Lessons from a US Hacker Who Fought Back against North Korea
Published in Sankei Shimbun
(Japan) on 25 February 2022
by Mihoko Matsubara (link to original)
(Japan) on 25 February 2022
by Mihoko Matsubara (link to original)
Translated from
by T Kagata.
Edited by Laurence Bouvard.
Cyberattack That Hit North Korea
On Jan. 26, a cyberattack struck North Korea, paralyzing the internet for about six hours. It appears to have been a Distributed Denial of Service attack that sent more data than the target's servers and websites could handle, which caused them to go down.
Problems connecting to the websites of the Ministry of Foreign Affairs of North Korea, Koryo Airlines, the official newspaper of the Workers' Party of Korea, the Korean Central News Agency and other websites, as well as the official government website Naenara, continued until the next morning.
The attack took place at a time when tensions were running high after North Korea had launched its fifth missile this year. Therefore, some thought that foreign governments may have tried to convey a message to North Korea through a cyberattack to stop the country's threat by force.
In reality, however, it was not the government, but an American hacker who carried out this attack. According to a Feb. 2 interview by Wired, a U.S. technology information site, this person, who calls himself "P4x," was retaliating against a cyberattack by a group of North Korean hackers.
In 2020 and 2021, a group of North Korean hackers targeted Western countries' cybersecurity experts who were investigating vulnerabilities in their systems. It is believed that they were trying to steal the tools that the researchers were using and the vulnerabilities they were investigating.
Why Did You Fight Back Alone?
This group of North Korean hackers created fake accounts on social media sites such as Twitter and LinkedIn and approached their target researchers posing as cybersecurity bloggers. They offered to collaborate on vulnerabilities and sent them messages with computer viruses when they were on board.
P4x was one of the victims of this attack, but fortunately the damage was prevented.
He was aware his actions were illegal, but the reason he dared to fight back was not only because he was angry at North Korea for attacking him, but also because he was angry at the U.S. government for neglecting the researchers who had suffered from the damage for a year. He thought that if he didn't fight back then, they were going to keep attacking the researchers, and he decided to take action.
However, P4x does not believe that he was able to strike a blow against North Korea, which is less dependent on the internet.
P4x told Wired that North Korea had left many vulnerabilities in its IT systems. North Korea will thoroughly review and strengthen its security in order to prevent future cyberattacks. If this happens, the U.S. government and its allies will be forced to drastically revise their future cyber operations against North Korea, and in the mid- to long-term, the damage to the U.S. government and others may be greater than the damage suffered by North Korea.
Protect Individuals from Cyberattacks
The motive behind this incident highlights the sophisticated cyberattacks carried out by highly skilled foreign government-affiliated hackers targeting individuals on social media and the inadequate victim support. Moreover, the number of cyberattacks on personal social media accounts is expected to increase this year, and urgent countermeasures are needed.
Cyberattackers target the weakest point in the defense and try to break in. The social media accounts, private emails and private devices of individuals such as government officials, executives and researchers of the latest technology are more vulnerable to intrusion than the systems protected by corporations and governments with high security systems.
Foreign government-affiliated hacker groups use human network information and hijacked accounts as footholds to create even more sophisticated spoofed emails to launch cyberattacks against governments and corporations and steal intellectual property-related information, such as security and the latest technologies. Not only the U.S., but also Japan has become a target of such attacks.
Even cybersecurity experts struggle with the attacks by North Korean government-affiliated hackers, so it would be more so if you are not an expert.
However, as P4x points out, the U.S. government has so far not focused much on warning and educating individuals in advance and counseling and helping victims.
Japan should also learn a lesson from this incident and reaffirm that cyberattacks targeting individuals are the first step of cyberespionage that can damage security and economic security.
Furthermore, it is necessary to thoroughly inform the public about the reasons why individuals are targeted by cyberattacks, the latest methods of attacks and countermeasures to prevent damage. In order to do this, it is essential that the government agencies and companies where the people work also cooperate to raise awareness and publicize their activities. There is also a need for consultation services for victims.
The National Police Agency, the Metropolitan Police Department and the Osaka Prefectural Police Department have recently begun actively holding briefing sessions for companies, universities and research institutes, as well as offering individual consultations. If such awareness-raising and support activities are expanded throughout the country, it will serve as a deterrent against cyber espionage by foreign governments. There is no time to waste for public and private sectors to work together to strengthen cybersecurity.
On Jan. 26, a cyberattack struck North Korea, paralyzing the internet for about six hours. It appears to have been a Distributed Denial of Service attack that sent more data than the target's servers and websites could handle, which caused them to go down.
Problems connecting to the websites of the Ministry of Foreign Affairs of North Korea, Koryo Airlines, the official newspaper of the Workers' Party of Korea, the Korean Central News Agency and other websites, as well as the official government website Naenara, continued until the next morning.
The attack took place at a time when tensions were running high after North Korea had launched its fifth missile this year. Therefore, some thought that foreign governments may have tried to convey a message to North Korea through a cyberattack to stop the country's threat by force.
In reality, however, it was not the government, but an American hacker who carried out this attack. According to a Feb. 2 interview by Wired, a U.S. technology information site, this person, who calls himself "P4x," was retaliating against a cyberattack by a group of North Korean hackers.
In 2020 and 2021, a group of North Korean hackers targeted Western countries' cybersecurity experts who were investigating vulnerabilities in their systems. It is believed that they were trying to steal the tools that the researchers were using and the vulnerabilities they were investigating.
Why Did You Fight Back Alone?
This group of North Korean hackers created fake accounts on social media sites such as Twitter and LinkedIn and approached their target researchers posing as cybersecurity bloggers. They offered to collaborate on vulnerabilities and sent them messages with computer viruses when they were on board.
P4x was one of the victims of this attack, but fortunately the damage was prevented.
He was aware his actions were illegal, but the reason he dared to fight back was not only because he was angry at North Korea for attacking him, but also because he was angry at the U.S. government for neglecting the researchers who had suffered from the damage for a year. He thought that if he didn't fight back then, they were going to keep attacking the researchers, and he decided to take action.
However, P4x does not believe that he was able to strike a blow against North Korea, which is less dependent on the internet.
P4x told Wired that North Korea had left many vulnerabilities in its IT systems. North Korea will thoroughly review and strengthen its security in order to prevent future cyberattacks. If this happens, the U.S. government and its allies will be forced to drastically revise their future cyber operations against North Korea, and in the mid- to long-term, the damage to the U.S. government and others may be greater than the damage suffered by North Korea.
Protect Individuals from Cyberattacks
The motive behind this incident highlights the sophisticated cyberattacks carried out by highly skilled foreign government-affiliated hackers targeting individuals on social media and the inadequate victim support. Moreover, the number of cyberattacks on personal social media accounts is expected to increase this year, and urgent countermeasures are needed.
Cyberattackers target the weakest point in the defense and try to break in. The social media accounts, private emails and private devices of individuals such as government officials, executives and researchers of the latest technology are more vulnerable to intrusion than the systems protected by corporations and governments with high security systems.
Foreign government-affiliated hacker groups use human network information and hijacked accounts as footholds to create even more sophisticated spoofed emails to launch cyberattacks against governments and corporations and steal intellectual property-related information, such as security and the latest technologies. Not only the U.S., but also Japan has become a target of such attacks.
Even cybersecurity experts struggle with the attacks by North Korean government-affiliated hackers, so it would be more so if you are not an expert.
However, as P4x points out, the U.S. government has so far not focused much on warning and educating individuals in advance and counseling and helping victims.
Japan should also learn a lesson from this incident and reaffirm that cyberattacks targeting individuals are the first step of cyberespionage that can damage security and economic security.
Furthermore, it is necessary to thoroughly inform the public about the reasons why individuals are targeted by cyberattacks, the latest methods of attacks and countermeasures to prevent damage. In order to do this, it is essential that the government agencies and companies where the people work also cooperate to raise awareness and publicize their activities. There is also a need for consultation services for victims.
The National Police Agency, the Metropolitan Police Department and the Osaka Prefectural Police Department have recently begun actively holding briefing sessions for companies, universities and research institutes, as well as offering individual consultations. If such awareness-raising and support activities are expanded throughout the country, it will serve as a deterrent against cyber espionage by foreign governments. There is no time to waste for public and private sectors to work together to strengthen cybersecurity.
Previous article![]( "West Must Share the Blame for Ukraine Crisis")
Next article![]( "Cowboys Attacking Democracy")