Over the past two weeks, a number of websites in North Korea have been disrupted. From the site of the airline Air Koryo to Naenara, the site of Kim Jong-un's government.
There is at least one main router that is the door to access the internet network in North Korea which is paralyzed, which makes North Korea's internet connection to other countries cut off, as quoted by Wired, Friday (4/2/2022).
Some North Korean observers suggest that this may have been due to other government hackers harassing North Korean networks, after the country carried out a number of missile tests.
However, Wired's investigation found that internet interference in North Korea was not the behavior of hackers from other countries' governments, such as the US Cyber Command. The cause of the disturbance was a hacker, yes, one person, who called his name P4x, who carried out the action from inside his house.
What underlies P4x to carry out the cyberattack? Feud. Yes, revenge against the North Korean government, which hacked a number of security researchers from various countries more or less a year ago. P4x was one of the victims of that hack.
In the hack, North Korean hackers aimed to steal the tools used to hack and steal information about a list of security holes that exist in various software.
P4x claims that he succeeded in repelling the North Korean hacker and that nothing could be stolen from him. But still he felt annoyed that he was the target of hacking, plus he said there were no clear steps from the US government to respond to the attack.
A year of holding a grudge, P4x finally acted alone to avenge it.
"I feel this is the right thing. If they think we have no fangs, they will continue to come (attack)," explained P4x while showing off its screen display while hacking North Korea's internet network.
"I want them to understand that if you come again, it means that some of your infrastructure will be damaged for some time," he said.
Although he refused to explain clearly the loopholes he used to attack North Korea, P4x said he found several loopholes in the North Korean system that allowed him to carry out denial of service attacks on servers and routers in North Korea.
He also said that these loopholes were old, popular loopholes, such as a bug in the NginX web server software, as well as the old Apache web server software that is still used in North Korea.
In the action, P4x also admitted to researching North Korea's national operating system called Red Star OS. He called this OS an old-school Linux that most likely had security vulnerabilities.
Most of the action is automated, i.e. routinely running scripts to calculate an operational system, and then launching an exploit to bring the system down.
"To me, it's like a small-medium sized pentest. It's interesting because it's so easy to make an impact there," he explained.
For information, pentest is a term for a penetration test, which is commonly done by white hat hackers to test the security of their clients' networks.
In history, it is very rare for a hacker to be able to 'turn off' the internet on a large scale, such as a country. But keep in mind also, the majority of North Koreans are only connected to an intranet network, not to a globally connected internet network.
Martyn Williams, a researcher from the Stimson Center that focuses on North Korea, said most North Koreans only connect to the intranet. Meanwhile, what was done by P4x only affected propaganda sites and international audiences.
But according to P4x, that's exactly what he's after. The reason is that he did not target North Koreans in his actions.
"I definitely make as little impact as possible for the citizens and as much as possible for the government," explained P4x.