By Jeffrey A. Phaup
An American hacker says he singlehandedly took down the North Korean internet in January of 2022, according to a report from Wired.[1] Observers reported seeing apparent outages in North Korea’s internet and at times all of the country’s websites, which only amount to a few dozen, appeared to be down.[2] The outages occurred after North Korea carried out a series of missile tests, prompting some experts to wonder if the outages were caused by cyberattacks from a foreign country.[3]
The hacker, who goes by the name P4x, says he had been targeted by the hermit dictatorship’s spies who cyber-attacked Western security researchers in 2021.[4] P4x then launched repeated ‘distributed denial of service’ (DDoS) attacks against the communist state, crippling the country’s few government-operated public-access websites and slowing email traffic.[5] DDoS attacks flood a system with fake traffic, consuming available bandwidth, and limiting processing capacity of servers so that a website becomes unavailable.[6]
In North Korea only a small number of trusted officials and academics are permitted to use the World Wide Web.[7] At the same time, only a small number of North Korean websites are connected to the wider global internet, including the state airline Air Koryo and the official web portal of the North Korean government Naenara, which spreads state news and propaganda on behalf of the Communist Party and Kim Jong Un.[8]
P4x says he’s found numerous known but unpatched bugs in North Korean systems that have allowed him to launch denial-of-service attacks on the servers and routers on which the country’s few internet-connected networks depend.[9] He declined to reveal the specifics of the bugs but did give one example of a known vulnerability that could be exploited to knock servers offline.[10]
P4x told Wired that it was “pretty interesting how easy it was to actually have some effect in there”.[11] He further elaborated that “It felt like the right thing to do here.[12] If they don’t see we have teeth, it’s just going to keep coming,” he told the publication.[13] “I want them to understand that if you come at us, it means some of your infrastructure is going down for a while.”[14]
He explained that his cyber attacks on the state came after he himself was unsuccessfully targeted by Pyongyang, with DPK hackers attempting to break into his own personal network a year ago to get access to his hacking technology.[15] He was able to catch the breach, open the file the hackers used in an attempt to gain access to his network with a virtual computer (thus isolating the breach), and study it himself.[16] He found the hack had been launched, to his surprise, from North Korea.[17] He added that he reported the incident to American authorities such as the FBI, but was ignored.[18] ‘If no one’s going to help me, I’m going to help myself,’ he said.[19]
[1] Bree Fowler, American hacker says he took down North Korean internet Wired reports, CNET (Feb. 3, 2022) [https://perma.cc/5FUE-8RLD].
[2] Andy Greenberg, North Korea Hacked Him. So He Took Down Its Internet, WIRED (Feb. 2, 2022) [https://perma.cc/VS38-Z3MC].
[3] Fowler, supra note 1.
[4] Graeme Massie, AMERICAN HACKER SAYS HE KEEPS TURNING OFF INTERNET IN NORTH KOREA, INDEPENENT (Feb. 3, 2022) [https://perma.cc/L4RK-QC6C].
[5] Chris Jewers, US hacker ‘in his pyjamas’ takes down North Korea’s internet in revenge for cyber attack carried out against him by Pyongyang, Daily Mail (Feb. 3, 2022) [https://perma.cc/R3G2-E8RX].
[6] Id.
[7] Id.
[8] Id.
[9] Fowler, supra note 1.
[10] Id.
[11] Massie, supra note 4.
[12] Jewers, supra note 5.
[13] Id.
[14] Id.
[15] Greenberg, supra note 2.
[16] Id.
[17] Id.
[18] Id.
[19] Id.