One American Hacker Took Down North Korea’s Internet for Revenge

North Korean experts noted a series of countrywide internet shutdowns in January 2022, with speculations that some of the outages were linked to the North’s recent missile launches. During the outage, practically all of North Korea’s websites were intermittently inaccessible, ranging from Air Koryo Airline’s booking site to Naenara (the official portal for Kim Jong-un's government). Disruptions to the country’s servers also include at least one of the central routers that allow digital access to the country’s network from the outside world.

The internet outages appeared shortly following North Korea’s missile testing and the timing of these developments led some experts to believe that the culprit behind the cyberattacks was a state actor, such as the US. However, according to a report by Wired, an American hacker, identified by the handle “P4X” claimed sole responsibility for the attack. P4X said he was one of the victims of a North Korean government hacking scheme on western security researchers last year, where suspected North Korean hackers attempted to steal hacking tools and information on software vulnerabilities. His frustration from being a target and disappointment stemming from the US government’s lack of response triggered his plan for revenge. “[It] felt like the right thing to do here…I want them to understand that if you come at us, it means some of your infrastructure is going down for a while”. While P4X acknowledged that his attacks likely violated US computer fraud and hacking laws, he argued that it was not ethically wrong to send a message to the Kim regime which carried out “insane human rights abuses and complete control over their population”.

GOVERNMENT-TRAINED NORTH KOREAN HACKERS

Cyber warfare has been one of the key tactics, along with nuclear weapons and missiles, deployed by Kim Jong-un's administration to signify North Korea’s military capabilities. North Korea’s growing cyber capability emerged most prominently in 2013 and South Korea had suffered a series of cyberattacks that damaged its commercial, financial, and media networks as a result.  

It is known that North Korea has two cyber warfare branches, namely the Enemy Collapse Sabotage Bureau under the military and the General Bureau of Reconnaissance. The former collects internal information to control North Korean citizens, while the latter is responsible for hacking and breaking into security systems to steal confidential information. South Korean National Intelligence Service and the Defense Security Command reported that “Unit 110,” the headquarters of North Korea’s hacking operations, had in the past intercepted confidential defense strategy plans, including documents detailing US-ROK responses to potential North Korean provocations, among many other cyberattacks. Former defectors and security experts also revealed the operations of an elite cyber warfare unit known as “Bureau 121”, which is speculated to have 6,000 hackers stationed in Belarus, India, Malaysia, Russia, and at Chilbosan Hotel in Shenyang, China. The group of North Korean hackers from Bureau 121 were allegedly responsible for the cyberattack against Sony in 2014, which had cost the company hundreds of millions of dollars in damages.

The North Korean government has been extremely proactive in nurturing the next generation of hackers. Gifted children and science prodigies would be selected at the age of 15 or younger to receive intensive cyber security training at Kumsong Middle School No. 1 and No. 2, before entering into Kim Il-sung University or Kim Chaek University of Technology for further education. After graduation, these handpicked “cyber elites” would be assigned to work at Bureau 121. In addition to taking pride in defending their country, North Korean hackers enjoy various privileges only offered to the top 1 percent of society. For example, they can become party members, be given the chance to study or work abroad, or even receive 10 percent of the gains derived from successfully hacking a cryptocurrency exchange with a system they have developed.

THE HACKER’S MASTERPLAN TO ANNOY NORTH KOREA

P4X claimed that North Korea’s internet technology is outdated and the cyber infrastructure is small, “like the size of a small-to-medium [cybersecurity breaching test]…pretty interesting how easy it was to actually have some effect in there”. The hacker has also started to examine North Korea’s national operating system, Red Star OS, and planned to recruit hackers to join his project to “perform proportional attacks and information-gathering in order to keep North Korea from hacking the western world completely unchecked”.

Records from Pingdom, a popular uptime-measuring service, revealed that at several points during P4X’s hacking, almost every North Korean website was down, with the exception of those based outside the country, such as the news site Uriminzokkiri.com. Meanwhile, Junade Ali, a cybersecurity researcher who monitors the North Korean internet, said that there were instances where emails and other internet-based services were suspended, “[as] their routers fail, it would literally then be impossible for data to be routed into North Korea…effectively a total internet outage affecting the country”.

However, given only a small fraction of the entire North Korean population has access to the country’s strictly limited internet system, it is unclear as to whether P4X’s cyberattacks had any real effects on Kim Jong-un's administration. According to Martyn Williams, a researcher for the Stimson Center’s North Korea-focused 38 North Project, the sites taken down by P4X were largely used for propaganda and other functions aimed at the international audience, which would not affect the country’s disconnected intranet system accessible by the majority of North Koreans. Nonetheless, Williams commented that “[but] if [P4X] just wants to annoy North Korea, then he is probably being annoying”, which appears to align with P4X’s aim to “affect the people as little as possible and the government as much as possible” as he also acknowledged that his cyberattacks amount to no more than “tearing down government banners or defacing buildings”.

While fellow hackers who were also targeted by North Korea did not all agree with P4X’s way of addressing the issue, Dave Aitel, a former NSA hacker who was targeted in the same campaign, agreed that the government’s response had been lacking. Aitel explained that the U.S. “is good at protecting the government, OK at protecting corporations but does not protect individuals”.