Choson Sinbo (조선신보, 朝鮮新報), the newspaper of the DPRK-affiliated Korean community in Japan, has apologized to its readers after its user database was leaked over the weekend by hackers.
The Tokyo-based newspaper ran an apology on its website in both Korean and Japanese in which it acknowledged the Saturday attack resulted in the disclosure of private information about registered users of the web site.
The database, seen by NorthKoreaTech.org, contained the usernames and email addresses of 3,667 registered users. The vast majority of the users appear to be based in Japan and the email addresses leaked include those of companies, universities, personal addresses and cell phones.
In reaction to the attack, the newspaper has opened up access to its site and does not currently require a user name or password to access any content. The membership didn’t require any payment, so bank account or credit card details were not held by the site.
The attack was one of three that hit North Korea-related sites over the weekend. One resulted in the publishing of details on just over 1,300 users of the Korea American National Coordinating Council (재미동포전국연합회) website and the other details of a handful of users of the China-based Ryomyong (려명) site.
The attacks were carried out by hackers who claimed affiliation with the loosely organized “Anonymous” hacker group. Members of the group have been waging a weeks-long battle against North Korean websites that was sparked by a threat to attack American military bases in the region.
The station is in Takasaki, about 100 kilometers northwest of Tokyo and about 1,000 kilometers from North Korea’s Punggye-ri nuclear test site, and is operated by the Comprehensive Nuclear Test Ban Treaty Organization (CTBTO), which made the announcement on Tuesday.
Detected were two radioactive isotopes of the noble gas xenon: xenon-131m and xenon-133 — something the CTBTO called “rather unusual.”
Noble gases are one of four things the CTBTO looks out for in its nuclear monitoring process. That’s because the gases can be released by either slowly seeping through rock and sediment from underground to the surface after a nuclear test or come from activity at a test site.
The CTBTO said the ratio of the detected xenon isotopes is consistent with a nuclear fission event occurring more than 50 days before the detection, so that matches the timeframe for the North Korean nuclear test. Further, atmospheric modeling indicates the isotopes could be carried from Punggye-ri to Takasaki.
But despite all these clues, the CTBTO isn’t quite ready yet to say the detection is definitely linked to the February test in the DPRK.
“We are in the process of eliminating other possible sources that could explain the observations; the radionuclides could have come from a nuclear reactor or other nuclear activity under certain specific conditions, but so far we do not have information on such a release,” Mika Nikkinen, a CTBTO expert said in a statement.
It was the CTBTO’s monitoring system that was one of the first indicators that the DPRK had conducted its nuclear test.
The organization maintains almost 100 seismic stations that look for the telltale seismic activity that occurs with a nuclear test and on February 12th those stations recorded the event at 2:57:51 UTC (11:57:51 local time). The test was measured at magnitude 4.9 and located at latitude 41.313 degrees north and longitude 129.101 degrees east.
Watch these clips for more details:
The “private, humanitarian” mission, as Schmidt termed it, surprised many and saw him turn up in Pyongyang with his daughter Sophie Schmidt, Jared Cohen, head of the Google Ideas think tank, former New Mexico governor Bill Richardson and Kun “Tony” Namkung, a U.S.-based businessman that acts as a go-between in some deals between the U.S. and North Korea.
Schmidt and Cohen, who haven’t said much about the trip since leaving Pyongyang, penned a dual-bylined article in the Wall Street Journal on Saturday about the trip. The article, “The Dark Side of the Digital Revolution,” covered the role of technology in the DPRK and other tightly-run countries and served as a preview of a new book by Schmidt and Cohen that will be published on April 23.
The Wall Street Journal article, which was accompanied by a video interview, didn’t reveal much not already know about the visit or what went on behind the scenes, but Schmidt does seem to have realized the students at Kim Il Sung University were surfing the Internet for his benefit.
When foreigners visit, the government stages Internet browsing sessions by having “students” look at pre-downloaded and preapproved content, spending hours (as they did when we were there) scrolling up and down their screens in totalitarian unison. — “The Dark Side of the Digital Revolution,” Wall Street Journal, April 19, 2013.
The Internet’s role, both present and future, in the DPRK is a difficult one. Schmidt understands that the values of the Internet he most identifies with — free expression, freedom of assembly, critical thinking, meritocracy — aren’t comfortable with the country’s leadership.
On a technical level, getting the country better connected wouldn’t be particularly difficult.
As Schmidt noted on his blog in January, it would be very easy for North Korea to connect both its cellular and intranet networks to the global Internet.
But things get mixed when it comes to reasons why North Korea’s government should do this.
Perhaps the best argument made by the Google chairman to-date for greater Internet use was on his blog back in January.
As the world becomes increasingly connected, the North Korean decision to be virtually isolated is very much going to affect their physical world and their economic growth. It will make it harder for them to catch up economically. — Eric Schmidt, Google +, January 19, 2013.
Speaking to reporters after leaving Pyongyang, Schmidt said he made it “very clear” to the people he met that failure to get connected would hurt the country.
So why not rush to make the connection?
Ironically, Schmidt also makes the best argument for not connecting to the Internet — at least from the point of view of the ruling elite.
None of this will transform the country overnight, but one thing is certain: Though it is possible to curb and monitor technology, once it is available, even the most repressive regimes are unable to put it back in the box. — “The Dark Side of the Digital Revolution,” Wall Street Journal, April 19, 2013.
And herein lies the North Korean problem. While greater Internet access will bring benefits to the country, Schmidt notes correctly that greater freedom to communicate and increased access to information never leads to good things for authoritarian regimes.
North Korea is currently trying to have it both ways.
Internet-based technologies like websites and video conferencing have been brought to a nationwide intranet and citizens can call and send text messages on cell phones, but neither connects to the rest of the world. Meanwhile, companies are being allowed controlled Internet access, either through the web or email, to do necessary business and gain some of the efficiencies of the modern world.
Where North Korea goes next will be crucial for the future wealth of the county and its people, but it seems almost inevitable that a step towards more Internet access will lead to a future for the leadership and military that is uncertain at best.
Update: Nick Sutton, editor of BBC Radio 4’s The World At One, wrote to tell me they interviewed Eric Schmidt on their programme on Monday. Schmidt talks about his visit and again makes his case for greater Internet access in the country.
Find his comments about North Korea at the 8:40 mark.
The details include names, email addresses, user names and in some cases addresses and phone numbers of people to the three sites: the Japan-based Choson Sinbo (조선신보, 朝鮮新報) newspaper, the China-based Ryomyong (려명) site and the U.S.-based Korea American National Coordinating Council (재미동포전국연합회).
The details were apparently stolen by hackers working under the banner of the Anonymous group, who have been attacking North Korean-related websites for the last few weeks.
The largest database dump was that of the Choson Sinbo, which contained 3,667 records. The Ryomyong database numbered just over 1,300 users and the KANCC database contained 181 records, but most of the latter were obviously junk.
All three sites carry Korean-language content and appear to have a large number of Korean members, denoted by Hangul names and addresses. In some cases, the addresses listed are inside the DPRK.
The attacks on the websites are part of an ongoing campaign by Anonymous to target North Korean-related sites. Under the name “OpNorthKorea,” the attacks have hit sites both inside the DPRK and those outside.
The attacks began when North Korean state media began issuing threats against U.S. interests in Asia and western media began reporting on those threats.
Two different methods have been used in the attacks: denial of service and hacks. The former involves flooding a website with so much traffic that it becomes overloaded and impossible to access but does not involve breaking into the site. The latter is more malicious and involves breaking through the security of a site and accessing data.
One of the highest profile incidents involved the hacking of China-based Uriminzokkiri site. Roughly 15,000 user details were leaked and the site was defaced with an image of Kim Jong Un with a pig’s snout and ears. The site came back after the hack but appears to be still under attack. It has been offline for most of the last week and is inaccessible at time of writing.
Korean Central Television, the DPRK’s main nationwide TV channel, appears to have received another technology upgrade.
New satellite images uploaded to Google Earth show four satellite dishes on the roof of a building at the TV and radio broadcasting center. They weren’t there a few months ago.
It’s interesting because previously the TV and radio broadcasting center didn’t appear to have any link with the rest of the world. At least, nothing direct it controlled. It’s quite possible that signals from overseas were downlinked somewhere else and supplied over cable to the building.
Here’s the building as shown in a Google image from February 22 and, on the right, the same building on October 13, 2012.
In March last year the main 8pm evening news got a facelift with the use of computerized backdrops behind the presenters. For years, the evening news had used a basic backdrop of either a wooden wall or a painting of Pyongyang, so the computerized backdrops were a big change.
It’s impossible to tell what the dishes are pointed at — the pictures aren’t high enough resolution, they’re not from directly above and satellites are too closely positioned — but as an educated guess they could easily be pulling in the main Chinese, Japanese and South Korean channels. One might also be used to monitor KCTV’s output on the Thaicom-5 satellite or receive footage from the APTN or Reuters TV wire services.
A fresh batch of user names and personal details of people subscribing to North Korean-related websites has been published by hackers. They are the result of weekend attacks on the websites minjok.com and paekdu-hanna.com, two U.S.-based websites.
Links to the information were posted on Twitter by accounts associated with the loosely coordinated hacker group “Anonymous.” The group previously claimed credit for the attacks.
Minjok.com is the site of Minjok Tongshin, which carries Korean and English-language news about North Korea. The English articles are mostly culled from other media. Paekdu-hanna is an associated site that appears to be run by the same group.
Of the two databases, the one for Paekdu Hanna is the largest at around 80 users. There are just 17 account details for Minjok.com.
Just about all of the accounts are from web-based mail service provides like Hotmail, Gmail, Hanmail, Daum and Naver. They include names, birthdates and, in some cases, additional information such as the Internet address used for the last login.
None of the accounts list an address in North Korea’s assigned IP space.
At around 100 users in total, the details are a fraction of those previously released by hackers for Uriminzokkiri.com, the China-based propaganda site with close ties to Pyongyang. When that was attacked, hackers managed to obtain details on roughly 15,000 users.
The DPRK is loudly protesting the preliminary results of a South Korean investigation that found it was behind widespread computer disruption that hit several TV stations and banks on March 20. [Updated, see below.]
The computer attacks wiped clean the hard disk drives of around 48,000 personal computers and servers inside broadcasters KBS, MBC and YTN, and the Shinhan, Nonghyup and Jeju Banks.
In an almost 2,000 word response carried on the state-run KCNA newswire, the main results of the investigation were picked through and discounted. The article, which came a day after Seoul disclosed its findings, was attributed to a spokesman for the General Staff of the Korean People’s Army.
The South Korean investigation concluded Pyongyang’s involvement based on some key points:
The first was the disclosure, apparently in error, of an Internet address being used by a hacker in the weeks before the attacks. The address fell within a batch used exclusively by North Korea and was only visible for a few minutes before being hidden, the report said.
On this — as in much of the reply — the KPA spokesman demonstrates a working knowledge of how computer hackers operate.
“It is a common method used by hackers to hide themselves to abuse other’s IP address or fake it up on open internet for hacking. The group claims that a few records of IP addresses by which accesses were made to south Korean computer networks prove that the case was the ‘north’s work.’ This cannot be construed otherwise than evidence of ignorance of how cyber warfare is waged,” KCNA reported.
The next piece of evidence came in the form of software code used to mount the attacks. Of 76 pieces of code recorded, roughly a third were identical to code used in previous hacking attempts against South Korea, the government report said.
“This assertion is utterly baseless,” KCNA quoted the spokesman as saying.
The rebuttal then goes on to assert that South Korea doesn’t really understand how hackers operate. If it did, it wouldn’t have come to its conclusions.
“All this goes to clearly prove that what the group claims is nothing but a sinister plot hatched by those hell-bent on the confrontation with fellow countrymen, bereft of even an elementary concept of the cyber warfare,” the spokesman told KCNA.
The response shouldn’t come as a surprise to anyone that watches the peninsula. It was inevitable whether the DPRK was behind the hacking or not.
What’s more interesting perhaps is that it marks the first time the state-run media has commented on the event in a major way. On March 20 and in the days after, the North Korean government didn’t mention the attacks. Perhaps that’s because this time, unlike after previous computer attacks, the South Korean government didn’t immediately assign blame to the DPRK. But plenty of others in Seoul were pointing their fingers towards Pyongyang.
For whatever reason, North Korea decided to speak up only after the government made its allegations.
Here’s what Voice of Korea, the DPRK’s international radio station, had to say about the report: