11:31 AM

Anonymous Takes Down North Korean Websites

Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)

The hacktivist group Anonymous announced Monday that it's disrupted five North Korean websites.

"More of North Korean websites are in our hand. They will be brought down," read an Anonymous tweet issued via the seized Twitter account of Uriminzokkiri, which carries North Korean official government news.

That message was followed by a "tango down" declaration for Subsequent messages announced that the North Korean websites,, and had been hacked. The latter three websites were altered to feature a previously deployed caricature of North Korean leader Kim Jong-Un sporting pig ears and nose and a Mickey Mouse tattoo.

Anonymous Monday also posted to Pastebin a "members of" data dump -- aka dox -- as well as a list of what it described as "members of" By Tuesday morning, all of the sites except for appeared to either be offline or experiencing frequent disruptions. The Uriminzokkiri Twitter feed, meanwhile, hadn't been expunged of the Anonymous posts.

[ Botmaster known as "The Jester" targets North Korea in recent round of attacks. Read more at Anonymous-Linked Hacker Claims North Korea Win. ]

Anonymous has been defacing and disrupting North Korean websites -- which largely can be viewed only by people outside the country -- to protest the Pyongyang regime's military provocations, which have recently included a nuclear weapons test, a threatened medium-range ballistic missile test, a promise to restart a nuclear reactor and the declaration of war against South Korea.

The government of South Korea has also blamed North Korea for launching last month's "wiper" malware attacks that erased 48,000 hard drives and disrupted operations at banks and broadcasters. Government officials said they traced a hacker involved in the attacks to Pyongyang.

A spokesperson for the general staff of the Korean People's Army in North Korea labeled the attack attribution "rumors" and a "deliberate provocation," reported South Korea's Yonhap news agency.

The latest Anonymous disruptions, which occurred Monday, coincided with North Korea's celebrating the 101st "Day of the Sun" holiday, which commemorates the anniversary of the country's founder, Kim Il-Sung; Kim Jong-Un is his grandson. The holiday is traditionally celebrated with flowers. Unlike some previous years, however, the Pyongyang regime chose not to use the occasion to stage a military parade.

Anonymous has been calling on Kim Jong-Un to resign, threatening "first we gonna wipe your data, then we gonna wipe your badass dictatorship 'government.'"

This isn't the first time the hacktivist collective has disrupted (Korean for "one nation"). Anonymous also recently seized control of Uriminzokkiri's Twitter and Flickr feeds and leaked what it said were 9,000 of the 15,000 user accounts -- including people's real names, usernames, addresses, birthdates and hashed passwords -- from the site's server, which is hosted in China.

In other website disruption news, the Syrian Electronic Army Monday claimed credit for taking over the Twitter feed for National Public Radio. "The good news is that NPR appears to have cleaned up the affected Web pages, some of which were carrying news of the explosions at the Boston Marathon," said Graham Cluley, senior technology consultant at Sophos, in a blog post.

The Syrian Electronic Army didn't give a motive for its attack. "We will not say why we attacked @NPR ... They know the reason and that [is] enough," read a message posted to the group's Twitter feed. But obviously the group -- which reportedly supports Syrian President Bashar Assad's regime -- may be unhappy with NPR's Syria coverage.

In a statement released late Monday, NPR confirmed the attack, saying it commenced Monday at approximately 11 p.m. ET and that NPR's publishing system had been accessed and multiple headlines altered. "Late Monday evening, several stories on the NPR website were defaced with headlines and text that said 'Syrian Electronic Army Was Here,'" it said. Some of those headlines then propagated to stories that appeared on NPR members stations' websites.

"We have made the necessary corrections to those stories on and are continuing to work with our member stations," NPR said, adding that it had regained control of its Twitter feeds.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.