North Korea offline: a hacker attacks a nation

Observers of the North Korean Internet have noticed some strange activity in the past few weeks. Important web infrastructure has been dropping offline, then coming back online, then disappearing from the network again. Entire digital connections between North Korea and the outside world were also reportedly severed. Were rocket tests somehow responsible?

No, it was a man who goes by the name P4x. In an interview with the magazine Wired, he reveals why he’d launched a cyber attack on the country.

P4x is fighting a battle on two fronts. On one hand, he’s taking on the Kim Jong-Un regime; on the other, he’s demanding more action, or at least more communication, from the US government.

One year before the hack

P4x didn’t choose North Korea at random. In January 2021, a fellow hacker passes him a tool that he’s been meaning to try out. Shortly afterwards, he reads in a security advisory that state-sanctioned North Korean hackers are trying to penetrate the systems of security experts and steal their tools.

Luckily, P4x had opened the tool in a virtual machine out of caution, meaning the North Korean Remote Access Tool (RAT) had no access to his system. P4x reports the incident to the FBI, only to be fobbed off with «We take security very seriously» or something along those lines. This sentence, while supposed to seem reassuring, has degenerated into a platitude in light of countless hacks.

P4x waited a whole year for a statement from the government. Or a counterattack. Anything. But nothing happened. P4x never heard back from the FBI or the Cybersecurity and Infrastructure Security Agency (CISA), who also got involved.

In the meantime, North Korea attacked security experts and plundered their tools. Tools which could be misused by someone who’s up to no good. Former NSA hacker and author Dave Aitel describes the potential scale of the tool theft as a «second SolarWinds». In 2020, a vulnerability in the SolarWinds software gave hackers unauthorised access to thousands of government systems and corporate networks. The damage was enormous.

In January 2022, a year after the attack, P4x has had enough. He’s not seeking revenge, but he wants to take a stand. He wants to show North Korea that it can’t just attack hackers with impunity. And he wants to show the FBI and the CISA that they haven’t faced up to their responsibilities. Their mission, he says, was to protect the American people. In his eyes, letting North Korean hackers go unpunished would be unacceptable.

The hack that isn’t a hack

P4x doesn’t want to reveal to Wired which vulnerabilities he exploited. «Otherwise, North Korea could plug those gaps,» says the man who doesn't feel guilty about launching his international cyber attack.

He says that he has principles, and that he doesn’t want any harm to come to the North Korean people. For him, it’s about putting a stop to Kim Jong-Un’s dictatorial regime.

It’s easy to paralyse the country, he continues. This is partly down to the unique infrastructure of the network named 광명, or Kwangmyong, and partly due to the fact that many North Korean systems are outdated.

The American hacker found the weak spots quickly. There’s a version of Nginx in use that has a vulnerability in HTTP headers. Exploiting this was easy. As a result, he alone was able to launch an effective denial-of-service attack on an entire country. He used the headers to overload Nginx. Then the server software crashed, interrupting the connection to other computers.

For P4x, the hack wasn’t just an attack – it was research. He wanted to know exactly how the North Korean Internet works on a technological level. His information was to be as detailed as possible – he wanted to discover every weak spot. He suspects that vulnerabilities have emerged within the North Korean operating system Red Star OS and has started to investigate them. Red Star OS is based on Linux – probably Fedora – and is ancient according to all internationally available information. The latest version of the archive service ArchiveOS dates the version of Red Star OS hosted there back to 2019.

The attacks perpetrated from P4x’s living room were automated to a large extent. «This is like a small to medium-sized pen test,» he tells Wired, using the acronym for penetration test. In doing so, he indicates that he is, or was, a security researcher in real life.

«It’s surprisingly easy to achieve any kind of effect in North Korea,» he says. With that, he admits that the denial-of-service attack is far from over.

P4x founds the FUNK project on the dark web

P4x's attacks drew some criticism. «The hackers who attacked P4x last year are highly likely to be based in China,» said Martyn Williams, a researcher at the 38 North Project, an analysis centre for all things North Korean. P4x admits that his activities have done nothing more than get on North Korea’s nerves. No damage, no sustainable impact. «What I’ve done so far is the equivalent of tearing down a propaganda poster or spraying graffiti,» P4x tells Wired.

So far.

But P4x has acquired a taste for blood. In the next phase (he’s currently in the analysis phase), he wants to penetrate North Korean systems and steal data. These will then be made available to experts, hopefully providing them with important information about the isolated country. In the hope of securing support from the hacker community, he founded the project FUNK. On the dark-web site, he calls on hackers of every nation to help.

The FUNK Project, whose name stands for «Fuck You North Korea», isn’t just meant to expose vulnerabilities in the North Korean internet and steal data. Its goal is to «keep North Korea honest». P4x writes on the FUNK project’s website that just one person can make a difference. The goal is to carry out proportional attacks on North Korea and gather information to prevent North Korea from hacking the western world unhindered.

Moreover, he hopes that the FUNK Project's hacktivism will serve as a warning – not just to the North Koreans, but to the US government, too. The project’s cyber attacks aren’t just responses to hacks by North Korea. They’re also supposed to demonstrate the US government’s continual failure to protect its own population – and in this case, security experts.

«If no one helps me, I’ll help myself,» writes P4x.