A pro-Russian hacking group said it attacked and paralyzed the website of North Korea’s state-owned Air Koryo and later posted a mocking message on the Telegram messaging app about the airline’s inadequate cybersecurity standards.
The “Server Killers” targeted the flag carrier’s website on April 9 using a denial-of-service attack, or DDoS. They then posted a screenshot of Air Koryo’s website that showed the standard “HTTP Error 500” message that users see when a website isn’t accessible.
The group also posted a message that said “North Korea, where is security,” along with a smiling face emoticon on Telegram.
Check-Host.net – an online tool for checking the availability of websites, servers, hosts and IP addresses – showed that Air Koryo's website couldn't be accessed for a period of time on April 9. The website was accessible on Monday.
In a response to a message sent on Telegram privately by Radio Free Asia, the “Server Killers” account said that North Korean websites tend to have mediocre security.
The reason for hacking the Air Koryo website was “for technical reasons, not political or social purposes,” a messenger who asked for anonymity said.
“Server Killers” doesn’t understand why North Korea won’t “pay much attention to security” on its government sites, the messenger said.
‘We attacked it just for fun’
The group has posted on its Telegram channel photos and screenshots from what they claim are dozens of successful hacking attacks on government agencies and private companies in the United States, the United Kingdom and Germany.
The messenger confirmed to RFA that the group used a DDoS attack on the Air Koryo website. Such an attack paralyzes a server, service or network by providing excessive internet access to a target.
The airline’s website not only didn’t have a DDoS attack prevention function, but also didn’t have a “SSL certificate,” which enables an encrypted connection, the messenger said.
“We attacked it just for fun and to test how resistant the site is to a DDoS attack,” the messenger said. “We attacked the site for only 300 seconds, and the site was offline for more than eight hours.
“We noticed the site was very old and written in PHP programming language. Not only that, but many sites in North Korea were like that,” the messenger said, adding that “this will be the first and last attack targeting North Korea.”
Translated by Claire S. Lee. Edited by Matt Reed.