11:31 AM

Anonymous Takes Down North Korean Websites

Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)

The hacktivist group Anonymous announced Monday that it's disrupted five North Korean websites.

"More of North Korean websites are in our hand. They will be brought down," read an Anonymous tweet issued via the seized Twitter account of Uriminzokkiri, which carries North Korean official government news.

That message was followed by a "tango down" declaration for Subsequent messages announced that the North Korean websites,, and had been hacked. The latter three websites were altered to feature a previously deployed caricature of North Korean leader Kim Jong-Un sporting pig ears and nose and a Mickey Mouse tattoo.

Anonymous Monday also posted to Pastebin a "members of" data dump -- aka dox -- as well as a list of what it described as "members of" By Tuesday morning, all of the sites except for appeared to either be offline or experiencing frequent disruptions. The Uriminzokkiri Twitter feed, meanwhile, hadn't been expunged of the Anonymous posts.

[ Botmaster known as "The Jester" targets North Korea in recent round of attacks. Read more at Anonymous-Linked Hacker Claims North Korea Win. ]

Anonymous has been defacing and disrupting North Korean websites -- which largely can be viewed only by people outside the country -- to protest the Pyongyang regime's military provocations, which have recently included a nuclear weapons test, a threatened medium-range ballistic missile test, a promise to restart a nuclear reactor and the declaration of war against South Korea.

The government of South Korea has also blamed North Korea for launching last month's "wiper" malware attacks that erased 48,000 hard drives and disrupted operations at banks and broadcasters. Government officials said they traced a hacker involved in the attacks to Pyongyang.

A spokesperson for the general staff of the Korean People's Army in North Korea labeled the attack attribution "rumors" and a "deliberate provocation," reported South Korea's Yonhap news agency.

The latest Anonymous disruptions, which occurred Monday, coincided with North Korea's celebrating the 101st "Day of the Sun" holiday, which commemorates the anniversary of the country's founder, Kim Il-Sung; Kim Jong-Un is his grandson. The holiday is traditionally celebrated with flowers. Unlike some previous years, however, the Pyongyang regime chose not to use the occasion to stage a military parade.

Anonymous has been calling on Kim Jong-Un to resign, threatening "first we gonna wipe your data, then we gonna wipe your badass dictatorship 'government.'"

This isn't the first time the hacktivist collective has disrupted (Korean for "one nation"). Anonymous also recently seized control of Uriminzokkiri's Twitter and Flickr feeds and leaked what it said were 9,000 of the 15,000 user accounts -- including people's real names, usernames, addresses, birthdates and hashed passwords -- from the site's server, which is hosted in China.

In other website disruption news, the Syrian Electronic Army Monday claimed credit for taking over the Twitter feed for National Public Radio. "The good news is that NPR appears to have cleaned up the affected Web pages, some of which were carrying news of the explosions at the Boston Marathon," said Graham Cluley, senior technology consultant at Sophos, in a blog post.

The Syrian Electronic Army didn't give a motive for its attack. "We will not say why we attacked @NPR ... They know the reason and that [is] enough," read a message posted to the group's Twitter feed. But obviously the group -- which reportedly supports Syrian President Bashar Assad's regime -- may be unhappy with NPR's Syria coverage.

In a statement released late Monday, NPR confirmed the attack, saying it commenced Monday at approximately 11 p.m. ET and that NPR's publishing system had been accessed and multiple headlines altered. "Late Monday evening, several stories on the NPR website were defaced with headlines and text that said 'Syrian Electronic Army Was Here,'" it said. Some of those headlines then propagated to stories that appeared on NPR members stations' websites.

"We have made the necessary corrections to those stories on and are continuing to work with our member stations," NPR said, adding that it had regained control of its Twitter feeds.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.