Attacks/Breaches
4/5/2013
10:36 AM
50%
50%

Anonymous Seizes North Korean Twitter, Flickr Feeds

Breach follows joint DDoS attack with botmaster The Jester in retaliation for North Korea's declaration of war against South Korea.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Twitter and Flickr accounts run by the government of North Korea were seized and defaced Thursday by elements of the Anonymous hacktivist collective.

The North Korea Twitter feed, which normally includes Korean-language posts, Thursday saw five English-language tweets posted, referring to a number of North Korean websites that were reportedly "hacked." The photograph on the Twitter feed was replaced with an image of two monochrome figures in Anonymous masks dancing a tango, together with the hacktivist catchphrase "Tango Down" in red letters.

The North Korean Flickr feed, meanwhile, was defaced Thursday to include a $1 million "wanted poster" containing a caricature of Kim Jong-un, depicting him with pig ears and nose, and a Mickey Mouse tattoo on his stomach. The poster labeled him as a "nuke nuke Mickey lover" and accused him of "threatening world peace with ICBMs and nuclear weapons" as well as "the worst human rights violation in the world."

[ Are hackers exercising a constitutional right? Read Anonymous Says DDoS Attacks Like Free Speech. ]

By Friday, the Flickr feed's administrators appeared to have regained control of their account, although the Twitter feed was still displaying the English-language Anonymous posts.

North Korea first established an official Twitter presence in 2010 as part of a social media push that included creating a YouTube account. But experts on North Korea believed that very few people inside North Korea enjoy access to the services, given blocks in place on accessing foreign websites.

The social media seizure campaign was preceded by a data dump, or dox, from Anonymous, accompanied by a Tuesday declaration calling on 30-year-old Kim Jong-un to resign, as well as for "uncensored internet access for all the citizens" and the establishment of "a free direct democracy in North Korea." That data dump was made in response to rising tensions in the Korean peninsula, and North Korea issuing a declaration of war Saturday against South Korea, followed by the Pyongyang regime promising Sunday to quickly restart a nuclear reactor in the country.

"To Kim Jong-un: So you feel the need to create large nukes and threaten half the world with them? So you're into demonstrations of power?, here is ours," read the Anonymous statement, which included a link to alleged sample records -- including usernames, email addresses and hashed passwords -- stolen from the Uriminzokkiri ("Our Nation") website run by North Korea's central news agency. Hosted in China, the site distributes news and propaganda from the Pyongyang regime. Anonymous claimed to have obtained 15,000 user credentials for the site in total.

That dox followed distributed denial of service (DDoS) attacks launched Saturday by South Korean elements of Anonymous, working with the botmaster known as The Jester. "Tango Down -- Air Koryo -- North Korea's official airline. Flight schedules, office locations, a company history," read a related tweet from The Jester (‏@th3j35t3r). Other sites disrupted via DDoS attacks included the official website of the Democratic People's Republic of Korea (North Korea), the government's Committee for Cultural Relations with Foreign Countries (Friend.com.kp) and the Korea Computer Center (Naenara) websites.

The Jester seems to have an on-again, off-again relationship with Anonymous, bringing his botnet to bear on sites he deems worthy of disruption, such as the Westboro Baptist Church or in support of the 2010 Operation Payback attacks against PayPal, MasterCard, and other organizations perceived to be blocking the flow of donations to WikiLeaks.

Under the banner of "OpFreeKorea," Anonymous has announced plans to launch a second wave of doxing and DDoS disruptions against North Korea on April 19, unless their demands are met.

E2 is the only event of its kind, bringing together business and technology leaders looking for new ways to evolve their enterprise applications strategy and achieve business value. Join us June 17-19 for three days of 40+ conference sessions and workshops across eight tracks and discover the latest insights in enterprise social software, big data and analytics, mobility, cloud, SaaS and APIs, UI/U, and more. Register for E2 Conference Boston today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/22/2013 | 2:39:04 AM
re: Anonymous Seizes North Korean Twitter, Flickr Feeds
I love that someone is putting the North Korea government in check. I would have loved to see the faces of the IT guys scrambling to regain control of their Twitter feeds. In all seriousness, Anonymous doe have a valid point here and it seems to be the only way to get that across and have a direct reaction forum North Korea. I guess there is a downside to trying to control a countries Internet privileges that it leaves the whole system that controls that open for attacks as well.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report