The last few weeks have been interesting for the globe. The Olympics are getting going in China, there are Russian troops on the doorstep of Ukraine, and the world learned North Korea has the internet. Well, what they call the internet is worse than anything AOL ever provided us. It’s also in short supply, very choked off from the rest of the world, except for NK sites that are hosted in other countries like China.
Just over a year ago, a man going by the username P4x found himself the target of the North Korean government. A hacker himself, he has historically been using his skills to benefit businesses and organizations; whitehat hacking as they call it. Apparently, the NK’s were targeting him and other security experts for security tools and system vulnerabilities.
The shocking part of all this was their use of a trust hacker’s email to send him the file disguised as an exploitation tool back in January of 2021. Given the recent news that NK spies and hackers were targeting security researchers just a week prior, he took precautions. Opening the file inside of a virtual machine he was able to keep the file and its source code contained, thus preventing it from infecting his computer.
As a result of this file, the FBI did visit P4x but offered him little in the way of comfort, or proof that they were going to go after the hackers. Cybersecurity and Infrastructure Security Agency (CISA) is also of little help either. They wouldn’t even directly acknowledge the action being taken by NK in the first place. This of course is not an acceptable answer, and P4x was not going to play fair. Given what they had tried to do to him, who could blame him?
“It felt like the right thing to do here. If they don’t see we have teeth, it’s just going to keep coming…I want them to understand that if you come at us, it means some of your infrastructure is going down for a while.” P4x had a plan and he was on it quickly too. His targets were to get the government of NK and their officials to take notice.
Simple denial-of-service attacks, redirections, and server overloads did the trick. He timed and planned these attacks perfectly. While it was largely annoying to anyone on the actual internet, the vast majority of the already tiny number of people with service have the highly clamped down intranet. This means nothing but NK propaganda all the time. So to attack the few who have the real thing is certainly an annoyance, and may have sent the hackers a proper message.
Dave Aitel, a former NSA hacker and the founder of security firm Immunity, was a target of the same campaign. He isn’t completely sold on P4x’s methods here. “I would not want to disrupt real Western intelligence efforts that are already in place on those machines, assuming there is anything of value there…This is one of the biggest balls CISA, in particular, has dropped. The United States is good at protecting the government, OK at protecting corporations, but does not protect individuals.”
Other hackers who were asked about this don’t believe NK is responsible. They pin the blame on a neighboring country with a history of these incidents- China. CISA won’t comment on that idea either but given the roots of the security problems and the method of the attack, it would certainly make sense. As more attacks are carried out every day across the globe, it is only a matter of time until they strike the wrong person. It wouldn’t take much to set the upper class of NK back 30 years in terms of technology. So unless the government wants to stand up for the private citizen, they may find themselves answering for why NK has been completely deactivated.