Last Update: Apr 9, 2013
Initial Disclosure Date: Apr 1, 2013
Hours after the Korean Central News Agency (KCNA) declared that the country was “entering into a state of war” with South Korea, Anonymous_Korea launched DDoS attacks to take down five North Korean government websites. Although the Anonymous group has tweeted the KCNA statement a couple of times, it is unknown whether they waged these attacks to retaliate the massive cyber-attacks on South Korea on March 20.
According to twitter feeds, Anonymous plans to launch #OpFreeKorea on April 19, which is the anniversary of the April Revolution. South Korean labor and students groups protested against electoral corruption in 1960. Anonymous_Korea is planning to wage cyber-attacks, #OpKoreanWar, again on North Korean government websites on June 25, which is the anniversary of the Korean War.
The targets are the English and Korean version of the Democratic People’s Republic of Korea, the North Korean Committee for Cultural Relations, and Air Koryo. The attacks were launched under a campaign named “#OpNorthKorea.” At 05:12am Eastern Time on March 30, Anonymous_Korea tweeted that they took down the following websites:
Yet, about one hour later, Anonymous_Korea tweeted again to notify, “korea-dpr.com is still up,” although their efforts were ongoing.
On March 31, Mashable reported that Uriminzokkiri , “a North Korean news and propaganda site” and North Korea’s main official state website were restored after alleged cyber-attacks as of 5pm Eastern Time on March 30. Yet, the other three websites still remained unreachable. (footnote:1)
An online message in English to HTMLpaste.com by Anonymous claims that the group accessed over 15,000 passwords that belong to users of the Uriminzokkiri website and others by exploiting weak passwords. It is unknown when the message was posted. At least, Cyber Vietcong (@VietMinhVC) tweeted about the posting at 8:28pm on March 31. The message demands Kim Jong-un to resign, stop developing nuclear weapons, introduce democracy to North Korea, and allow free Internet access to citizens. (footnote:2) RT raises a question about the credibility of the posting because one of the victims is claimed to have been born on June 1, 1900. (footnote:3)
Anonymous hacked North Korea’s official twitter (uriminzokkiri or @uriminzok) and Flickr accounts and defaced two websites. The twitter account has almost 16,700 followers as of 02:30pm JST on April 5. An image of Kim Jong-un with pig ears and nose and a Mickey Mouse tattoo on his stomach appeared on the defaced Flickr website. The hacktivist group also defaced the website of Ryomyong.com (books and music store) and Aindf.com (a South Korean political group tied to North Korea) by uploading the image of the Anonymous logo and Guy Fawkes mask. (footnote:4)
A message on Pastebin claims that Anonymous has “a few guys on the ground who managed to bring the real internet into the country using a chain of long distance WiFi repeaters with proprietary frequencies, so they’re not jammed (yet). We also have access to some N.K. phone landlines which are connected to Kwangmyong through dial-ups.” (footnote:5)
Kwangmyong is a North Korean intranet launched in 2000. Yet, since it is insulated from the outside of the country, Anonymous’ claimed access to North Korean intranets is dubious with no hard evidence. (footnote:6)
Anonymous released the personal information of 9,001 Uriminzokkiri subscribers such as their date of birth, ID, name, and password. The South Korean National Intelligence Service argues that “many of the leaked details on the website match those of South Koreans.” The South Korean government blocks citizens from accessing the website under the National Security Law, but Internet users can access it via proxy servers. A National Police Agency spokesperson stated that they would “take action” if they notice any of South Korean Uriminzokkiri subscribers “have carried out any pro-North Korean activities” or “posting pro-North Korean comments.” (footnote:7)
Most of Uriminzokkiri subscribers seem to use false identities and the South Korean police believe that the investigation would take more than one year. The list of the subscribers includes former President Lee Myung-bak, military personnel and police officers. “Lee” used his email address to register, which the former president was using when he was Seoul City Mayor. (footnote:8)
On April 7, South Korean prosecutors announced that they had indicted three South Koreans for cooperating with a North Korean hacker in China. The authorities detained 28-year-old Choi on suspicion of violating the National Security Law by illegally communicating with the North Koreans and sending financial aids. They believe that Choi regularly contacted the North Korean hacker, Han, who works at a software company run by the Workers’ Party of Korea and a North Korean agent between 2007 and 2012. Choi is believed to have accessed the personal information belonging to millions of people from Han and used it to disseminate spams. Yet, the prosecutors have not detained his 29-year-old brother and a 34-year-old man named Kim. They allegedly helped another Choi. (footnote:9)
Sources:
日立システムズは、システムのコンサルティングから構築、導入、運用、そして保守まで、ITライフサイクルの全領域をカバーした真のワンストップサービスを提供します。
検索
Japan