North Korea Hacked Him. So He Took Down Its Internet

P4x says he has largely automated his attacks on the North Korean systems, periodically running scripts that enumerate which systems remain online and then launching exploits to take them down. “For me, this is like the size of a small-to-medium pentest,” P4x says, using the abbreviation for a “penetration test,” the sort of whitehat hacking he’s carried out in the past to reveal vulnerabilities in a client’s network. “It’s pretty interesting how easy it was to actually have some effect in there.”

“If they don’t see we have teeth, it’s just going to keep coming.”

P4x, Hacker

Those relatively simple hacking methods have had immediate effects. Records from the uptime-measuring service Pingdom show that at several points during P4x’s hacking, almost every North Korean website was down. (Some of those that stayed up, like the news site Uriminzokkiri.com, are based outside the country.) Junade Ali, a cybersecurity researcher who monitors the North Korean internet, says he began to observe what appeared to be mysterious, mass-scale attacks on the country’s internet starting two weeks ago and has since closely tracked the attacks without having any idea who was carrying them out.

Ali says he saw key routers for the country go down at times, taking with them not only access to the country’s websites but also to its email and any other internet-based services. “As their routers fail, it would literally then be impossible for data to be routed into North Korea,” Ali says, describing the result as “effectively a total internet outage affecting the country.” (P4x notes that while his attacks at times disrupted all websites hosted in the country and access from abroad to any other internet services hosted there, they didn’t cut off North Koreans’ outbound access to the rest of the internet.)

As rare as it may be for a single pseudonymous hacker to cause an internet blackout on that scale, it’s far from clear what real effects the attacks have had on the North Korean government. Only a tiny fraction of North Koreans have access to internet-connected systems to begin with, says Martyn Williams, a researcher for the Stimson Center think tank’s North Korea-focused 38 North Project. The vast majority of residents are confined to the country’s disconnected intranet. Williams says the dozens of sites P4x has repeatedly taken down are largely used for propaganda and other functions aimed at an international audience.

While knocking out those sites no doubt presents a nuisance to some regime officials, Williams points out that the hackers who targeted P4x last year—like almost all the country’s hackers—are almost certainly based in other countries, such as China. “I would say, if he’s going after those people, he’s probably directing his attentions to the wrong place,” says Williams. “But if he just wants to annoy North Korea, then he is probably being annoying.”

For his part, P4x says he would count annoying the regime as a success, and that the vast majority of the country’s population that lacks internet access was never his target. “I definitely wanted to affect the people as little as possible and the government as much as possible,” P4x says.

He acknowledges that his attacks amount to no more than “tearing down government banners or defacing buildings,” as he puts it. But he also says that his hacking has so far focused on testing and probing to find vulnerabilities. He now intends to try actually hacking into North Korean systems, he says, to steal information and share it with experts. At the same time, he’s hoping to recruit more hacktivists to his cause with a dark website he launched Monday called the FUNK Project—i.e. “FU North Korea”—in the hopes of generating more collective firepower.