Anonymous claims secret North Korean military documents

Group claims to have set up 'Ninja Gateway' giving North Koreans global internet access
June 20th, 2013

SEOUL – Secret North Korean military documents revealing missile secrets have been obtained and will be released on June 25, international hacking collective ‘Anonymous’ claims, although experts remain skeptical of the group’s success.

“We will no longer put up with your threats towards world peace and the Republic of Korea,” the South Korean hackers said in a press release late on Wednesday evening, a copy of which was also posted on YouTube.

Anonymous Korea is planning ‘OpNorthKorea’, a coordinated cyber attack on North Korean computer networks it claims will be launched on June 25, the anniversary of the 1950-1953 Korean War.

The group says it has found a way to access North Korea’s internal intranet system, and has posted screenshots on Twitter as ‘proof’. The images, however, are from a 2005 Segye Ilbo article, and have been on the South Korean internet for years. Nevertheless, South Korean media outlets have been covering the story throughout the day.

Left: An Anonymous Twitter account uploads pictures of the Kwangmyong network, Right: South Korean media outlets are carrying the images.

Left: An Anonymous Twitter account uploads pictures of the Kwangmyong network, Right: South Korean media outlets are carrying the images. The screenshots were first posted in 2005.


This is not the first time doubts have been raised about claims that Anonymous-affiliated hackers have managed to access the North Korean intranet. Although the group successfully hacked North Korean social media accounts and released user information from the Chinese-based Uriminzokkiri website, accessing the Kwangmyong requires more high-level access.

“We happily noticed you questioned how we could be inside Kwangmyong, the country-wide intranet of NK, because we think it’s good journalism to doubt and question things,” the group responded to skeptical media reports at the time.

“There was never any further proof coming to validate those claims and answer the skeptics,” NK News tech specialist Martyn Williams said.

“It will be the same this time. Until we see bonafide proof that this has happened, it has to be viewed as an unverified claim,” said Williams, who has written extensively on North Korea’s internal internet.

The group claims that they brought the KCNA to a halt for “two minutes” on May 12 as proof that they are able to access the North Korean intranet. Such an attack, however, is easily achieved with Distributed Denial of Service (DDoS) attacks that saturate a server with so many requests that it slows or crashes. NK News has been the victim of such attacks in the past.

Undated screenshots that first appeared on the South Korean internet in 2005.

Undated screenshots that first appeared on the South Korean internet in 2005.

Two Anonymous ‘Hacktivists’ using the pseudonyms “Lee Myung-soo” and “Hwang Yoon-taek” were interviewed by eToday, an online South Korean newspaper, about the planned cyber attacks today. A full NK News translation of the interview is available below this article.

One 'official' Anonymous Korea Twitter account threatening NK News servers with a cyber attack after the publication of a North Korean cartoon.

One ‘official’ Anonymous Korea Twitter account threatening NK News servers with a cyber attack after the publication of a North Korean cartoon.

Anonymous has threatened NK News in the past for writing about a North Korean cartoon that suggested the South Korean government was behind the cyberattacks. “Don’t make us angry,” Twitter user @Anonymous_kr (aka Hwang Yoon-taek, below) said, regarding the cartoon.

“If you do that one more time, we will attack your sites for OpNorthKorea.” One of the changes Anonymous is campaigning for in North Korea is a free and open press.

Anonymous will release more information next week, on June 25. If they are able to release information from the Kwangmyong network, it will be the first time a hacker has successfully obtained information from the infamously closed network.

Additional reporting by Shinui Kim in Seoul


Hwang Yoon-taek: “We hacked into the KCNA last May”

Q- Is it possible to hack into the Kwangmyong network? It’s closed.

A- There are 3 routes that connect Kwangmyong to the outside world. One server is located in China, and we’ve already hacked it, and got in that way. We’ve done it. There’s nothing North Korea can do to stop it now. We’ve got all the core information we need.

Q- What exactly do you have?

A- Information regarding missiles, their serial numbers, and North Korean high-ranking officials. We won’t release everything, however –– only some things so we can verify the attack. After that, we’ll hand everything over to Wikileaks.

Q- You could be putting yourself at personal risk by attacking North Korea, why do it?

A- Don’t worry. We use at least 7 shared IP addresses that are based overseas. If you try to track it, it will take years [to trace].

Q. Where is the information now? Do you have it saved at home?

A. No way. It’s broken up and dispersed on the internet.

Q. Is there any way to verify that you really hacked the North Korean intranet?

A. On May 12th, the KCNA system stopped for 2 minutes. That was us. We will release missile serial numbers soon so that you can be certain about this.


Lee Myung-soo:  “We’ve setup a ‘Ninja Gateway’ so that North Koreans can access the world wide web)”

Q. Tell me about your plans for June 25.

A. I can’t tell you the details, but we’ve done 90% of the preparation work.

Q. A ‘Ninja Gateway’, is that possible?

A. Yes. I have information about the Kwangmyong network.

Q. How do you access a closed intranet, how do you approach this?

A. North Korea uses their own operating system, Red Star OS, that’s based on Linux. We obtained that first, then used it to access the Kwangmyong network. The North Koreans will be able to access the world-wide-web soon.

Q. Who’s going to lead the June 25 attack, and what are the targets?

A. Three Korean hackers, some Argentineans, Brazilians etc. –– 10 people in total. We also have support from the global Anonymous movement.

46 websites are being targeted. North Korean websites with internal hosts are the KCNA, the Rodong, Naenara, Voice of Korea etc, 11 sites in total. Websites with external servers [that we are targeting] are Uriminzokkiri, Rygyongclip etc, –– 16 sites in total. [We are also targeting], the company that made the Pyongang Racer game.

Q. Last April, Anonymous released the a Uriminzokkiri membership list. Why ?

A. Originally, we just wanted to put some pressure on Kim Jong Un’s regime but it grew bigger than we expected. We only did it to demonstrate that we could do it, and to intimated North Korea, but once it spread on Ilbe [conservative South Korean netizen portal], it became an issue.

Q. Still, You could receive personal threats if you attack North Korea. Are you not worried about this?

A. We redirect our IP addresses every time when we use the internet. I can’t reveal more details, but we sometimes hack from our homes. There is no evidence. nothing remains.

Translation by Shinui Kim in Seoul.

Recommended for You

Koreas' Peace Symposium pushes for more engagement

Koreas' Peace Symposium pushes for more engagement

The WomenCrossDMZ International Peace Symposium took place Sunday in central Seoul, attended by the 30 women who made their way across the Demilitarized Zone (DMZ) from North to South Korea on Sunday.…

May 26th, 2015
S.Korea's hosts OSJD meeting in Seoul, seeks full membership

S.Korea's hosts OSJD meeting in Seoul, seeks full membership

The Organization for the Cooperation of Railways’ (OSJD) meeting of company presidents and logistics departments will be held in Seoul from tomorrow for two days. The Korea Railroad Corporation (…

May 26th, 2015

About the Author

James Pearson

James Pearson (@pearswick) was the NK News Seoul Correspondent.

Join the discussion