Looking at North Korea’s IP Space with Shodan

Shodan North Korea 1

With all the news about North Korea’s online capabilities being shutdown I figured I would take a quick look at their IP space with Shodan, the “hacker’s Google”.

First I pulled up North Korea’s main IP space of 175.45.176.0 – 175.45.176.255 and found about 755  returns, 234 being SIP or Voice over IP – basically some sort of voice/video device.

Shodan North Korea 5

But what if we filter the search to just look for regular servers?

Shodan North Korea 3

8 results! You read that right, just eight! Most of them run some sort of CentOS Linux version with Apache. Looking at the rest of their IP space I found the following:

  • net:175.45.177.0/24 server turned up 2 more.
  • net:175.45.178.0/24 server turned up 8.
  • And finally net:175.45.179.0/24 server returned with 2.

So according to these searches with Shodan, N. Korea has around 20 servers active. Not a massive internet presence by any stretch of the imagination.

North Korea – Massive Internet Outage – Really?

The latest news in the Sony/ North Korea hacking saga is a reported wide internet outage in North Korea. As President Obama said that the US would respond to the Sony hack, many are already assuming that the US is responsible for the internet outage.

When I heard about this “wide spread” outage in North Korea, I laughed, I really did – As N. Korea is one of the least connected countries in the world!

As of latest estimates, North Korea has a grand total of 1,024 internet capable addresses. In 2012 they ranked 212th in the connected world with a grand total of 8 (8!!) internet hosts. Compare that with the 505 Million hosts in the US and you can quickly see why the US is at greater risk of hacker type attacks than the North Koreans.

It would seem that electricity is also in limited supply as this night picture of N. Korea shows:

Night view of North Korea

According to one silly report, North Korea’s internet was down, because “glorious leader” Kim Jong-un needed the land line to make a call to Russian leader Vladmir Putin as “The entire country’s Internet is currently sourced to a 54k modem in the presidential palace.

Any direct online or Denial of Service “Internet Outage” type attacks against N. Korea will have limited, if any success as a deterrent. North Korea cyber war forces work very closely with the Chinese and if the N. Korean’s did hack Sony (which is still very doubtful) chances are that China would also be involved either directly or indirectly.

Hacktivists jump into North Korea DDoS and Defacement War

N Korea Anonymous

As North Korea’s militaristic threats against the US increase, so do the website attacks. But it would seem that so far, N. Korea is on the receiving end as hacktivists jump into the fray.

There has been a flood of activity over the last few days, though mostly one sided.

On April 2nd, the US Forces Korea military website went down with a Gateway error:

US_Korea_Website

As this article is written, the site is still down:

US_Korea_Website 2

The official word so far is that it is an internal server issue and not related to a cyber attack.

But North Korean sites seem to be a different story. Apparently the hacktivist group “Anonymous” has been very busy indeed. As of today anyone visiting N. Korea’s Twitter page will see this:

Twitter Hacked

Tango Down, cute! And a look at their latest tweets:

N Korea Twitter

And their Flickr page:

N Korea Flickr

Hmm… Some of those images don’t seem to follow the party line, especially the caricature of “Dear Leader”. Though the Flickr page seems to have been corrected since this morning.

Pro-North Korea news site Uriminzokkiri.com and several others also seem to be currently offline:

N Korea Websites Down

It would appear that the Uriminzokkiri site hasn’t been hacked, but is down possibly due to a Distributed Denial of Service attack (DDoS), a flood of network traffic that ties it up and effectively takes it offline.

It seems that the majority of attacks are coming from the hacktivist group “Anonymous”.  One anonymous post contains a list of their demands towards North Korea:

We demand:
– N.K. government to stop making nukes and nuke-threats
– Kim Jong-un to resign
– it’s time to install a free direct democracy in North Korea
– uncensored internet access for all the citizens!

And to Kim Jong-un:

So you feel the need to create large nukes and threaten half the world with them?
So you’re into demonstrations of power?, here is ours:
– We are inside your local intranets (Kwangmyong and others)
– We are inside your mailservers
– We are inside your webservers

The post also contained what seemed to be account information from one of the hacked websites.

The popular patriot hacker “The Jester” also claimed that he took down several websites that Anonymous claimed credit for in this tweet:

North Korea Jester

So what does this all mean? Is this the beginnings of a cyber war?

LOL, no…

Though DDoS attacks are irritating and do disrupt website usage, they are not a deadly attack. Sorry main stream media, this is not a “Cyber War”. Nor is defacing a Twitter account or other social media site a devastating military attack.

Sure the website owner loses face and obviously has security issues, but it is more of a Psyops type message than a kinetic attack where property is damaged and lives are in danger.

And while several North Korean websites have been downed or defaced, it is not the focal point of the North’s power (The country only has like 35 websites total…).

Let’s not forget that they have the world’s fourth largest army, have created tunnels that run under the North/South border that possibly could hold thousands of troops and have nuclear tipped missiles aimed at the US and her allies.

What part of America could N. Korea hit with Missiles?

As North Korea continues to threaten the US, this weekend was no different. On Saturday they stated that they had entered a “state of war”. And Today South Korea warned of a strong response to any provocation as F-22 Raptors arrived at the main US air base in S. Korea, and combined US/ S. Korea military exercises continued.

The problem is, it is hard to tell if N. Korea will truly escalate or if it is just part of their standard threats that stream out from their leadership. The threats are so constant it is hard to take them seriously. According to CNN one US official stated, “There is pot-banging and chest-thumping, but they have literature attracting tourists that explicitly says pay no attention to all that (public) talk about nuclear war or another kind of war.”

At the end of last week there seemed to be little visual proof that N. Korea was moving forward with it’s threats. But what if things did escalate?

Though any type of “cyber war” against the North would be short lived – there is very little attack surface, their power is suspect at best and they only have about 35 websites. They do have the 4th largest army and more importantly, nuclear tipped missiles.

But what is the range of their missiles and could they hit the US? The video above from CNN shows the estimated range of N. Korea’s missile arsenal. According to the video some missiles could strike Alaska. Though their latest rocket the Unha 3, could strike a large section of the Western US, but it has not been tested as a missile as of yet.