Why a US hacker brought down North Korea’s entire internet

Team Mighty
Updated onMar 14, 2023 6:36 AM PDT
3 minute read
(Photo by Mika Baumeister on Unsplash)

(Photo by Mika Baumeister on Unsplash)

SUMMARY

In late January 2022, North Korea watchers noticed the Hermit Kingdom begin to see some connectivity issues with its internet…

In late January 2022, North Korea watchers noticed the Hermit Kingdom begin to see some connectivity issues with its internet access. All of its websites began to shut down, its main servers went offline, and suddenly North Korea was as digitally disconnected to the rest of the world as it is physically disconnected. It wasn’t some foreign intelligence service trying to stop it from conducting missile tests or wiping out its nuclear program. It wasn’t the United States military trying to disrupt the operations of the North Korean People’s Army. It was one American hacker, trying to send a message to Kim Jong-Un’s legion of hackers.

If you come at the king, you’d best not miss. 

This particular hacker, called P4x, was himself the victim of a hacking campaign that originated in North Korea. The communist hackers were carrying out a reign of terror against leading hacking researchers in the West, an attempt to steal their own hacking tools and insider knowledge about system vulnerabilities. 

P4x prevented them from gaining anything of value, but was pretty miffed that a bunch of state-sponsored computer geeks were personally targeting him. He was even more upset that the U.S. government wasn’t going to do anything about it, either in terms of bolstering information security or going on the digital offensive. 

Photo by Kevin Ku on Unsplash.

So after a year of waiting and no action coming from the federal government, P4x decided he was going to do something about it himself. In an article from WIRED, P4x claimed responsibility and showed proof that it was his attack, but opted not to disclose his real identity for reasons that should be obvious. 

“I want them to understand that if you come at us, it means some of your infrastructure is going down for a while,” he told the digital news service. 

The hacker was able to infiltrate North Korean computer systems because he found critical vulnerabilities in the handful of servers and routers that run the DPRK’s internet connections. Those vulnerabilities allowed him to single-handedly launch denial-of-service attacks and knock those servers offline. North Korea also uses very old software to run much of its digital infrastructure, leaving it vulnerable to attacks that have long been patched up elsewhere in the world.

For him, it was almost too easy. “Ancient” software and North Korea’s own, state-made operating system made it easy for him to automate his attacks, detecting which servers have been restored as they’re restored, and bringing them down again. P4x says it was like running a small- to medium-penetration test, like the kind he might do for a client’s own servers. 

If you don’t know what that means, it’s a relatively simple effort on the part of P4x, and a devastating loss to the North Koreans. For two weeks, P4x single-handedly wreaked havoc on North Korea-based servers with very little effort for mass effect. Internet access, email, and web hosting were all shut down, and North Korea’s own infrastructure prevented any means of routing in access from outside the country.

It's the largest-scale cyber attack committed by any single hacker in the history of cyber warfare, and P4x is doing it while watching Alien movies and eating Fritos in his pajamas. If you’ve been playing Call of Duty with a Korean player who suddenly disappeared mid-January, you might have been playing with Kim Jong-Un. Read the entire article on P4x’s one-man war against North Korea on WIRED.

NEWSLETTER SIGNUP

Sign up for We Are The Mighty's newsletter and receive the mighty updates!

By signing up you agree to our We Are The Mighty's Terms of Use and We Are The Mighty's Privacy Policy.

SHARE