Anonymous says it hacked North Korea’s intranet (but it probably didn’t)

The worldwide hacker collective Anonymous has announced that it has hacked North Korean web servers and, among other things, the China-based North Korean propaganda site Uriminzokkiri.com, from which it claims to have stolen the data of around 15 000 users including their account names, hashed passwords and birth dates.

Along with a sample of email addresses and account details, the Anonymous announcement also contained a rather bold claim for which the collective provided no supporting evidence:

To Kim Jong-un:

So you feel the need to create large nukes and threaten half the world with them?
So you’re into demonstrations of power? Here is ours:
- We are inside your local intranets (Kwangmyong and others)
- We are inside your mailservers
- We are inside your webservers

Kwangmyong is a North Korean intranet that was established in the year 2000. Although it operates much like the real internet — users use web browsers to surf pages, send emails, etc. — it is actually completely disconnected from the actual internet as a security control. Content from the internet appears on the Kwangmyong network if it has been selected, inspected, and approved by North Korean censors and there is no way to connect to it from outside North Korea. Given that, it seems rather unlikely that Anonymous has actually gained access to it, as North Korea Tech has pointed out.

Accessing Kwangmyong is not theoretically impossible; it might be accomplished by slipping some code past the censors who scan and scrub content from the world wide web before re-posting it to Kwangmyong, for example. It also might be possible to infect the computers of North Korean officials who are privileged enough to have access to the “real” internet in addition to Kwangmyong (such access is not common and virtually unheard of for ordinary citizens).

Without any proof of such access, Anonymous’s claim seems dubious at best. The hacker collective seems to have thoroughly disrobed Uriminzokkiri, but that site is based in China and is not connected to the Kwangmyong intranet.