Hot Topics
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity DevOps DevSecOps Editorial Calendar Featured Governance, Risk & Compliance Incident Response IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US Hacker ‘P4x’ Gets Back at Pyongyang (but We Smell a Rat)

by Richi Jennings on February 3, 2022

An infosec researcher was hacked by North Korea. U.S. law enforcement did nothing, so he took matters into his own hands.

The pseudonymous P4x hacked back. He managed to knock the DPRK off the internet for hours at a time. And now he wants to go further.

Cool story, bro. Is it all as it seems? In today’s SB Blogwatch, we suspect not.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: chopsuey.otf

DPRK FAIL

What’s the craic? Andy Greenberg reports—“North Korea Hacked Him. So He Took Down Its Internet”:

Send a message to the Kim regime
Just over a year ago, an independent hacker who goes by the handle P4x was himself hacked by North Korean spies. [He] felt deeply unnerved by state-sponsored hackers targeting him personally—and by the lack of any visible response from the US government.

So after a year of letting his resentment simmer, P4x has taken matters into his own hands. [He] found numerous known but unpatched vulnerabilities in North Korean systems that have allowed him to singlehandedly launch denial-of-service attacks on the servers and routers the country’s few internet-connected networks depend on.

Knocking out those sites no doubt presents a nuisance to some regime officials. … P4x says he would count annoying the regime as a success, and that the vast majority of the country’s population that lacks internet access was never his target. … P4x is clear that his hacking aims primarily to send a message to the Kim regime. … He now intends to try actually hacking into North Korean systems … to steal information and share it with experts.

O RLY? Lucas Ropek calls him a “Pissed-Off American Hacker”:

He is looking to recruit other hacktivists
In mid-January, the Hermit Kingdom began suffering a series of mysterious internet outages, the likes of which culminated on Jan. 26 with a near-total web blackout. At the time, it was widely speculated that the outages were the result of cyberattacks, though it wasn’t clear who might have been doing the hacking.

The self-described cyber vigilante … known only as “P4X” is taking the credit. … Those attacks supposedly helped to push all of North Korea’s websites off the internet for a period of approximately six hours last week.

P4X … said that he was contacted by the FBI after getting hacked but ultimately found the government’s response unsatisfactory. … P4X has also apparently launched a site on the dark web, dubbed the FUNK Project … where he is looking to recruit other hacktivists to his cause.

I guess Kim’s crew got what was coming? Charles Arthur goes all OG on us—Start Up No.1728:

There used to be a saying when the internet was young – “don’t annoy the wizards”. North Korea may not have heard it. Might know it now.

That doesn’t sound legal. Meh, shrugs Dissent “PogoWasRight” Doe, at The Office of Inadequate Security:

Why shouldn’t individuals take matters into their own hands?
What a great — and thought-provoking — story. [It] will make some people cheer but it should also raise questions as to whether our government did enough when security researchers were attacked by a foreign government — and what our government will do now.

Will it sit back and let vigilantes strike back or what? … If individuals are the target of a hacking campaign and the government doesn’t show up to help them in meaningful ways, and doesn’t say to them, “Look, we’ve got something going on right now so sit tight for a while please,” then why shouldn’t individuals take matters into their own hands to protect themselves?

But ballenf is “immensely proud”:

The right to bear digital arms
I would have advised him to stay quiet about this. Not out of fear of the North Koreans, but out of fear of our own security agencies seeing the activity as interfering in international relations. Also the vagueness of our hacking laws probably make what he did a crime.

But I also am immensely proud that we have people willing to take things into their own hands when needed. … I feel like the 2nd amendment should be interpreted to include the right to bear digital arms.

Wait. Pause. Trofim Lysenko accuses commentators of being “glib”:

Cold warrior brinkmanship
The DPRK’s isolation status is a consequence of US bombs targeting civilian infrastructure. Killing over 2.5 million Korean civilians. 15 percent of Korea’s prewar population wiped out, the survivors enduring crippling US sanctions for over the next 70+ years.

This type of cold warrior brinkmanship is sleepwalking into another nuclear winter which only the likes of Peter Thiel and his class will emerge from unscathed in their New Zealand bunkers.

Or are we just useful idiots? Shaiku fears we might be exactly that:

It would have made perfect sense for a government to attack their infrastructure in retaliation for weapons testing. But sure, I guess we’ll buy that some random hacker guy’s scripts were targeted a year ago and he waited all this time just to coincidentally retaliate at the same time as the missile tests.

Who is the source of this story? A government spokesperson wanting to make sure we all know it was just a rogue individual that nobody cares to investigate?

Or an even more elaborate ruse? That’s what DietaryNonsense believes:

Misdirection and narrative
It’s … entirely possible that this action, including the … article and its high visibility, is part of a broader effort and strategy. In reality we just won’t know in this type of situation.

Targets (individuals, interior or gapped networks, etc) can be difficult to identify or locate and are even more difficult to get access to. Consider that it may be easier to run an operation where you intentionally pseudo-identify a security researcher engaging in his own attack to draw attention.

Maybe P4x exists or is a fiction. … He talks **** and trashes NK operations, and plays the cocky and justice hungry hacker trope. He chums the water. There are countless ways that misdirection and narrative can be layered to draw your adversary into a worldview that is the creation of your own.

Meanwhile, This Anonymous Coward fears for P4x’s safety:

Next week, BBC reports [an] individual who had already attracted the attention of North Korea has been found dead in his home.

And Finally:

Typographic stereotypes: Racism or hidden nuance?

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Micha Brändli (via Unsplash; leveled and cropped)

Recent Articles By Author
More from Richi Jennings
Richi Jennings , , , , , ,

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 605 posts and counting.See all posts by richi

Secure Guardrails