BY RICK MORAN
February 4, 2022
A lone U.S. hacker who goes by the handle “P4x” is claiming responsibility for shutting down the entire North Korean internet twice last month.
The anonymous hacker says that he was taking revenge for a North Korean cyberattack on Western security researchers carried out by North Korean spies last year. He says he was frustrated by the lack of response from the U.S. over the attack and decided to take matters into his own hands.
He said the hackers tried to snatch hacking tools and information on software vulnerabilities but he was able to stop them before they could get anything worthwhile. Nonetheless, there was a feeling of resentment, he told Wired.
“It felt like the right thing to do here,” P4x told Wired, adding: “If they don’t see we have teeth, it’s just going to keep coming.
“I want them to understand that if you come at us, it means some of your infrastructure is going down for a while.”
North Korea’s internet problems started last month with mysterious outages and unexplained connectivity problems. At one point, practically all of the country’s websites — there are only a few dozen of them — dropped offline, from its airline booking site to Naenara, a page that serves as the official portal for dictator Kim Jong-un’s government.
At the same time as the outages, North Korea was launching several illegal ICBMs into the Sea of Japan, so naturally, observers believed they were actions taken by U.S. Cyber Command.
But PX4 says “it felt like the right thing to do.”
“It felt like the right thing to do here. If they don’t see we have teeth, it’s just going to keep coming,” says the hacker. (P4x spoke to WIRED and shared screen recordings to verify his responsibility for the attacks but declined to use his real name for fear of prosecution or retaliation.) “I want them to understand that if you come at us, it means some of your infrastructure is going down for a while.”
P4x says he’s found numerous known but unpatched vulnerabilities in North Korean systems that have allowed him to singlehandedly launch “denial-of-service” attacks on the servers and routers the country’s few internet-connected networks depend on. For the most part, he declined to publicly reveal those vulnerabilities, which he argues would help the North Korean government defend against his attacks. But he named, as an example, a known bug in the web server software NginX that mishandles certain HTTP headers, allowing the servers that run the software to be overwhelmed and knocked offline. He also alluded to finding “ancient” versions of the web server software Apache, and says he’s started to examine North Korea’s own national homebrew operating system, known as Red Star OS, which he described as an old and likely vulnerable version of Linux.
It’s doubtful that P4x’s actions had any effect on the North Korean state or government. Only a tiny fraction of their people have access to the internet. And the hackers that disrupted P4x’s work on security systems, for which he was exacting revenge, are probably not even located in North Korea. They are probably based in China, where Beijing has its own cyber warfare group, PLA Unit 61398.
Nevertheless, striking a blow against America’s enemies is always welcome — no matter where it comes from.