It marked the first time in the current round of attacks that anyone had managed to break in and deface a North Korean website. Over the last couple of weeks, several sites have been taken offline by denial of service attacks, but such attacks simply impede the website’s ability to serve pages and don’t affect the content.
This time around the attack saw the site removed and its Twitter and Flickr channels accessed. The Flickr channel is back under a new account, it appears Uriminzokkiri still doesn’t have access to its Twitter channel, and the site itself is back online, albeit with some previous content missing.
The site’s YouTube channel wasn’t apparently affected.
Four of Uriminzokkiri’s companion sites were also hit. One, AINDF.com, still displays a poster of Kim Jong Un depicted as a pig, while Ryugyongclip.com, Ryomyong.com and Ournation-school.com are offline.
From an analysis viewpoint, perhaps most interesting was the roughly 15,000 user account details that were also published. They are providing a fascinating profile of the type of people who registered with the site.
The details were released in two batches with the second of around 6,000 names coming on Saturday.
So, what’s next?
Some North Korean sites still appear to be under sporadic denial of service attack.
People posting Twitter messages under the name of Anonymous have been claiming further attacks will take place on April 19, under the name “OpFreeKorea,” and June 25, under the name “OpKoreanWar,” although the former date is being mentioned much less than the latter.
A lot will probably depend on the situation on the Korean peninsula. If tensions continue to rise, expect the attacks to continue. If things fall back to normal, North Korea won’t have such a high profile in news headlines and some attackers are likely to move on to other targets.