.

The North Korea Twitter feed, which normally includes Korean-language posts, Thursday saw five English-language tweets posted, referring to a number of North Korean websites that were reportedly "hacked." The photograph on the Twitter feed was replaced with an image of two monochrome figures in Anonymous masks dancing a tango, together with the hacktivist catchphrase "Tango Down" in red letters.

The North Korean Flickr feed, meanwhile, was defaced Thursday to include a $1 million "wanted poster" containing a caricature of Kim Jong-un, depicting him with pig ears and nose, and a Mickey Mouse tattoo on his stomach. The poster labeled him as a "nuke nuke Mickey lover" and accused him of "threatening world peace with ICBMs and nuclear weapons" as well as "the worst human rights violation in the world."

[ Are hackers exercising a constitutional right? Read Anonymous Says DDoS Attacks Like Free Speech. ]

By Friday, the Flickr feed's administrators appeared to have regained control of their account, although the Twitter feed was still displaying the English-language Anonymous posts.

North Korea first established an official Twitter presence in 2010 as part of a social media push that included creating a YouTube account. But experts on North Korea believed that very few people inside North Korea enjoy access to the services, given blocks in place on accessing foreign websites.

The social media seizure campaign was preceded by a data dump, or dox, from Anonymous, accompanied by a Tuesday declaration calling on 30-year-old Kim Jong-un to resign, as well as for "uncensored internet access for all the citizens" and the establishment of "a free direct democracy in North Korea." That data dump was made in response to rising tensions in the Korean peninsula, and North Korea issuing a declaration of war Saturday against South Korea, followed by the Pyongyang regime promising Sunday to quickly restart a nuclear reactor in the country.

"To Kim Jong-un: So you feel the need to create large nukes and threaten half the world with them? So you're into demonstrations of power?, here is ours," read the Anonymous statement, which included a link to alleged sample records -- including usernames, email addresses and hashed passwords -- stolen from the Uriminzokkiri ("Our Nation") website run by North Korea's central news agency. Hosted in China, the site distributes news and propaganda from the Pyongyang regime. Anonymous claimed to have obtained 15,000 user credentials for the site in total.

That dox followed distributed denial of service (DDoS) attacks launched Saturday by South Korean elements of Anonymous, working with the botmaster known as The Jester. "Tango Down -- Air Koryo -- North Korea's official airline. Flight schedules, office locations, a company history," read a related tweet from The Jester (‏@th3j35t3r). Other sites disrupted via DDoS attacks included the official website of the Democratic People's Republic of Korea (North Korea), the government's Committee for Cultural Relations with Foreign Countries (Friend.com.kp) and the Korea Computer Center (Naenara) websites.

The Jester seems to have an on-again, off-again relationship with Anonymous, bringing his botnet to bear on sites he deems worthy of disruption, such as the Westboro Baptist Church or in support of the 2010 Operation Payback attacks against PayPal, MasterCard, and other organizations perceived to be blocking the flow of donations to WikiLeaks.

Under the banner of "OpFreeKorea," Anonymous has announced plans to launch a second wave of doxing and DDoS disruptions against North Korea on April 19, unless their demands are met.

E2 is the only event of its kind, bringing together business and technology leaders looking for new ways to evolve their enterprise applications strategy and achieve business value. Join us June 17-19 for three days of 40+ conference sessions and workshops across eight tracks and discover the latest insights in enterprise social software, big data and analytics, mobility, cloud, SaaS and APIs, UI/U, and more. Register for E2 Conference Boston today!

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights