SlideShare ist ein Scribd-Unternehmen logo

Into the Black: Explorations in DPRK (Mike Kemp)

Hackfest Communication
Hackfest Communication

North Korea scares people. Allegedly DPRK has a super l33t squad of killer haxor ninjas that regularly engage in hit an run hacks against the Defense department, South Korea, or anyone else who pisses of the Dear Leader. DPRK also has no real Internet infrastructure to speak of (as dictators don't like unrestricted information), although it does have a number of IP blocks (unused?). This talk examines some of the myths about DPRK, and some of their existing and emerging technologies. This talk also examines some of the available infrastructure associated with DPRK (funnily enough some of which is in South Korea and Japan) and explores the potential technical threats posed by a pernicious regime, as well as exposing some of the huge gaps in logic that have led to the world potentially engaging in chicken little syndrome when it comes to DPRK. No 0days will be demonstrated, however this talk will discuss some new information that hasn't yet been made public, and will hopefully call time on the whole 'cyberwar' sideshow. English conference

Technologie
1 von 71
Into the Black: DPRK Exploration(Or How I Learned to Stop Worrying and Love the Bomb) Michael Kemp
Into the Black: DPRK Exploration / intro Standard Disclaimer The views, opinions and details presented in this resource are solely those of the author, and not of any present or previous employer or organisation. No warranty is inferred or granted. Additionally if I am black bagged, please contact North Korea and see if you can find me (although to be fair they largely stopped that in the eighties)
Into the Black: DPRK Exploration / intro “If there was hope, it must lie in the proles, because only there, in those swarming disregarded masses, eighty-five percent of the population of Oceania, could the force to destroy the Party ever be generated.” George Orwell, ‘1984’ “I am an Internet master” Kim Jong Il, 2007
Into the Black: DPRK Exploration / whoami
Into the Black: DPRK Exploration / about Fear Black holes Super hackers In & Out Relationships Apologies
Into the Black: DPRK Exploration / not about 0day Tech demo Vendor Pitch Fear & Loathing
Into the Black: DPRK Exploration / intro
Into the Black: DPRK Exploration / intro
Into the Black: DPRK Exploration / Inside Out Part the First Wherein an attempt is made to distil the infrastructure technology and relationships of a nation state into thirty slides
Into the Black: DPRK Exploration / Inside Out “Citizens are guaranteed freedom of speech, of the press, of assembly, demonstration and association. The State shall guarantee conditions for the free activity of democratic political parties and social organizations.” Article 67, DPRK Socialist Constitution Source: http://www1.korea-np.co.jp/pk/061st_issue/98091708.htm
Into the Black: DPRK Exploration / Inside Out Limited, Restrictive and Expensive Intranet (Kwangmyong) not Internet KCC – 2003 What’s going on?
Into the Black: DPRK Exploration / Inside Out “...all other people use Kwangmyong”
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out Kwangmyong is the ultimate walled garden...
Into the Black: DPRK Exploration / Inside Out Five landlines to every One Hundred people
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out Nobody really seems to know for certain how North Koreans connect to the Internet, but the reality is that very few do, and those that do, are highly and tightly regulated (apart from the upper party echelons)
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out 1990 – 3 Direct Lines to Japan 1995 – Direct line to USA (courtesy AT&T) 2000 – 29 direct lines to South Korea (total of 56 via 3rd country relays) 2008 – Majority of IDD connections disabled
Into the Black: DPRK Exploration / Inside Out DPRK International Operator = +850 2 18111 192 + 7 digit - Koryolink 3G Network (about more later)193 + 7 digit - SunNet GSM/900 Network Known DPRK City Codes 2 - Pyongyang31 - Moranbong39 - Nampho41 - Songnim43 - Songnim45 - Haeju53 - Hungnam57 - Wonsan73 - Chongjin85 - Rason
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out Tel: +44(0) 208 992 4965. E-mail: singuk.ha@btinternet.com
Into the Black: DPRK Exploration / Inside Out
Into the Black: DPRK Exploration / Inside Out Kwangmyong via dial up / South & North Korea direct connections Internet PC Room opens Information Technology Store opens 1986: INTELSAT launches Bright Star Launch Bright Star program KCC Berlin opens Kwangmyong via satellite / DPRK expands landlines Bright Star Crash US / DPRK direct connections Silibank offline IDD closed Japan / DPRK direct connections Silibank mail relays open / DPRK joins INTELSTAT
Into the Black: DPRK Exploration / Outside In Part the Second Wherein myths are debunked and questionable research results presented for purposes of edification and entertainment
Into the Black: DPRK Exploration / Outside In The Mystery of Unit 121
Into the Black: DPRK Exploration / Outside In X 17,000
Into the Black: DPRK Exploration / Outside In Dear Mr Coleman,I am currently seeking to obtain further details regarding a military unit as mentioned in your piece, http://defensetech.org/2007/12/24/inside-dprks-unit-121/ (published December 2007). As part of the preparatory work involved in preparing a presentation to be delivered at a number of international IT security conferences, I am currently engaged in research concerning the offensive capabilities of DPRK particular with reference to information warfare.The article published in December 2007 alludes to a seemingly unsubstantiated military unit with such capabilities (an attributable, named source seems somewhat hard to come by). I would be interested to know how such data was collated and sourced. The only sourcing I can find appears to be from the Yonhap News Agency (as funded by the South Korean government) or from an 'anonymous' source. Bearing in mind the arguable non-impartiality of the first agency, and the lack of journalistic best practice is quoting the second, I would like to enquire as to the source (if differing) of the material, and the journalistic accuracy of the assertions made in the article.
Into the Black: DPRK Exploration / Outside In To Me: A couple of things1.  The tone of your email puts me off as well as our ops team that responded to your email to info@technolytics.com.  They called me!2.  Google North Korea Unit 1213.  Look at the attribution of the July 4th cyber attacks on the U.S.  South Korea and the US both point back to North Korea.Other than that I am not inclined to issue any further data given you tone/attitude and the fact that most of our work is classified and not available for public disclosure.
Into the Black: DPRK Exploration / Outside In To Me: I suggest you contact your MI5 and Major Sin if you would like to substantiate N Korea's cyber capabilities or look at the attribution to the July 4th 2009 events To Me: Well there are those that think the unit number is 110 or 101 you might want to check that as well.. To Me: You clearly have an agenda and I am through wasting my time.
Into the Black: DPRK Exploration / Outside In To Kevin: The feeling is mutual I assure you. As for my agenda, if you call asking for attribution from a journalist whose 'evidence' is being utilised to shape public opinion, government policy, and doubtless company profit margin an agenda then, yes I do. It's called seeking to ascertain the truth (perhaps an oddity given the preponderance of unnamed and unnamable sources when 'reporting' on information warfare). As you seem unwilling, or unable to substantiate your claims, I'll treat them with the seriousness that they doubtless deserve. That said, many thanks for your time, and considered responses.
Into the Black: DPRK Exploration / Outside In The Point: Apparently the only sources for Unit 121 are ‘classified’ or otherwise obfuscated Presented as fact Kevin Coleman is associated with Technolytics which provide cyber war training and advice He also came up with the definition of cyber-terrorism (according to wikipedia) He also presents to US congress He can’t source his allegations publicly.... Errr.....
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In Kevin Coleman Worlds No. 1 Cyberwar Expert? Gregory Evans Worlds No. 1 Hacker?
Into the Black: DPRK Exploration / Outside In “Cyberspace has become the fifth domain of warfare, after land, sea, air and space” “A lot could be achieved by greater co-operation between governments and the private sector” “One response to the growing threat has been military. Iran claims to have the world’s second-largest cyber-army. Russia, Israel and North Korea boast efforts of their own”
Into the Black: DPRK Exploration / Outside In To: Economist PR (as they don’t have an editorial contact, and both Cyberwar articles are written by un-named ‘journalists’): I am writing to you with regards the Cyberwar / Leaders piece recentlypublished in your July 2010 edition of The Economist. For the last eighteen months I have been studying the technical capabilities present in North Korea, and the digital threat that they pose...In all my research thus far, I have not been able to source a single subtantive claim regarding the information warfare capabilities of North Korea...Given that in my research thus far, I have found no mention regarding the information warfare capabilities of North Korea from any source other than anonymous sources, or from organisations with a vested interest in claiming as much (e.g. organisations that provide information warfare training), I would be very eager to discuss the source for the claim made in this piece.
Into the Black: DPRK Exploration / Outside In 1 – State something nobody can prove or disprove 2 – Watch it make press 3 – Reinforce claims 4 – Watch it make more press 5 – Panic spreads, so does spending 6 - ??? 7 – Profit?
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In Defcon 18 August 2010 Kim Jong Il& Me: How to build a cyber Army to attack the US Charlie Miller
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In 1 - DPRK does Juche 2 – Managing remote agents is hard 3 – Recruitment is a bitch 4 – Er, why?
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In >
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In From the Batshit Crazy Department...
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In korea-dpr.com – Official Webpage of The Democratic People's Republic of Korea naenara.kp – DPRK news and shopping portal kcna.co.jp – DPRK news service in Japan korea-np.co.jp – The Peoples’ Korea dprkorea.com – Holding page (looks to be a trade organisation) uriminzokkiri.com – Pro-Korean unification aindf.dyndns.org – Anti-Imperialist National Democratic Front alejandrocaodebenos.com – Korean Friendship Association (President) business-school-pyongyang.org – DPRK / Pyongyang Business School koryogroup.com – Koryo Tours / DPRK Tourism ournation-school.com – DPRK / Juche education? korea-publ.com – DPRK publications (Amazon for Kim Jong Il) korea-is-one.org – Pro-unification kdvr.de – German based, Korean pro-unification chongryon.com – General Association of Korean residents in Japan (pro-DPRK) juche.v.wol.ne.jp – International institute of the Juche idea eba.nosotek.com - DPRK European Business Association kcckp.net – Korean Computer Center
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Outside In Microsoft IIS = 6 Other = 1 Apache = 11
Into the Black: DPRK Exploration / Outside In Oldest iteration of IIS in use was 5.0 Oldest iteration of Apache was 1.3.41 Of the found hosts: 58% had FTP (TCP 21 open) 29% had SSH (TCP 22 open) 29% had SMTP (TCP 25 open) Most of the software used was deprecated (bug laden) Most of the sites had HTTPS/ALT set up for auth A couple *looked* to have trivially brute forced DB access... Most interesting was a custom Java component on one site which I wasn’t brave enough to play with...
Into the Black: DPRK Exploration / Outside In http://www.korea-dpr.com/paektu3/login.php
Into the Black: DPRK Exploration / Outside In Very odd North Korean kids TV and more @ http://www.youtube.com/user/uriminzokkiri#p/u/23/aWh9RmtRIIk DPRK does Twitter: https://twitter.com/uriminzok
Into the Black: DPRK Exploration / Outside In DPRK can hazMySQL
Into the Black: DPRK Exploration / Outside In
Into the Black: DPRK Exploration / Conclusions? So, are we all doomed? DPRK has a very tightly regulated use of ICT DPRK is a poor country with an evil little shit in charge It seems credible that the DPRK military may be thinking about information warfare (it’s cheap after all) The skills gap Outsourcing to China or elsewhere Instead of worrying about digital Armageddon; worry about human rights There may be a *lot* to explore; if you feel brave ;)
Questions? Questions? Comments? Abuse?
References RENK (Rescue! The North Korean People Urgent Action Network) http://www.bekkoame.ne.jp/ro/renk/englishhome.htm A Guidebook for European Investors in the DPRK http://www.dprkguidebook.org http://www.scribd.com/doc/15078953/Cyber-Threat-Posed-by-North-Korea-and-China-to-South-Korea-and-US-Forces-Korea http://defensetech.org/2007/12/24/inside-dprks-unit-121/ http://blog.bkis.com/en/korea-and-us-ddos-attacks-the-attacking-source-located-in-united-kingdom/ http://greylogic.us/ http://www.scribd.com/doc/24587105/The-Dark-Visitor-Scott-J-Henderson
References http://ashen-rus.livejournal.com/4300.html http://www.nosotek.com/ http://www.interview-blog.de/unternehmerinnen-und-geschaftsideen/interview-with-volker-eloesser-president-of-nosotek-jv-company-in-north-korea/ http://datactivity.com/ http://www.youtube.com/watch?v=_AZnlyKXGPM – video about EBA / Nosotek Developing a Reliable Methodology for Assessing the Computer Network Operations Threat of North Korea - http://www.fas.org/irp/eprint/cno-dprk.pdf http://www.hrw.org/asia/north-korea http://www.amnesty.org/en/region/north-korea
Contact / 접촉 Work (Hire us): www.xiphosresearch.com mk ’at’ xiphosresearch.com Personal (Stalk me): www.lowfisecurity.com clappymonkey ‘at’ gmail.com Twitter.com/clappymonkey Location (Find me): United Kingdom / Above the earths’ core
Thanks The con organisers for having me MF for putting up with late nights & paranoid rants All the crew @ XRL for read throughs & suggestions GCHQ for listening to my phone calls All the research bodies and NGOs doing active research into DPRK All the cyberwar pundits for pissing me off YOU for listening

Empfohlen

Texas Star Chart Powerpoint
Texas Star Chart PowerpointTexas Star Chart Powerpoint
Texas Star Chart Powerpointbrigney
 
Le GPU à la rescousse du CPU (Charles Demers-Tremblay)
Le GPU à la rescousse du CPU (Charles Demers-Tremblay)Le GPU à la rescousse du CPU (Charles Demers-Tremblay)
Le GPU à la rescousse du CPU (Charles Demers-Tremblay)Hackfest Communication
 
Stack Smashing Protector (Paul Rascagneres)
Stack Smashing Protector (Paul Rascagneres)Stack Smashing Protector (Paul Rascagneres)
Stack Smashing Protector (Paul Rascagneres)Hackfest Communication
 
PostNet, une nouvelle ère de Botnet résilient (Julien Desfossez & David Goulet)
PostNet, une nouvelle ère de Botnet résilient (Julien Desfossez & David Goulet)PostNet, une nouvelle ère de Botnet résilient (Julien Desfossez & David Goulet)
PostNet, une nouvelle ère de Botnet résilient (Julien Desfossez & David Goulet)Hackfest Communication
 
Star Chart @ Edinburg High School
Star Chart @ Edinburg High SchoolStar Chart @ Edinburg High School
Star Chart @ Edinburg High Schoolmiked22
 
Texas S Ta R Chart
Texas S Ta R ChartTexas S Ta R Chart
Texas S Ta R Chartddbranch569
 
10 benefits of reading
10 benefits of reading10 benefits of reading
10 benefits of readingNada Zahro
 
The publishing industry: eboks vs traditional books
The publishing industry: eboks vs traditional booksThe publishing industry: eboks vs traditional books
The publishing industry: eboks vs traditional booksMaría José López
 

Empfohlen

Texas Star Chart Powerpoint
Texas Star Chart PowerpointTexas Star Chart Powerpoint
Texas Star Chart Powerpointbrigney
 
Le GPU à la rescousse du CPU (Charles Demers-Tremblay)
Le GPU à la rescousse du CPU (Charles Demers-Tremblay)Le GPU à la rescousse du CPU (Charles Demers-Tremblay)
Le GPU à la rescousse du CPU (Charles Demers-Tremblay)Hackfest Communication
 
Stack Smashing Protector (Paul Rascagneres)
Stack Smashing Protector (Paul Rascagneres)Stack Smashing Protector (Paul Rascagneres)
Stack Smashing Protector (Paul Rascagneres)Hackfest Communication
 
PostNet, une nouvelle ère de Botnet résilient (Julien Desfossez & David Goulet)
PostNet, une nouvelle ère de Botnet résilient (Julien Desfossez & David Goulet)PostNet, une nouvelle ère de Botnet résilient (Julien Desfossez & David Goulet)
PostNet, une nouvelle ère de Botnet résilient (Julien Desfossez & David Goulet)Hackfest Communication
 
Star Chart @ Edinburg High School
Star Chart @ Edinburg High SchoolStar Chart @ Edinburg High School
Star Chart @ Edinburg High Schoolmiked22
 
Texas S Ta R Chart
Texas S Ta R ChartTexas S Ta R Chart
Texas S Ta R Chartddbranch569
 
10 benefits of reading
10 benefits of reading10 benefits of reading
10 benefits of readingNada Zahro
 
The publishing industry: eboks vs traditional books
The publishing industry: eboks vs traditional booksThe publishing industry: eboks vs traditional books
The publishing industry: eboks vs traditional booksMaría José López
 
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Hackfest Communication
 
Books
BooksBooks
BooksTamara Chahine
 
Reading in the 21st century
Reading in the 21st centuryReading in the 21st century
Reading in the 21st centurykaren_rod
 
Flipbook-The Right To Be Forgotten: Fact or Fantasy
Flipbook-The Right To Be Forgotten: Fact or FantasyFlipbook-The Right To Be Forgotten: Fact or Fantasy
Flipbook-The Right To Be Forgotten: Fact or FantasyEilat Assif
 
Books VS. E-Books
Books VS. E-BooksBooks VS. E-Books
Books VS. E-BooksGriselda Aguilera
 
Flipbook- Praveeni Rasiah
Flipbook- Praveeni Rasiah Flipbook- Praveeni Rasiah
Flipbook- Praveeni Rasiah Praveeni Rasiah
 
Hackerspace jan-2013
Hackerspace jan-2013Hackerspace jan-2013
Hackerspace jan-2013Hackfest Communication
 
Hackfest @ WAQ2011
Hackfest @ WAQ2011Hackfest @ WAQ2011
Hackfest @ WAQ2011Hackfest Communication
 
Du fuzzing dans les tests d'intrusions? (Éric Gingras)
Du fuzzing dans les tests d'intrusions? (Éric Gingras)Du fuzzing dans les tests d'intrusions? (Éric Gingras)
Du fuzzing dans les tests d'intrusions? (Éric Gingras)Hackfest Communication
 
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...Hackfest Communication
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Hackfest Communication
 
Conservation et la circulation des renseignements personnels des services de ...
Conservation et la circulation des renseignements personnels des services de ...Conservation et la circulation des renseignements personnels des services de ...
Conservation et la circulation des renseignements personnels des services de ...Hackfest Communication
 
Mots de passe et mécanismes d’authentification (Thomas Pornin)
Mots de passe et mécanismes d’authentification (Thomas Pornin)Mots de passe et mécanismes d’authentification (Thomas Pornin)
Mots de passe et mécanismes d’authentification (Thomas Pornin)Hackfest Communication
 
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...Hackfest Communication
 
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)Hackfest Communication
 
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)Hackfest Communication
 
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)Hackfest Communication
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Weitere ähnliche Inhalte

Andere mochten auch

Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Hackfest Communication
 
Reading in the 21st century
Reading in the 21st centuryReading in the 21st century
Reading in the 21st centurykaren_rod
 
Flipbook-The Right To Be Forgotten: Fact or Fantasy
Flipbook-The Right To Be Forgotten: Fact or FantasyFlipbook-The Right To Be Forgotten: Fact or Fantasy
Flipbook-The Right To Be Forgotten: Fact or FantasyEilat Assif
 
Flipbook- Praveeni Rasiah
Flipbook- Praveeni Rasiah Flipbook- Praveeni Rasiah
Flipbook- Praveeni Rasiah Praveeni Rasiah
 

Andere mochten auch (6)

Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
 
Books
BooksBooks
Books
 
Reading in the 21st century
Reading in the 21st centuryReading in the 21st century
Reading in the 21st century
 
Flipbook-The Right To Be Forgotten: Fact or Fantasy
Flipbook-The Right To Be Forgotten: Fact or FantasyFlipbook-The Right To Be Forgotten: Fact or Fantasy
Flipbook-The Right To Be Forgotten: Fact or Fantasy
 
Books VS. E-Books
Books VS. E-BooksBooks VS. E-Books
Books VS. E-Books
 
Flipbook- Praveeni Rasiah
Flipbook- Praveeni Rasiah Flipbook- Praveeni Rasiah
Flipbook- Praveeni Rasiah
 

Mehr von Hackfest Communication

Du fuzzing dans les tests d'intrusions? (Éric Gingras)
Du fuzzing dans les tests d'intrusions? (Éric Gingras)Du fuzzing dans les tests d'intrusions? (Éric Gingras)
Du fuzzing dans les tests d'intrusions? (Éric Gingras)Hackfest Communication
 
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...Hackfest Communication
 
Conservation et la circulation des renseignements personnels des services de ...
Conservation et la circulation des renseignements personnels des services de ...Conservation et la circulation des renseignements personnels des services de ...
Conservation et la circulation des renseignements personnels des services de ...Hackfest Communication
 
Mots de passe et mécanismes d’authentification (Thomas Pornin)
Mots de passe et mécanismes d’authentification (Thomas Pornin)Mots de passe et mécanismes d’authentification (Thomas Pornin)
Mots de passe et mécanismes d’authentification (Thomas Pornin)Hackfest Communication
 
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...Hackfest Communication
 
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)Hackfest Communication
 
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)Hackfest Communication
 
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)Hackfest Communication
 

Mehr von Hackfest Communication (11)

Hackerspace jan-2013
Hackerspace jan-2013Hackerspace jan-2013
Hackerspace jan-2013
 
Hackfest @ WAQ2011
Hackfest @ WAQ2011Hackfest @ WAQ2011
Hackfest @ WAQ2011
 
Du fuzzing dans les tests d'intrusions? (Éric Gingras)
Du fuzzing dans les tests d'intrusions? (Éric Gingras)Du fuzzing dans les tests d'intrusions? (Éric Gingras)
Du fuzzing dans les tests d'intrusions? (Éric Gingras)
 
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...
Quelles lois sont applicables au hacker? Énormément moins que tu penses. (Bot...
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
 
Conservation et la circulation des renseignements personnels des services de ...
Conservation et la circulation des renseignements personnels des services de ...Conservation et la circulation des renseignements personnels des services de ...
Conservation et la circulation des renseignements personnels des services de ...
 
Mots de passe et mécanismes d’authentification (Thomas Pornin)
Mots de passe et mécanismes d’authentification (Thomas Pornin)Mots de passe et mécanismes d’authentification (Thomas Pornin)
Mots de passe et mécanismes d’authentification (Thomas Pornin)
 
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...
Comment détecter des virus inconnus en utilisant des « Honeypots » et d’autre...
 
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)
La détection d'intrusions est-elle morte en 2003 ? (Éric Gingras)
 
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)
Responsabilisation des données confidentielles en entreprise (Étienne Dubreuil)
 
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)
802.1X filaire, un monde idéal illusoire? (Olivier Bilodeau)
 

Kürzlich hochgeladen

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Kürzlich hochgeladen (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

Into the Black: Explorations in DPRK (Mike Kemp)

  • 1. Into the Black: DPRK Exploration(Or How I Learned to Stop Worrying and Love the Bomb) Michael Kemp
  • 2. Into the Black: DPRK Exploration / intro Standard Disclaimer The views, opinions and details presented in this resource are solely those of the author, and not of any present or previous employer or organisation. No warranty is inferred or granted. Additionally if I am black bagged, please contact North Korea and see if you can find me (although to be fair they largely stopped that in the eighties)
  • 3. Into the Black: DPRK Exploration / intro “If there was hope, it must lie in the proles, because only there, in those swarming disregarded masses, eighty-five percent of the population of Oceania, could the force to destroy the Party ever be generated.” George Orwell, ‘1984’ “I am an Internet master” Kim Jong Il, 2007
  • 4. Into the Black: DPRK Exploration / whoami
  • 5. Into the Black: DPRK Exploration / about Fear Black holes Super hackers In & Out Relationships Apologies
  • 6. Into the Black: DPRK Exploration / not about 0day Tech demo Vendor Pitch Fear & Loathing
  • 7. Into the Black: DPRK Exploration / intro
  • 8. Into the Black: DPRK Exploration / intro
  • 9. Into the Black: DPRK Exploration / Inside Out Part the First Wherein an attempt is made to distil the infrastructure technology and relationships of a nation state into thirty slides
  • 10. Into the Black: DPRK Exploration / Inside Out “Citizens are guaranteed freedom of speech, of the press, of assembly, demonstration and association. The State shall guarantee conditions for the free activity of democratic political parties and social organizations.” Article 67, DPRK Socialist Constitution Source: http://www1.korea-np.co.jp/pk/061st_issue/98091708.htm
  • 11. Into the Black: DPRK Exploration / Inside Out Limited, Restrictive and Expensive Intranet (Kwangmyong) not Internet KCC – 2003 What’s going on?
  • 12. Into the Black: DPRK Exploration / Inside Out “...all other people use Kwangmyong”
  • 13. Into the Black: DPRK Exploration / Inside Out
  • 14. Into the Black: DPRK Exploration / Inside Out Kwangmyong is the ultimate walled garden...
  • 15. Into the Black: DPRK Exploration / Inside Out Five landlines to every One Hundred people
  • 16. Into the Black: DPRK Exploration / Inside Out
  • 17. Into the Black: DPRK Exploration / Inside Out
  • 18. Into the Black: DPRK Exploration / Inside Out
  • 19. Into the Black: DPRK Exploration / Inside Out Nobody really seems to know for certain how North Koreans connect to the Internet, but the reality is that very few do, and those that do, are highly and tightly regulated (apart from the upper party echelons)
  • 20. Into the Black: DPRK Exploration / Inside Out
  • 21. Into the Black: DPRK Exploration / Inside Out 1990 – 3 Direct Lines to Japan 1995 – Direct line to USA (courtesy AT&T) 2000 – 29 direct lines to South Korea (total of 56 via 3rd country relays) 2008 – Majority of IDD connections disabled
  • 22. Into the Black: DPRK Exploration / Inside Out DPRK International Operator = +850 2 18111 192 + 7 digit - Koryolink 3G Network (about more later)193 + 7 digit - SunNet GSM/900 Network Known DPRK City Codes 2 - Pyongyang31 - Moranbong39 - Nampho41 - Songnim43 - Songnim45 - Haeju53 - Hungnam57 - Wonsan73 - Chongjin85 - Rason
  • 23. Into the Black: DPRK Exploration / Inside Out
  • 24. Into the Black: DPRK Exploration / Inside Out
  • 25. Into the Black: DPRK Exploration / Inside Out
  • 26. Into the Black: DPRK Exploration / Inside Out
  • 27. Into the Black: DPRK Exploration / Inside Out
  • 28. Into the Black: DPRK Exploration / Inside Out Tel: +44(0) 208 992 4965. E-mail: singuk.ha@btinternet.com
  • 29. Into the Black: DPRK Exploration / Inside Out
  • 30. Into the Black: DPRK Exploration / Inside Out Kwangmyong via dial up / South & North Korea direct connections Internet PC Room opens Information Technology Store opens 1986: INTELSAT launches Bright Star Launch Bright Star program KCC Berlin opens Kwangmyong via satellite / DPRK expands landlines Bright Star Crash US / DPRK direct connections Silibank offline IDD closed Japan / DPRK direct connections Silibank mail relays open / DPRK joins INTELSTAT
  • 31. Into the Black: DPRK Exploration / Outside In Part the Second Wherein myths are debunked and questionable research results presented for purposes of edification and entertainment
  • 32. Into the Black: DPRK Exploration / Outside In The Mystery of Unit 121
  • 33. Into the Black: DPRK Exploration / Outside In X 17,000
  • 34. Into the Black: DPRK Exploration / Outside In Dear Mr Coleman,I am currently seeking to obtain further details regarding a military unit as mentioned in your piece, http://defensetech.org/2007/12/24/inside-dprks-unit-121/ (published December 2007). As part of the preparatory work involved in preparing a presentation to be delivered at a number of international IT security conferences, I am currently engaged in research concerning the offensive capabilities of DPRK particular with reference to information warfare.The article published in December 2007 alludes to a seemingly unsubstantiated military unit with such capabilities (an attributable, named source seems somewhat hard to come by). I would be interested to know how such data was collated and sourced. The only sourcing I can find appears to be from the Yonhap News Agency (as funded by the South Korean government) or from an 'anonymous' source. Bearing in mind the arguable non-impartiality of the first agency, and the lack of journalistic best practice is quoting the second, I would like to enquire as to the source (if differing) of the material, and the journalistic accuracy of the assertions made in the article.
  • 35. Into the Black: DPRK Exploration / Outside In To Me: A couple of things1.  The tone of your email puts me off as well as our ops team that responded to your email to info@technolytics.com.  They called me!2.  Google North Korea Unit 1213.  Look at the attribution of the July 4th cyber attacks on the U.S.  South Korea and the US both point back to North Korea.Other than that I am not inclined to issue any further data given you tone/attitude and the fact that most of our work is classified and not available for public disclosure.
  • 36. Into the Black: DPRK Exploration / Outside In To Me: I suggest you contact your MI5 and Major Sin if you would like to substantiate N Korea's cyber capabilities or look at the attribution to the July 4th 2009 events To Me: Well there are those that think the unit number is 110 or 101 you might want to check that as well.. To Me: You clearly have an agenda and I am through wasting my time.
  • 37. Into the Black: DPRK Exploration / Outside In To Kevin: The feeling is mutual I assure you. As for my agenda, if you call asking for attribution from a journalist whose 'evidence' is being utilised to shape public opinion, government policy, and doubtless company profit margin an agenda then, yes I do. It's called seeking to ascertain the truth (perhaps an oddity given the preponderance of unnamed and unnamable sources when 'reporting' on information warfare). As you seem unwilling, or unable to substantiate your claims, I'll treat them with the seriousness that they doubtless deserve. That said, many thanks for your time, and considered responses.
  • 38. Into the Black: DPRK Exploration / Outside In The Point: Apparently the only sources for Unit 121 are ‘classified’ or otherwise obfuscated Presented as fact Kevin Coleman is associated with Technolytics which provide cyber war training and advice He also came up with the definition of cyber-terrorism (according to wikipedia) He also presents to US congress He can’t source his allegations publicly.... Errr.....
  • 39. Into the Black: DPRK Exploration / Outside In
  • 40. Into the Black: DPRK Exploration / Outside In Kevin Coleman Worlds No. 1 Cyberwar Expert? Gregory Evans Worlds No. 1 Hacker?
  • 41. Into the Black: DPRK Exploration / Outside In “Cyberspace has become the fifth domain of warfare, after land, sea, air and space” “A lot could be achieved by greater co-operation between governments and the private sector” “One response to the growing threat has been military. Iran claims to have the world’s second-largest cyber-army. Russia, Israel and North Korea boast efforts of their own”
  • 42. Into the Black: DPRK Exploration / Outside In To: Economist PR (as they don’t have an editorial contact, and both Cyberwar articles are written by un-named ‘journalists’): I am writing to you with regards the Cyberwar / Leaders piece recentlypublished in your July 2010 edition of The Economist. For the last eighteen months I have been studying the technical capabilities present in North Korea, and the digital threat that they pose...In all my research thus far, I have not been able to source a single subtantive claim regarding the information warfare capabilities of North Korea...Given that in my research thus far, I have found no mention regarding the information warfare capabilities of North Korea from any source other than anonymous sources, or from organisations with a vested interest in claiming as much (e.g. organisations that provide information warfare training), I would be very eager to discuss the source for the claim made in this piece.
  • 43. Into the Black: DPRK Exploration / Outside In 1 – State something nobody can prove or disprove 2 – Watch it make press 3 – Reinforce claims 4 – Watch it make more press 5 – Panic spreads, so does spending 6 - ??? 7 – Profit?
  • 44. Into the Black: DPRK Exploration / Outside In
  • 45. Into the Black: DPRK Exploration / Outside In Defcon 18 August 2010 Kim Jong Il& Me: How to build a cyber Army to attack the US Charlie Miller
  • 46. Into the Black: DPRK Exploration / Outside In
  • 47. Into the Black: DPRK Exploration / Outside In
  • 48. Into the Black: DPRK Exploration / Outside In
  • 49. Into the Black: DPRK Exploration / Outside In 1 - DPRK does Juche 2 – Managing remote agents is hard 3 – Recruitment is a bitch 4 – Er, why?
  • 50. Into the Black: DPRK Exploration / Outside In
  • 51. Into the Black: DPRK Exploration / Outside In
  • 52. Into the Black: DPRK Exploration / Outside In >
  • 53. Into the Black: DPRK Exploration / Outside In
  • 54. Into the Black: DPRK Exploration / Outside In
  • 55. Into the Black: DPRK Exploration / Outside In
  • 56. Into the Black: DPRK Exploration / Outside In From the Batshit Crazy Department...
  • 57. Into the Black: DPRK Exploration / Outside In
  • 58. Into the Black: DPRK Exploration / Outside In korea-dpr.com – Official Webpage of The Democratic People's Republic of Korea naenara.kp – DPRK news and shopping portal kcna.co.jp – DPRK news service in Japan korea-np.co.jp – The Peoples’ Korea dprkorea.com – Holding page (looks to be a trade organisation) uriminzokkiri.com – Pro-Korean unification aindf.dyndns.org – Anti-Imperialist National Democratic Front alejandrocaodebenos.com – Korean Friendship Association (President) business-school-pyongyang.org – DPRK / Pyongyang Business School koryogroup.com – Koryo Tours / DPRK Tourism ournation-school.com – DPRK / Juche education? korea-publ.com – DPRK publications (Amazon for Kim Jong Il) korea-is-one.org – Pro-unification kdvr.de – German based, Korean pro-unification chongryon.com – General Association of Korean residents in Japan (pro-DPRK) juche.v.wol.ne.jp – International institute of the Juche idea eba.nosotek.com - DPRK European Business Association kcckp.net – Korean Computer Center
  • 59. Into the Black: DPRK Exploration / Outside In
  • 60. Into the Black: DPRK Exploration / Outside In Microsoft IIS = 6 Other = 1 Apache = 11
  • 61. Into the Black: DPRK Exploration / Outside In Oldest iteration of IIS in use was 5.0 Oldest iteration of Apache was 1.3.41 Of the found hosts: 58% had FTP (TCP 21 open) 29% had SSH (TCP 22 open) 29% had SMTP (TCP 25 open) Most of the software used was deprecated (bug laden) Most of the sites had HTTPS/ALT set up for auth A couple *looked* to have trivially brute forced DB access... Most interesting was a custom Java component on one site which I wasn’t brave enough to play with...
  • 62. Into the Black: DPRK Exploration / Outside In http://www.korea-dpr.com/paektu3/login.php
  • 63. Into the Black: DPRK Exploration / Outside In Very odd North Korean kids TV and more @ http://www.youtube.com/user/uriminzokkiri#p/u/23/aWh9RmtRIIk DPRK does Twitter: https://twitter.com/uriminzok
  • 64. Into the Black: DPRK Exploration / Outside In DPRK can hazMySQL
  • 65. Into the Black: DPRK Exploration / Outside In
  • 66. Into the Black: DPRK Exploration / Conclusions? So, are we all doomed? DPRK has a very tightly regulated use of ICT DPRK is a poor country with an evil little shit in charge It seems credible that the DPRK military may be thinking about information warfare (it’s cheap after all) The skills gap Outsourcing to China or elsewhere Instead of worrying about digital Armageddon; worry about human rights There may be a *lot* to explore; if you feel brave ;)
  • 68. References RENK (Rescue! The North Korean People Urgent Action Network) http://www.bekkoame.ne.jp/ro/renk/englishhome.htm A Guidebook for European Investors in the DPRK http://www.dprkguidebook.org http://www.scribd.com/doc/15078953/Cyber-Threat-Posed-by-North-Korea-and-China-to-South-Korea-and-US-Forces-Korea http://defensetech.org/2007/12/24/inside-dprks-unit-121/ http://blog.bkis.com/en/korea-and-us-ddos-attacks-the-attacking-source-located-in-united-kingdom/ http://greylogic.us/ http://www.scribd.com/doc/24587105/The-Dark-Visitor-Scott-J-Henderson
  • 69. References http://ashen-rus.livejournal.com/4300.html http://www.nosotek.com/ http://www.interview-blog.de/unternehmerinnen-und-geschaftsideen/interview-with-volker-eloesser-president-of-nosotek-jv-company-in-north-korea/ http://datactivity.com/ http://www.youtube.com/watch?v=_AZnlyKXGPM – video about EBA / Nosotek Developing a Reliable Methodology for Assessing the Computer Network Operations Threat of North Korea - http://www.fas.org/irp/eprint/cno-dprk.pdf http://www.hrw.org/asia/north-korea http://www.amnesty.org/en/region/north-korea
  • 70. Contact / 접촉 Work (Hire us): www.xiphosresearch.com mk ’at’ xiphosresearch.com Personal (Stalk me): www.lowfisecurity.com clappymonkey ‘at’ gmail.com Twitter.com/clappymonkey Location (Find me): United Kingdom / Above the earths’ core
  • 71. Thanks The con organisers for having me MF for putting up with late nights & paranoid rants All the crew @ XRL for read throughs & suggestions GCHQ for listening to my phone calls All the research bodies and NGOs doing active research into DPRK All the cyberwar pundits for pissing me off YOU for listening