Looking at North Korea’s IP Space with Shodan

Shodan North Korea 1

With all the news about North Korea’s online capabilities being shutdown I figured I would take a quick look at their IP space with Shodan, the “hacker’s Google”.

First I pulled up North Korea’s main IP space of 175.45.176.0 – 175.45.176.255 and found about 755  returns, 234 being SIP or Voice over IP – basically some sort of voice/video device.

Shodan North Korea 5

But what if we filter the search to just look for regular servers?

Shodan North Korea 3

8 results! You read that right, just eight! Most of them run some sort of CentOS Linux version with Apache. Looking at the rest of their IP space I found the following:

  • net:175.45.177.0/24 server turned up 2 more.
  • net:175.45.178.0/24 server turned up 8.
  • And finally net:175.45.179.0/24 server returned with 2.

So according to these searches with Shodan, N. Korea has around 20 servers active. Not a massive internet presence by any stretch of the imagination.

North Korea – Massive Internet Outage – Really?

The latest news in the Sony/ North Korea hacking saga is a reported wide internet outage in North Korea. As President Obama said that the US would respond to the Sony hack, many are already assuming that the US is responsible for the internet outage.

When I heard about this “wide spread” outage in North Korea, I laughed, I really did – As N. Korea is one of the least connected countries in the world!

As of latest estimates, North Korea has a grand total of 1,024 internet capable addresses. In 2012 they ranked 212th in the connected world with a grand total of 8 (8!!) internet hosts. Compare that with the 505 Million hosts in the US and you can quickly see why the US is at greater risk of hacker type attacks than the North Koreans.

It would seem that electricity is also in limited supply as this night picture of N. Korea shows:

Night view of North Korea

According to one silly report, North Korea’s internet was down, because “glorious leader” Kim Jong-un needed the land line to make a call to Russian leader Vladmir Putin as “The entire country’s Internet is currently sourced to a 54k modem in the presidential palace.

Any direct online or Denial of Service “Internet Outage” type attacks against N. Korea will have limited, if any success as a deterrent. North Korea cyber war forces work very closely with the Chinese and if the N. Korean’s did hack Sony (which is still very doubtful) chances are that China would also be involved either directly or indirectly.

North Korea goes Offline – All N. Korean Websites Down

N Korea government website

All North Korean websites have gone offline and have been down for about 7 hours ago according to a tweet from patriot hacker “The Jester”:

N Korea Down Twitter

Sure enough a quick test of a couple websites show that they are all down. Even DPRK’s main government web portal “Naenara.com.kp” is still offline.

Here is a ping test of Naenara from multiple international locations using Just-Ping:

Just Ping

This sounds incredible, that an entire nation would go offline but most, if not all, N. Korean websites are government controlled. And from the last official total I have seen, the country has a grand total of thirty websites.

Yes, you have read that right, thirty!

They aren’t the most advanced nation in the world. As a matter of fact, here is a look at North Korea at night:

Yes, the black powerless void circled in red is N. Korea.

Now the question is, did they take the websites offline on purpose? And does it have anything to do with their recent threats against America?

Or, did one of America’s new 13 offensive cyber warfare teams have something to do with it?

Early reports are leaning towards the first option, but it is still to early to tell.

More news as we hear it.