A lone American computer hacker, P4x has been disrupting the internet of North Korea, paralyzing the government-run websites. Aside from that, the hacker’s activities brought email traffic to a stop in a bid to avenge an earlier cyberattack by the Communist state against US security researchers. For the past couple of weeks, those observing North Korea’s highly secured internet noticed that the country was facing major connectivity-related issues. Due to these connectivity problems, all of North Korea’s websites intermittently went offline.
For instance, the Air Koryo airline’s booking site, as well as the official website for Kim Jong-un’s government, Naenara dropped offline at irregular intervals. At the time, it seemed like at least one of the central routers that provide access to the country’s networks was inoperative. As a result, the country’s digital connections to the rest of the world face severe damage. According to a few North Korea watchers, the country recently completed several missile tests. This indicates that hackers from another country had initiated a cyberattack against the Hermit Kingdom to urge it to stop showing off its military force.
Who Is Behind The Internet Outages In North Korea?
The ongoing internet disruption in North Korea isn’t a result of the activities of another state-backed hacking agency or the US Cyber Command. On the contrary, these outages were spearheaded by one American hacker, who goes by the name P4x. Interestingly, he ran several programs to disrupt North Korea’s internet, sitting in his home office in a T-shirt, pajama pants, and slippers. Moreover, he was enjoying his favorite Alien movies and eating spicy corn snacks while the programs continued to affect the internet connection of the entire country.
To recall, North Korean spies had hacked the independent hacker over a year ago. Aside from P4x, other Western security researchers were the victim of this hacking campaign. This cyberattack was originally initiated to steal information about software vulnerabilities, and the hacking tools used by security researchers. According to P4x, he successfully stopped those hackers from stealing any valuable information from him. However, he told Wired that he wasn’t pleased with the US authorities’ response to the attack. Moreover, he admitted that being targetted personally by state-sponsored hackers was unnerving.
American Hacker Decides To Make His Own Statement
It took around a year for his resentment to simmer down. P4x felt like taking matters into his own hands was the right thing to do. “If they don’t see we have teeth, it’s just going to keep coming,” the hacker told Wired. Moreover, he even showed screen recordings to the publication, verifying he was behind the attacks. However, he did not want to use his real name in a bid to avoid retaliation or prosecution. “I want them to understand that if you come at us, it means some of your infrastructure is going down for a while,” P4x said.
Much to North Korea’s chagrin, the hacker claims he has discovered a myriad of unpatched vulnerabilities in the country’s systems. Furthermore, he claims that these vulnerabilities played a vital role in enabling him to singlehandedly launch “denial-of-service” attacks on North Korea’s servers and routers. Some of the country’s internet-connected networks rely heavily on these servers and routers. However, he did not publicly reveal the aforesaid vulnerabilities, which he claims can enable the North Korean government to avoid his attacks.
Nevertheless, the hacker gave an example of a bug in the webserver software NginX. This is a known bug that does not handle some HTTP headers properly. As a result, the server running this software gets knocked offline. Aside from that, P4x claims that he discovered “ancient” versions of Apache, a web server software. The American hacker says he is currently inspecting the Red Star OS. For those unaware, Red Star OS is North Korea’s own operating system. Aside from being old, the OS is a more vulnerable version of Linux. In fact, a report by Extreme Tech deems it as “oppressive.”
How Did P4x Plan His Attack On The System Of North Korea?
According to the American hacker, his attacks on North Korean systems are largely automated. Furthermore, he says periodically running scripts help him figure out which systems stay online and then start exploits to knock them offline. “For me, this is like the size of a small-to-medium pentest,” the hacker explained. Furthermore, the hacker uses a shortened form for “penetration test,” comparing it to whitehat hacking he has carried out before to find vulnerabilities in his client’s network. P4x admits that it was quite easy to have an effect in there.
Despite being relatively simple, those hacking methods proved to be quite effective. If records from Swedish website monitoring software Pingdom are anything to go by, a significant number of North Korean websites were down during P4x’s hacking. However, at several points during his hacking, news sites like Uriminzokkiri.com stayed up, simply because they are based outside North Korea. Cybersecurity researcher, Junade Ali monitors North Korea’s internet. Ali says he detected what looks like mass-scale attacks on the North Korean internet, which started two weeks ago.
Tracking Who Is Behind Those Attacks
Although Ali has been closely tracking the attacks, he could determine who was behind them. Nevertheless, he witnessed key routers for North Korea going down several times, knocking access to the country’s websites, email, and other internet-based services down. Once the routers fail, Ali explains that data routing into North Korea would be impossible. Furthermore, he deemed the results as “effectively a total internet outage affecting the country.” According to P4x, his attacks did not disconnect North Korea’s outbound access to the internet.
It is inconceivable that a single hacker could carry out such a massive internet collapse. Also, it is still unclear how the attacks have affected the North Korean government. Martyn Williams, who is a researcher for the Stimson Center’s 38 North Project, says only a few people in North Korea have access to systems that run on the internet. A considerable number of North Koreans have access only to the country’s disconnected intranet, Williams adds. Aside from that, he claims that a large number of sites that P4x takes down several times are ideally for propaganda. These sites are primarily for functions that target an international audience.
How Much The Attacks Carried Out By P4x Affect North Korea?
By knocking North Korean sites definitely affected a few regime officials, Williams claims that hackers who targeted American hackers, including P4x last year, are probably based in China and other countries. In fact, Williams claims that if P4x wants to target those people, he should consider deviating his focus to the right place. However, if the goal of the American hacker is simply to annoy North Korea, then he is nailing it.
Also, it is worth mentioning here that P4x says he considers annoying North Korea as a success. Furthermore, he claims that he did not plan to target the country’s population that does not have access to the internet. According to P4x, his goal was to affect the government as much as possible, without affecting the people. Furthermore, he compares his attacks to causing as much damage as defacing buildings or “tearing down government banners” would cause. However, P4x says the purpose behind his hacking is to find vulnerabilities.
P4x Is Recruiting More Hacktivists
Now, the US-based hacker says he is gearing up to actually hack into North Korean systems to steal details that could come in handy for the experts. Aside from that, he wants to recruit more hacktivists to join him. To enable the recruitment, P4x launched a dark website on Monday, dubbed the FUNK Project—i.e. “FU North Korea.” It will be interesting to see if the website helps him find more hacktivists. The description on the FUNK Project site reads, “This is a project to keep North Korea honest.”
The site further urges people to make a difference, adding that they will be performing proportional attacks to gather information. Through these activities, they plan to restrict North Korea from hacking the Western countries without being noticed. Moreover, P4x says he intends to send a message to the North Korean, as well as the American government through his hacktivist efforts. According to the hacker, one of the reasons for carrying out cyberattacks on North Korea is to highlight what he considers a lack of the American government’s response to North Korea hacking US individuals. “If no one ’s going to help me, I’m going to help myself,” he explains.
North Korea’s Cyberattack On P4x & Other Hackers
Last year, P4x was hit by spies in North Korea. Back in January 2021, a fellow hacker sent him a file that included an exploitation tool. Shortly after that, he bumped into a Google‘s TAG (Threat Analysis Group) blog post about hackers from North Korea targeting security researchers. When P4x investigated the hacking tool a stranger sent him, he found it had a backdoor that provides a remote foothold on his PC. However, he had opened this hacking tool in a virtual machine that allowed him to isolate the file from his system.
Nevertheless, he was shocked and outraged after realizing that North Korea had targeted him. Although the FBI got in touch with him later, F4x claims that he did not get any help to determine the damage caused by North Korea’s hacking. Likewise, he claims that he did not get any real help that would allow him to protect himself from more such attacks. As if that weren’t enough, there was no open investigation carried out on the hackers who targetted him. Moreover, the US agency did not even formally recognize that North Korea was behind the attack.
The American Government’s Lack Of Response
This lack of response from the US government made him feel like “there’s really nobody on our side.” In a statement regarding its response to the North Korean attack on US security researchers, the FBI told Wired that it relies on both the public and private sector when it comes to reporting intrusions and suspicious activity. Furthermore, the FBI says it teams up with the public and private sectors to understand what’s happening and make sure it doesn’t happen to others. Moreover, it claims that the FBI doesn’t shy away from holding those responsible accountable.
Px4’s Response To Attacks On Him
After being a target of a state-sponsored cyber espionage, P4x began working on several other projects. However, even after a year, the federal government did not release public or private statements about the attacks on security researchers. Moreover, the US agency did not offer any sort of support. So, P4x decided to take matters into his own hand and make a statement to not only North Korea but also his own country. However, fellow hackers and victims of the North Korean attacks do not think P4x is using the right way to make that statement.
Former NSA hacker and security firm Immunity founder Dave Aitel was also a target of the same espionage campaign. However, he isn’t sure if P4x’s approach to getting even is productive. According to Aitel, P4x could end up interrupting more stealthier intelligence efforts to target the same North Korean computers. “I would not want to disrupt real Western intelligence efforts that are already in place on those machines,” he says. “Assuming there is anything of value there,” Aitel explains.
Does the US Fail To Protect Individuals?
Nevertheless, Aitel’s thoughts on the government’s lack of response to the North Korean campaign align with P4x’s opinion. According to Aitel, none of the government agencies got in touch with him. Moreover, he blames the Cybersecurity and Infrastructure Security Agency for the lack of action Aitel went on to say that the US does a great job in terms of protecting the government, an average job when it comes to protecting corporations. However, it fails to protect individuals.
Furthermore, he believes most of the security researchers who were were targets of these attacks have major access to software vulnerabilities. In addition to that, these researchers probably had access to the code of tools and other enterprise networks that could lead to “the next SolarWinds.” In a statement to Wired, a CISA spokesperson explained that the agency leaves no stone unturned in a bid to support the cybersecurity community in terms of tracking and protecting against harmful cyber threat actors.
How Does CISA Handle Cyberattacks?
Moreover, the CISA urges researchers who are victims of such cyberattacks to get in touch with the US government. They will be able to offer assistance, accordingly. Nevertheless, P4x claims his hacking primarily targets the Kim regime. According to the American hacker, the North Korean government is abusing human rights by completely controlling its population. He admits that his actions are probably violating US computer fraud and hacking laws. However, P4x insists he isn’t doing anything that is ethically wrong. “My conscience is clear,” he says.
Lastly, P4x shed more light on the final goals of his cyberattacks on the North Korean internet infrastructure. “Regime change. No, I’m just kidding,” he noted. He goes on to add that he wants to prove a point. About ending his cyberattacks, the hacker says he wants to prove his point before he decides to end them.