Attacks/Breaches
4/5/2013
10:36 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Seizes North Korean Twitter, Flickr Feeds

Breach follows joint DDoS attack with botmaster The Jester in retaliation for North Korea's declaration of war against South Korea.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Twitter and Flickr accounts run by the government of North Korea were seized and defaced Thursday by elements of the Anonymous hacktivist collective.

The North Korea Twitter feed, which normally includes Korean-language posts, Thursday saw five English-language tweets posted, referring to a number of North Korean websites that were reportedly "hacked." The photograph on the Twitter feed was replaced with an image of two monochrome figures in Anonymous masks dancing a tango, together with the hacktivist catchphrase "Tango Down" in red letters.

The North Korean Flickr feed, meanwhile, was defaced Thursday to include a $1 million "wanted poster" containing a caricature of Kim Jong-un, depicting him with pig ears and nose, and a Mickey Mouse tattoo on his stomach. The poster labeled him as a "nuke nuke Mickey lover" and accused him of "threatening world peace with ICBMs and nuclear weapons" as well as "the worst human rights violation in the world."

[ Are hackers exercising a constitutional right? Read Anonymous Says DDoS Attacks Like Free Speech. ]

By Friday, the Flickr feed's administrators appeared to have regained control of their account, although the Twitter feed was still displaying the English-language Anonymous posts.

North Korea first established an official Twitter presence in 2010 as part of a social media push that included creating a YouTube account. But experts on North Korea believed that very few people inside North Korea enjoy access to the services, given blocks in place on accessing foreign websites.

The social media seizure campaign was preceded by a data dump, or dox, from Anonymous, accompanied by a Tuesday declaration calling on 30-year-old Kim Jong-un to resign, as well as for "uncensored internet access for all the citizens" and the establishment of "a free direct democracy in North Korea." That data dump was made in response to rising tensions in the Korean peninsula, and North Korea issuing a declaration of war Saturday against South Korea, followed by the Pyongyang regime promising Sunday to quickly restart a nuclear reactor in the country.

"To Kim Jong-un: So you feel the need to create large nukes and threaten half the world with them? So you're into demonstrations of power?, here is ours," read the Anonymous statement, which included a link to alleged sample records -- including usernames, email addresses and hashed passwords -- stolen from the Uriminzokkiri ("Our Nation") website run by North Korea's central news agency. Hosted in China, the site distributes news and propaganda from the Pyongyang regime. Anonymous claimed to have obtained 15,000 user credentials for the site in total.

That dox followed distributed denial of service (DDoS) attacks launched Saturday by South Korean elements of Anonymous, working with the botmaster known as The Jester. "Tango Down -- Air Koryo -- North Korea's official airline. Flight schedules, office locations, a company history," read a related tweet from The Jester (‏@th3j35t3r). Other sites disrupted via DDoS attacks included the official website of the Democratic People's Republic of Korea (North Korea), the government's Committee for Cultural Relations with Foreign Countries (Friend.com.kp) and the Korea Computer Center (Naenara) websites.

The Jester seems to have an on-again, off-again relationship with Anonymous, bringing his botnet to bear on sites he deems worthy of disruption, such as the Westboro Baptist Church or in support of the 2010 Operation Payback attacks against PayPal, MasterCard, and other organizations perceived to be blocking the flow of donations to WikiLeaks.

Under the banner of "OpFreeKorea," Anonymous has announced plans to launch a second wave of doxing and DDoS disruptions against North Korea on April 19, unless their demands are met.

E2 is the only event of its kind, bringing together business and technology leaders looking for new ways to evolve their enterprise applications strategy and achieve business value. Join us June 17-19 for three days of 40+ conference sessions and workshops across eight tracks and discover the latest insights in enterprise social software, big data and analytics, mobility, cloud, SaaS and APIs, UI/U, and more. Register for E2 Conference Boston today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/22/2013 | 2:39:04 AM
re: Anonymous Seizes North Korean Twitter, Flickr Feeds
I love that someone is putting the North Korea government in check. I would have loved to see the faces of the IT guys scrambling to regain control of their Twitter feeds. In all seriousness, Anonymous doe have a valid point here and it seems to be the only way to get that across and have a direct reaction forum North Korea. I guess there is a downside to trying to control a countries Internet privileges that it leaves the whole system that controls that open for attacks as well.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3345
Published: 2014-08-28
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

CVE-2014-3347
Published: 2014-08-28
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid s...

CVE-2014-4199
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVE-2014-4200
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.