Looking at North Korea’s IP Space with Shodan

Shodan North Korea 1

With all the news about North Korea’s online capabilities being shutdown I figured I would take a quick look at their IP space with Shodan, the “hacker’s Google”.

First I pulled up North Korea’s main IP space of – and found about 755  returns, 234 being SIP or Voice over IP – basically some sort of voice/video device.

Shodan North Korea 5

But what if we filter the search to just look for regular servers?

Shodan North Korea 3

8 results! You read that right, just eight! Most of them run some sort of CentOS Linux version with Apache. Looking at the rest of their IP space I found the following:

  • net: server turned up 2 more.
  • net: server turned up 8.
  • And finally net: server returned with 2.

So according to these searches with Shodan, N. Korea has around 20 servers active. Not a massive internet presence by any stretch of the imagination.

North Korea – Massive Internet Outage – Really?

The latest news in the Sony/ North Korea hacking saga is a reported wide internet outage in North Korea. As President Obama said that the US would respond to the Sony hack, many are already assuming that the US is responsible for the internet outage.

When I heard about this “wide spread” outage in North Korea, I laughed, I really did – As N. Korea is one of the least connected countries in the world!

As of latest estimates, North Korea has a grand total of 1,024 internet capable addresses. In 2012 they ranked 212th in the connected world with a grand total of 8 (8!!) internet hosts. Compare that with the 505 Million hosts in the US and you can quickly see why the US is at greater risk of hacker type attacks than the North Koreans.

It would seem that electricity is also in limited supply as this night picture of N. Korea shows:

Night view of North Korea

According to one silly report, North Korea’s internet was down, because “glorious leader” Kim Jong-un needed the land line to make a call to Russian leader Vladmir Putin as “The entire country’s Internet is currently sourced to a 54k modem in the presidential palace.

Any direct online or Denial of Service “Internet Outage” type attacks against N. Korea will have limited, if any success as a deterrent. North Korea cyber war forces work very closely with the Chinese and if the N. Korean’s did hack Sony (which is still very doubtful) chances are that China would also be involved either directly or indirectly.

US Army Activates “Cyber Protection Brigade”

Army Cyber Brigade

On Friday the US Army activated what it is calling a “Cyber Protection Brigade”.

According to a post on Army.mil’s website:

“The Army is activating a Cyber Protection Brigade today, and discussing a new cyber branch that could be established as early as next month.

Command Sgt. Maj. Rodney D. Harris, Army Cyber Command, said the branch announcement could come as early as the second week of October, during the Association of the U.S. Army’s annual meeting.

The Cyber Protection Brigade is being activated by the U.S. Army Network Enterprise Technology Command at Fort Gordon, Georgia. It’s the first brigade of its kind in the Army and the nucleus of the new unit will be its cyber protection teams, according to the command.”

The cyber soldiers who are highly trained by the military will help defend the Army’s systems, but will also include offensive strike teams.

“The cyber teams will be roughly platoon-sized, but vary depending on their mission. The combat-mission or offense teams are larger, Harris said. The network defense or cyber-protection teams are mid-size.”

The Army may create a new cyber branch next month. It can take up to three years to train a NCO cyber leader, making it one of the longest training cycles. And with computer attacks increasing every day, the Army is focusing on obtaining and retaining troops who have cyber skills.