Anonymous Hits North Korea Via DDoS

Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.

Mathew J. Schwartz, Contributor

April 2, 2013

4 Min Read

Anonymous: 10 Things We Have Learned In 2013

Anonymous: 10 Things We Have Learned In 2013

Anonymous: 10 Things We Have Learned In 2013 (click image for larger view and for slideshow)

The Anonymous hacktivist collective announced that it's released sensitive data about -- aka doxed -- the government of North Korea over its threat to restart a nuclear reactor in the country.

The dox was announced in an "Anonymous hits N. Korea" message posted Tuesday to Pastebin, claiming that 15,000 membership records had been stolen from the website of North Korea's Kim Il Sung Open University, which is run from China.

The Pastebin post, which railed against the governments of both North Korea and the United States, demanded that the Pyongyang regime "stop making nukes and nuke-threats" and called for the resignation of the country's 30-year-old ruler, Kim Jong-un.

[ Should DDoS attacks be protected under the First Amendment? Read Anonymous Says DDoS Attacks Like Free Speech. ]

The post included six records supposedly stolen from the Uriminzokkiri website, including names, email addresses and hashed passwords. "Enjoy these few records as a proof of our access to your systems (random innocent citizens, collateral damage, because they were stupid enough to choose idiot passwords), we got all over 15k membership records of and many more," it said. Decrypted password hashes in the post included "123456" and "loveme."

The veracity of the doxed information couldn't be verified. One of the published email addresses, however, was for smart grid product vendor KEPCO KDN, which is part of Korea Electric Power Co. Three of the "example records" contained Korean names, while the other three were Chinese names, according to journalist Martyn Williams, who maintains the North Korea Tech website.

The alleged data dump followed a series of distributed denial-of-service (DDoS) attacks launched Saturday against the official website of the Democratic People's Republic of Korea (North Korea), the government-owned airline Air Koryo, as well as the government's Committee for Cultural Relations with Foreign Countries ( and the Korea Computer Center (Naenara) websites.

Those attacks were carried out under the banner of Operation North Korea (OpNorthKorea) by the South Korean branch of Anonymous, and were made in response to increasing threats from Pyongyang that it plans to attack South Korea.

Last month, broadcasters and banks in South Korea were hit by a series of highly targeted "wiper" malware attacks that deleted an estimated 32,000 hard drives. While North Korea is generally the first suspect behind any attack against South Korea, no evidence has been published to track the cyber attacks to Pyongyang.

Still, the rhetoric between the two Korean governments has been heating up. According to a recently released North Korean government statement carried by the official government Korean Central News Agency (KCNA), "the whole country is now throbbing with voices urging the start of a sacred war for national reunification." Meanwhile, North Korea's Central Committee announced Sunday that the country "is a full-fledged nuclear weapons state," and a spokesman for the General Department of Atomic Energy said that a reactor located at Yongbyon will be restarted and that the "work will be put into practice without delay," according to KCNA.

North Korea has faced United Nations sanctions after conducting a nuclear weapons test in February. But Kim Jong-un said Sunday that the country will no longer use its nuclear program as a bargaining chip. "The enemies are using both blackmail, telling us that we cannot achieve economic development unless we give up nuclear weapons, and appeasement, saying that they will help us live well if we choose a different path," KCNA quoted Kim as saying.

In the face of the increasing tensions, the White House said it's monitoring the situation. "We haven't seen actions to back up the rhetoric," White House spokesman Jay Carney told reporters Monday, reported Reuters.

Attend Interop Las Vegas May 6-10 and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by March 22 to save an additional $200 off the early bird discount on All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register today!

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights