Alejandro Cáceres, the hacker who left North Korea without internet from his home: “My attack was a response to his attempt to spy on me” | Technical

The start of 2022 must have been quite busy in the high offices of Pyongyang. The North Korean military conducted several ballistic missile tests during the month of January, a period synonymous with joy and celebration for the regime. But the party did not last long. Right after the last rehearsal, the internet was shut down across the country. The wave of cyber attacks brought all systems to a standstill for more than seven days. First, the main national websites failed, from the official news portal to the reservation page of the national airline. Then, the Asian state lost contact with the rest of the world. Emails could not be sent or received; neither resort to cloud services. The blockade was complete.

The coincidence in timing of the military maneuvers and the cyberattack led many to read the event as a response by some Western government to those war games. Nothing could be further from reality. Everything was organized by a single man from his home in Miami, known as P4x (read Pax). He did it at night, in shorts and flip-flops and going to the refrigerator frequently for beer and snacks. He wrote what he considers simple programs on his laptop, rented several remote servers and sat down to see how his plans were executed. His motivation was not geopolitical, he did not care about missiles. It was personal: he wanted to hit back at the North Koreans, who had tried to break into his computer a year earlier. “Something had to be done. I believe that if someone attacks you, you have to respond,” the American P4x tells EL PAÍS in perfect Spanish.

He Hacker He documented his cyber attack, recording video and taking screenshots of the entire process to prove he did it alone. He revealed details of his North Korean infiltration Wiredwhich confirmed its authorship and published the story in February 2022, shortly after the events. Now, two years later, P4x has made an unusual decision in the world: to come forward. The man who shut down the internet in an entire country is named Alejandro Cáceres, he is 39 years old and owns his own cybersecurity company, Hyperion Gray. Born in the United States to Colombian parents, he has tattoos on his shirt sleeve: on his right arm is written the nickname he used before. Case North Korean, _hyp3ri0n; left, a Hash Cryptographic (an alphanumeric sequence) that surrounds a word. Your commitment to the community Hacker It goes beyond your arms. When asked if he participated in Ukraine’s cyber defense, which is supported by thousands of cybersecurity experts around the world, he replied: “I don’t remember.”

Cáceres has challenged a totalitarian regime and then revealed his identity. He does not fear for his life, although he takes precautions. “Actually… look,” he says during a video call with EL PAIS from his home-office in Florida. He opens a drawer, pulls out an automatic pistol and points it at the camera. “I don’t like weapons, but in talking to military and intelligence service officials, they told me that things can happen. So now on my desk I have a keyboard, mouse, microphone and Glock,” he says, laughing. His light eyes glint on his somewhat pale and bearded face. Brown curls peek out from under his threadbare baseball cap. It’s 11 a.m. and he has the look of someone who has spent the night at the computer. He sips an energy drink during the interview, conducted a month and a half after coming out of the cyberspace closet.

“Nobody has attacked me during this time. Before I did what I did, I looked at the numbers. In the last 45 years, the North Korean regime has only murdered two people: one was Kim Jong-un’s brother and the other, an American who was in the country,” he says, referring to Otto Warmbier, a young man imprisoned in North Korea and arrived in the United States in a vegetative state, where he died a few days later. He decided the risk was acceptable. “Dennis Rodman hasn’t come to kill me yet,” he says with a laugh, in reference to the Chicago Bulls legend who has demonstrated his friendship with Kim Jong-un.

Dennis Rodman hasn’t come to kill me yet. But now I have a keyboard, mouse, microphone and Glock on my desk

He remembered that “a strange thing” happened to him. Through a dating app, he met a girl who claimed to be a Canadian-Japanese neuroscientist. “When we met I saw that she was clearly Korean. I also verified that the person writing the message was someone else, who could barely be understood. I started looking for information about her and found nothing. She told me that she had changed her name because she had ties to a North Korean dictator named Kim. “That’s where I said goodbye.” This happened in March this year, shortly before P4x revealed its identity.

Other than that, not much has changed in his life: he rarely goes out and avoids problematic, poorly lit areas. Since he came forward, he has been receiving about 200 messages a day. “Many people want to connect and work with me, others see me as a person who Hacker Well, they ask me for help. Although, he confesses, “I’m a little tired.” is an active user of XWhere he doesn’t bite his tongue and displays his sarcastic sense of humor.

Romance and disagreements with the Pentagon

Who he has collaborated with, and more, is with the US authorities. Through his cybersecurity company, Caceres has worked with the Pentagon, DARPA (the Defense Department’s Advanced Research Projects Agency) and the FBI, among others, for a decade and a half. Since he shut down the internet in North Korea, he has been contacted by the Department of Homeland Security, or NSA. Everyone wanted to know how he did it. “Officially they can’t say anything about what they told me about my cyberattack, but they were happy. “I know what I did is illegal, but I can’t imagine North Korea taking me to court.”

Cáceres has tried, but his relationship with security agencies has not worked out well. “My attack on North Korea was a response to their attempt to spy on me, but also a message to the United States,” he says. He still remembers the moment he realized the North Koreans were inside his computer. On January 24, 2021, he received an alleged exploit (a script that exploits a vulnerability) that was sent to him by someone else Hacker. The next day, the Google Threat Analysis Group warned of a North Korean espionage campaign targeting cybersecurity experts. He opened the file in a secure environment and, sure enough, it was malware targeting him. He reported it to the FBI, but after three telephone interviews, that was it.

“It seemed quite clear to me that they didn’t know what to do, they had no plan, they had nothing. A group of terrorists protected by a failed state attacked American citizens and they’re not going to do anything? That doesn’t seem right to me.” Caceres’s outrage lasted for almost a year, and one night he decided to start studying the architecture of North Korea’s systems. “I found amazing things,” he says. “There were two large routers that centralized the whole country’s connection” (although it has 26 million inhabitants, very few have access to the Internet). “I googled their characteristics and saw that they were not huge, but rather medium-sized.”

From that moment on, the plan began to take shape in his mind. He rented all kinds of servers around the country in the cloud and designed a denial of service (DoS) attack, which consists of saturating the target system with so many tasks or data requests that it becomes blocked. In this case, Caceres, or rather P4x, bombarded North Korean routers from the servers he rented, sending many packets of information and slowing down data transmission extremely. To do this, it took advantage of some vulnerabilities in the country’s digital infrastructure, which was very old and, therefore, had security flaws.

We have great people working on our cybersecurity in the US, but they’re tied up

His feat did not go unnoticed. The following year he held meetings with officials from the United States Cyber ​​Command, the branch of the armed forces dedicated to this field. He also met with officials from the Marines, the Space Operations Command and Intelligence (NSA). Cáceres shared the keys to his coup with the uniformed men and told them that, in his opinion, similar operations could be successfully carried out with small commandos of two to four. Hacker.This will give them agility, autonomy and the ability to react.

He tried, but he did not succeed. “To do anything you need authorization, which takes six months to get. And when you get it, what you wanted to do does not work. This is the reality in the US: we have very good people working on cyber defense, but they are handcuffed. “They do nothing, even though I know we have the resources to do a lot.”

Cáceres gets fed up and decides to stop working with the government. He does it on his own again from his own company, Hyperion Grey, which now has Jorge Pereira, a veteran police officer specializing in cybercrime, joining as a partner.

Cáceres’ disillusionment with the system has been one of the reasons he had to reveal his identity. He believes that the US should take a more aggressive stance in the cyber sphere. If there are groups like the North Korean Lazarus, capable of stealing hundreds of millions of dollars in cryptocurrencies in a single year, why not attack them? “Sometimes I’m told that it can’t be done, that diplomatic relations have to be maintained. And I say: it’s North Korea, I don’t care. Others say that if the door to retaliation in cyberspace was opened, it won’t close now. But, let’s not play idiots, that door was already opened a long time ago.”

You can follow EL PAÍS TECHNOLOGY In Facebook And X Or sign up here to receive ours Weekly newspapers,