A mistake allowed us a peek into North Korea Internet infrastructure

A mistake allowed us a peek into the North Korea Internet infrastructure, a security researcher discovered that Pyongyang has just 28 websites.

The North Korea is one of the countries that most of all is investing to improve its cyber capabilities and that has one of the largest cyber armies.

But North Korea is also known for its limited exposure on the Internet, it fears cyber attacks from foreign Governments against its infrastructure.

Until today no one had any idea of the number of websites registered by the country for its top-level domain, .kp.

This week something is changed, likely due to an error in the configuration of a North Korean nameserver. The apparent mistake has revealed a list of all the domains for the top-level domain .kp and related info.

According to leaked zone files, the North Korea has only 28 registered domains

“Now we have a complete list of domain names for the country and it’s surprisingly (or perhaps unsurprisingly) very small,” Matt Bryant, the expert who has found the mistake, said to Motherboard

After Bryant discovered the mistake, he downloaded the data from the domain name servers.

Some of the sites in the list are not reachable, experts speculated that they were flooded with the traffic of curious netizens and went down.

The list of domains includes commercial and educational websites like the one of the state Air Koryo airline or the Kim Il Sung University.

The leaked info also revealed the site of the official newspaper of North Korea’s communist party which is considered the core of the Government propaganda machine.

The leaked list also includes a social network website, the state version of Facebook, friend.com.kp.

and portal.net.kp that is the equivalent of the Yahoo.

Below the complete list:

airkoryo.com.kp
cooks.org.kp
friend.com.kp
gnu.rep.kp
kass.org.kp
kcna.kp
kiyctc.com.kp
knic.com.kp
koredufund.org.kp
korelcfund.org.kp
korfilm.com.kp
ma.gov.kp
masikryong.com.kp
naenara.com.kp
nta.gov.kp
portal.net.kp
rcc.net.kp
rep.kp
rodong.rep.kp
ryongnamsan.edu.kp
sdprk.org.kp
silibank.net.kp
star-co.net.kp
star-di.net.kp
star.co.kp
star.edu.kp
star.net.kp
vok.rep.kp

Now just for a second try to think if the North Korean Government will host an exploit kit leveraging on a zero-day exploit on one of the above domains 🙂

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – North Korea Internet, DNS)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.