He avenged the attack on him: an American hacker turned off the Internet in all of North Korea

For the past couple of weeks, North Korea has been having some kind of communication problems. On different days, almost all the sites of the country, in particular the airlines Air Koryo and Naenara, the official portal of the government of Kim Jong-un, were unavailable. At least one of the central routers that gives access to the North Korean network at some point appeared to be inoperable, paralyzing the country's digital connection with the outside world. What happened, the publication figured out AIN.

Photo: Shutterstock

As it turned out, the responsibility for the long North Korean offline lies not with the American or other official cyber troops, but with an American hacker. He sat at home in a T-shirt and flip-flops, watched movies and from time to time checked the operation of the programs that turned off the Internet throughout the country.

A year ago, North Korean spies tried to break a hacker known as P4x. He became one of the victims of an attack aimed at Western cybersecurity researchers. The goal was to steal their hacking tools, as well as data about software vulnerabilities. P4x says nothing of value was damaged in the attack. But he was deeply disturbed by the very fact that the state cybertroops paid attention to him personally. And also that the American government did not react to this in any way.

He held a grudge for a year, and then decided to take revenge on North Korea.

“I felt it was the right thing to do. If they do not see that we have teeth, such attacks will happen again and again. I wanted them to understand: if they come to us, their infrastructure will suffer,” the hacker explained. He refused to reveal his real name.

According to P4x, he found many known but unpatched vulnerabilities in North Korean systems. And this allowed him to independently launch denial-of-service attacks on the few servers and routers of the country that support the network in it.

For the most part, he refused to publicly show these vulnerabilities, because, in his opinion, this would help the government of the country protect itself from his attacks. But he gave an example, a well-known bug in the NginX web server software, which incorrectly handles certain HTTP headers, which leads to server overload and offline. He recalled that he found ancient versions of Apache on the country's network, as well as that he began to study the North Korean OS of his own production, Red Star OS. He describes it as an outdated and vulnerable version of Linux.

On the subject: 'You are destroying lives': hackers threaten Elon Musk over his business and tweets

The P4x attacks on North Korean systems were mostly automatic, with the hacker periodically running scripts that determined which systems were still online and then launching attacks against them.

“For me, it was analogous to a not too large-scale pentest. Interestingly, it turned out to be very easy to influence the network, ”the hacker admitted.

These relatively simple hacks had consequences. Records from the Pingdom website uptime measurement service found that at some point during the attack, almost every North Korean website was down. And those that remained online, such as Uriminzokkiri.com, were located outside the country. Junayd Ali, a cybersecurity researcher who monitors the North Korean internet, says there have been mysterious massive attacks on the country's internet as early as two weeks ago.

He has seen how, from time to time, the country's key routers go offline, taking with them not only access to websites, but also to mail and other services that depend on Internet access. These attacks did not affect North Korean users' access to the outside Internet.

It's rare that a single anonymous hacker could cause an internet outage of this magnitude, but it's not entirely clear what the real impact of his attacks was, says Martin Williams, a member of the 38 North Project, a North Korean research project at the Stimson Center. After all, a huge number of people in the country are disconnected from the Internet, they use an internal network with limited access. And the dozens of sites that P4x has taken offline are used primarily for propaganda and other functions aimed at external audiences.

And while the attack could indeed create problems for some of the country's officials, the hackers who attacked the P4x itself last year, like most North Korean hackers, are most likely based in another country, such as China.

“If he wanted to go after these hackers, he probably targeted the wrong people. If he just wanted to unsettle North Korea, then apparently he succeeded, ”Williams said.

For its part, P4x says that the North Korean population itself, which for the most part does not have access to the Internet, was not its target. And the irritation of the government of the country because of the attacks, he would consider his success. “I would like to touch people as little as possible, and the government as much as possible,” he emphasized.

According to the hacker, these attacks also had an exploratory purpose: to test and find vulnerabilities. These vulnerabilities will be useful in further more serious attacks, during which it will be possible to steal information from North Korean systems and pass it on to experts. He hopes to recruit hacker activists for his new FUNK Project (FU North Korea) to do just that.

You may be interested in: top New York news, stories of our immigrants and helpful tips about life in the Big Apple - read it all on ForumDaily New York

P4x recalls the exact time it was hacked by North Korean hackers: in January 2021, it opened a file sent to it by an unfamiliar hacker, presented as a research tool. P4x then saw a post from Google's threat intelligence team that a North Korean hacker attack was underway against cybersecurity researchers. And when P4x studied the file sent by the stranger in more detail, he noticed that it contained a backdoor that was supposed to give remote access to his computer. The hacker was opening the file in a virtual machine, so he couldn't damage the system. But at the same time, P4x was shocked that North Korea decided to attack him personally.

The hacker was later contacted by the FBI, but offered no real help in assessing the damage or protecting against future attacks. There was also no formal response from the American government.

“It felt like there was no one on our side,” he recalls.

Not all hackers targeted by the North Korean attack agree that P4x's decision was correct. For example, Dave Eitel, the founder of Immunity, was also one of the targets of the attack, but at the same time doubts that P4x revenge is productive. After all, she could interfere with more covert and complex efforts aimed at the same North Korean computers. But Dave also agrees that the lack of government response to the attacks was noticeable.

P4x emphasizes that his hacking efforts were mostly meant to send a message to the Kim Jong-un regime. And although he admits that his attack most likely violated US law, at the same time he believes that he did nothing wrong: "I have a clear conscience."

Read also on ForumDaily:

The XNUMX states with the biggest tax bills

Immunologist recommends: 4 vitamin supplements that will make you healthier and more active

Expand your options: search engines that will find what Google does not show

Scientists have found out how much money you need for happiness: the amount came out less than you think

Items worth and not worth buying in February

Do you want more important and interesting news about life in the USA and immigration to America? — support us donate! Also subscribe to our page Facebook. Select the “Priority in display” option and read us first. Also, don't forget to subscribe to our РєР ° РЅР ° Р »РІ Telegram  and Instagram- there is a lot of interesting things there. And join thousands of readers ForumDaily New York — there you will find a lot of interesting and positive information about life in the metropolis.