clock menu more-arrow no yes mobile

Filed under:

You should have a very hard time believing that Anonymous hacked North Korea

Kim Jong Un talks with North Korean officials
Kim Jong Un talks with North Korean officials

Members of Anonymous, the informal hacking collective known for striking targets from MasterCard to the Vatican, are claiming or suggesting that they are responsible for taking down North Korea's internet. They're calling the attack #OpRIPNK, in keeping with Anonymous' naming convention for large-scale attacks.

Bullshit. There is no way that Anonymous pulled off this scale of an attack on North Korea.

First of all, US officials are strongly hinting that they had something to do with the cyberattack, which came just days after President Obama promised a "proportional response" to the Sony hack. "I guess accidents can happen," one official told the New York Times. The State Department's official position is that it can't comment because it doesn't want publicly discuss "operational details," which is a very pointed way of not denying responsibility. (It's also possible, though, that US responsibility could simply mean the White House convinced China, which controls North Korea's internet, to cut it off.)

Second, and more importantly, Anonymous has tried twice previously to hack North Korea. Both times were spectacular failures. That should make you very skeptical about the group's claim to have suddenly and quietly accomplished what it could not even begin to do before.

The first time Anonymous claimed to hack North Korea it actually hacked a site in China

Anonymous' first attempt on North Korea was in April 2013, and the group declared it a stunning success. They claimed to have infiltrated the Kwangmyong, which is North Korea's national intranet, a closed-off, censor-approved, much smaller copy of the real internet. A staggering feat: not even this week's attack on North Korea is known to have hit the Kwangmyong.

As proof, the group said it acquired a list of 15,000 North Korean usernames and passwords it said were associated with a government propaganda operations. Anonymous also launched distributed denial-of-service (DDoS) attacks on several North Korean websites hosted on the real internet, such as the site of national airline Air Koryo.

"So you're into demonstrations of power? Here is ours," Anonymous declared in a statement, announcing that the group was poised to destroy the Kwangmyong outright, and then, perhaps, the entire North Korean system. "First we gonna wipe your data, then we gonna wipe your badass dictatorship ‘government.'"

It turned out, though, that the group had not hacked into the North Korean intranet, but rather into a North Korean propaganda website based in China. Anonymous published six email addresses from the list of 15,000 it said it had acquired: four of those were Chinese names, the fifth went to a South Korean company, apparently acquired in error, and the sixth was a Hotmail address.

Hacking into North Korea's intranet from the comfort of a computer based outside of the country, a number of bemused analysts pointed out at the time, is impossible. The Kwangmyong is physically separated from the internet by deliberate design. It is not thought to even exist on local wifi networks; only on closed physical networks that can only be accessed in person. Anonymous may as well have claimed to have hacked into Kim Jong Un's toaster oven. But the group was not deterred, and soon announced #OpFreeKorea as a follow-up attack.

Anonymous' second North Korea hack was a catastrophe

In June of 2013, Anonymous tried again. Their goals were even more ambitious: to obtain North Korean documents on the country's weapons and government officials; to connect North Korea's highly regulated intranet to the wider internet, thus allowing North Korean citizens to finally connect to the outside world; and even to access nuclear weapons sites.

Here is what happened instead: the attacks defaced some obscure Chinese websites and higher-profile South Korean sites. In the confusion, some of the US-based Anonymous hackers participating in the "op" ended up targeting their own South Korean counterparts.

Still, somehow, the hackers emerged claiming to possess the names of 2 million members of North Korea's sole political party, as well as the names of 40,000 US troops based in South Korea. That latter list would have been quite a feat, given that there are fewer than 30,000 US troops there. As for the list of political party members, the party is thought to have 3 million members — about 13 percent of the population — so the membership rolls might as well be a list of North Korean adults. In any case, Anonymous never released the lists or proof it had acquired them.

So it is very difficult to believe that Anonymous conducted this week's massive and successful attack to shut down North Korean networks. More likely, the group's history of boasting suggests that members are just trying to claim credit where it's not deserved — something that even a few experienced Anonymous-watchers have suggested.

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.