Hacker claims to have cracked North Korea’s intranet

(From January)

timthumb (1)

In the week running up to the New Year, many were surprised to see what appeared to be an entirely authentic version of North Korea’s famous OS X knock off, Red Star, appear online.

Claiming responsibility for the 2.2g download was a hacker, or hackers, by the name of Slipstream, claiming they had been “pulling data out of DPRK’s ass since 2014.” Slipstream further used the download to ask for donations in crypto-currency dogecoin.

DPRK watchers got their first taste of Red Star back in March 2014 when images of the system appeared online brought back from the country by computer scientist Will Scott. But this was the first time that a fully operation and, it seems, entirely genuine, version was available for download by anyone who wanted to use it.

NK News got in touch with Slipstream and asked a few questions, having been provided with what appears to be a welcome message from a terminal as proof of their claims.

NK News: What’s the media attention been like so far? 

Slipstream: It’s been good enough I guess, it’s a shame that I wasn’t contacted more, especially with the link in the pastebin and readme. Most sites have been linking to openingupnorthkorea‘s mirror; I’ve wondered how that site has taken it.

NK News: What’s your background as a hacker and how did you get into this? 

Slipstream: It’s a long story, mainly. If by “this stuff” you mean “DPRK,” then it was just boredness and figuring that DPRK didn’t have that good websec, and I was right.

NK News: Did you have a background interested particularly in North Korea? Do you speak Korean? 

Slipstream: My friends on what is now the Ring of Lightning IRC network got me into DPRK stuff. I don’t speak Korean, but some others on RoL do (at least somewhat).

NK News: What were your motives for the hack? Was this a political thing or just for fun?

Slipstream: Eh, I wanted to see if I could proxy through into DPRK’s national intranet (I’m not calling it “Kwangmyong” because that might actually not be its name; all we know is that a search engine on it (probably the main one) is called that). Also, I got bored, etc.

NK News: How did you go about getting hold of the OS? What are your impressions of the OS compared to more, say, conventional ones? 

Slipstream: I actually got given it by…let’s say someone on Reddit…who I was contacted by a few months after I leaked server, completely out of the blue. I’ve barely used RS3.0 myself, I installed it really quickly before leaking to check that the ISO I got was authentic, in a VM inside a VM on one of my servers. Of course, if it wasn’t, I wouldn’t be emailing you right now.

NK News: You say you’ve been “pulling data out of DPRK’s ass since 2014″ – what other materials have you found? Is there more to come?

Slipstream: I’d rather not talk about the other stuff I found, at least right now. I do have other things though, including what I think is source code for sites on DPRK’s national intranet. It’s a shame I never did proxy through to it, as judging by what I have, if I did, I’d probably have shells or root on most of the country.

NK News: What’s your response to the film The Interview and the North Korean hackers allegedly hitting Sony? North Korea seems to think it has an army of competent IT guys – what do you think of this? Was this reflected in their security? 

Slipstream: I mentioned it in the Pastebin as the second part of a joke about the /r/pyongyang subreddit on Reddit – of course Sky News quoted just the second part of that and killed my joke. I’ve been meaning to download it when I get the time as those who have watched it say it is funny.

Regarding Sony: Like most of the security community, I don’t think it was DPRK who hacked Sony. Sure, the FBI seem to have conclusive proof that it was, but I’m not believing everything I hear without evidence.

“Army of competent IT guys?” From what I know, I doubt that. I don’t think anyone in DPRK have coded a completely secure website, most of their sites on the Internet are hosted on one server, and they basically completely rely on web application firewalls. Which aren’t a full solution.

Picture: R. Cunningham 

Featured Image: North Korea cyber attack on white house by Eric Lafforgue on 2009-07-11 03:02:09

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: