Two years ago, North Korea was hacked and the internet was shut down for a week. This attack was carried out by a man from their own home

It is a mistake to think that there is no internet in North Korea. The world’s most mysterious country is a mystery in many ways, but it is known that there is an internet connection. It is not something that everyone has access to, far from it, but rather it is only available to certain people and members of the government, but it does exist.

Well, it stopped working due to an attack two years ago.

The attack was carried out by a single man wearing pyjamas from his home.

Internet of North Korea. Obviously, there is no official information on North Korea’s internet connection and if there is, it should at least be questioned. What we do know, thanks to Vox and People for Successful Korean Reunification (PDF), is that there is a sort of national intranet called Kwangmyong with basic tools like email and access to pre-determined and censored sites.

Kwangmyong is available on computers in government offices, universities and some internet cafes in big cities. The problem is that travel from one city to another is restricted in North Korea, so it is difficult for people living in rural areas to access it.

Then there is the highly monitored and restricted internet. It is available to members of the elite and government officials as well as tech experts, researchers, and government-trained hackers. Only in this way is it possible to carry out attacks and do things like steal a staggering figure of $1 billion in cryptocurrencies in 2023.

Finally, there is the unrestricted Internet that makes it easy to imagine who can use it: the core of the government’s infrastructure. The thing is, the number of people connecting to the Internet is minimal and the infrastructure that allows it is not at all secure or robust. Well, two years ago, that infrastructure collapsed. It did so after the government tested ballistic missiles. And the author of the attack was neither a government, nor an agency, nor a coordinated group of hackers wearing Guy Fawkes masks.

Alejandro Cáceres. Formerly known as P4x (@_hyp3ri0n In x), Cáceres is 38 years old, a cybersecurity researcher and lives in Florida. The reason for the hacking, he explained in interviews with Wired and El País, was personal: he had been the victim of a hacking attempt by the North Korean government a year earlier. The objective was to obtain his intrusion devices, so given the inaction of the FBI, to whom he had reported the attempted attack, he decided to take action from his home in flip-flops and pajamas.

How was the attack. According to Caceres in a Q&A session on Reddit, he found that North Korea has a terrible internet infrastructure. “Your internet is made of sticks and glue,” he says. “I found out that they only have two internet exit and entry routers” which, moreover, were not very large. What we said before: there is internet, but very few people use it.

“What I ended up doing was focusing a lot of bandwidth on those routers,” he explains. To do this, he rented a couple of servers near the country and requested them until both routers were blocked. “This caused all routing in and out of the country to go down,” says Caceres, who also explains that “it wasn’t just a DoS in their infrastructure, it actually took down all routing. The errors people got were “there is no route to the host”, which was impressive to see!” For those looking for a more technical explanation, here are the details.

The connection was restored because he wanted it to be so. North Korea remained without internet for a week because Alexander made such a decision. “I let their internet come back because I wanted to (…) I wanted it to be a warning, not a major action. I could have left them without internet indefinitely,” says the researcher on Reddit. For Cáceres, it is a warning, a warning.

Nobody noticed this. According to the researcher, the attack delighted US officials. Over the next year he met with various government security forces, including the NSA, and explained that these types of attacks could be carried out with teams of two to four well-trained hackers, but as he says, “to do anything you need authorization. Which takes you six months to get and when you get it, what you wanted to do is no longer useful.” In other words, excessive bureaucracy slows down the counterattack. Eventually, he left the government and founded his own cybersecurity company, Hyperion Grey.

Reveal your identity. According to Caceres, “Both the NSA and the Department of Defense have a lot of talented hackers, but when it comes to conducting disruptive cyber operations, for some reason as a country we are fearful and scared (…) and that’s what has to change.” Showing his face and revealing his identity is his way of saying that the United States must be more aggressive in this regard.

Image | (Stefan) licensed under CC BY-SA 2.0, Hyperion Grey

In Xataka | There is one word that decides the fate of every North Korean before he or she is born: Songbun