A mistake allowed us a peek into North Korea Internet infrastructure

A mistake allowed us a peek into the North Korea Internet infrastructure, a security researcher discovered that Pyongyang has just 28 websites.

The North Korea is one of the countries that most of all is investing to improve its cyber capabilities and that has one of the largest cyber armies.

But North Korea is also known for its limited exposure on the Internet, it fears cyber attacks from foreign Governments against its infrastructure.

Until today no one had any idea of the number of websites registered by the country for its top-level domain, .kp.

This week something is changed, likely due to an error in the configuration of a North Korean nameserver. The apparent mistake has revealed a list of all the domains for the top-level domain .kp and related info.

According to leaked zone files, the North Korea has only 28 registered domains

“Now we have a complete list of domain names for the country and it’s surprisingly (or perhaps unsurprisingly) very small,” Matt Bryant, the expert who has found the mistake, said to Motherboard

After Bryant discovered the mistake, he downloaded the data from the domain name servers.

Some of the sites in the list are not reachable, experts speculated that they were flooded with the traffic of curious netizens and went down.

The list of domains includes commercial and educational websites like the one of the state Air Koryo airline or the Kim Il Sung University.

The leaked info also revealed the site of the official newspaper of North Korea’s communist party which is considered the core of the Government propaganda machine.

The leaked list also includes a social network website, the state version of Facebook, friend.com.kp.

and portal.net.kp that is the equivalent of the Yahoo.

Below the complete list:

• airkoryo.com.kp
• cooks.org.kp
• friend.com.kp
• gnu.rep.kp
• kass.org.kp
• kcna.kp
• kiyctc.com.kp
• knic.com.kp
• koredufund.org.kp
• korelcfund.org.kp
• korfilm.com.kp
• ma.gov.kp
• masikryong.com.kp
• naenara.com.kp
• nta.gov.kp
• portal.net.kp
• rcc.net.kp
• rep.kp
• rodong.rep.kp
• ryongnamsan.edu.kp
• sdprk.org.kp
• silibank.net.kp
• star-co.net.kp
• star-di.net.kp
• star.co.kp
• star.edu.kp
• star.net.kp
• vok.rep.kp

Now just for a second try to think if the North Korean Government will host an exploit kit leveraging on a zero-day exploit on one of the above domains 🙂

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – North Korea Internet, DNS)