11:31 AM

Anonymous Takes Down North Korean Websites

Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)

The hacktivist group Anonymous announced Monday that it's disrupted five North Korean websites.

"More of North Korean websites are in our hand. They will be brought down," read an Anonymous tweet issued via the seized Twitter account of Uriminzokkiri, which carries North Korean official government news.

That message was followed by a "tango down" declaration for Subsequent messages announced that the North Korean websites,, and had been hacked. The latter three websites were altered to feature a previously deployed caricature of North Korean leader Kim Jong-Un sporting pig ears and nose and a Mickey Mouse tattoo.

Anonymous Monday also posted to Pastebin a "members of" data dump -- aka dox -- as well as a list of what it described as "members of" By Tuesday morning, all of the sites except for appeared to either be offline or experiencing frequent disruptions. The Uriminzokkiri Twitter feed, meanwhile, hadn't been expunged of the Anonymous posts.

[ Botmaster known as "The Jester" targets North Korea in recent round of attacks. Read more at Anonymous-Linked Hacker Claims North Korea Win. ]

Anonymous has been defacing and disrupting North Korean websites -- which largely can be viewed only by people outside the country -- to protest the Pyongyang regime's military provocations, which have recently included a nuclear weapons test, a threatened medium-range ballistic missile test, a promise to restart a nuclear reactor and the declaration of war against South Korea.

The government of South Korea has also blamed North Korea for launching last month's "wiper" malware attacks that erased 48,000 hard drives and disrupted operations at banks and broadcasters. Government officials said they traced a hacker involved in the attacks to Pyongyang.

A spokesperson for the general staff of the Korean People's Army in North Korea labeled the attack attribution "rumors" and a "deliberate provocation," reported South Korea's Yonhap news agency.

The latest Anonymous disruptions, which occurred Monday, coincided with North Korea's celebrating the 101st "Day of the Sun" holiday, which commemorates the anniversary of the country's founder, Kim Il-Sung; Kim Jong-Un is his grandson. The holiday is traditionally celebrated with flowers. Unlike some previous years, however, the Pyongyang regime chose not to use the occasion to stage a military parade.

Anonymous has been calling on Kim Jong-Un to resign, threatening "first we gonna wipe your data, then we gonna wipe your badass dictatorship 'government.'"

This isn't the first time the hacktivist collective has disrupted (Korean for "one nation"). Anonymous also recently seized control of Uriminzokkiri's Twitter and Flickr feeds and leaked what it said were 9,000 of the 15,000 user accounts -- including people's real names, usernames, addresses, birthdates and hashed passwords -- from the site's server, which is hosted in China.

In other website disruption news, the Syrian Electronic Army Monday claimed credit for taking over the Twitter feed for National Public Radio. "The good news is that NPR appears to have cleaned up the affected Web pages, some of which were carrying news of the explosions at the Boston Marathon," said Graham Cluley, senior technology consultant at Sophos, in a blog post.

The Syrian Electronic Army didn't give a motive for its attack. "We will not say why we attacked @NPR ... They know the reason and that [is] enough," read a message posted to the group's Twitter feed. But obviously the group -- which reportedly supports Syrian President Bashar Assad's regime -- may be unhappy with NPR's Syria coverage.

In a statement released late Monday, NPR confirmed the attack, saying it commenced Monday at approximately 11 p.m. ET and that NPR's publishing system had been accessed and multiple headlines altered. "Late Monday evening, several stories on the NPR website were defaced with headlines and text that said 'Syrian Electronic Army Was Here,'" it said. Some of those headlines then propagated to stories that appeared on NPR members stations' websites.

"We have made the necessary corrections to those stories on and are continuing to work with our member stations," NPR said, adding that it had regained control of its Twitter feeds.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.