recommended reading

Threatwatch

North Korea's Facebook Knockoff Already Has Been Hacked

Password cracking; Unauthorized use of system administrator privileges

Reports of an attempt by the communist regime at building a social network surfaced on Friday. Hours late, someone outside of North Korean Dictator Kim Jong-un's circle had hacked it. 

Someone far outside. 

An 18-year-old college student from Scotland named Andrew McKean typed a message inside the website's "Sponsored" box, reading:

“Uh, I didn't create this site just found the login."

McKean attained North Korean system administration status just by clicking on the “Admin” link at the bottom of the site and guessing the username and password. The codes were not hard to crack: “admin” and “password.”

After reading a Motherboard article that revealed the new site, McKean said he looked at a demo for the off-the-shelf Facebook clone called phpDolphin and noticed that the default ID combination for administrators was “admin” and “password,” so he tried his luck on the North Korean site.

McKean told Motherboard he has “no plans” to do much more with the site, other than perhaps redirect the site to an anti-North Korean site.

But, for the time being, he practically has full control of the site. He could delete and suspend users, change the site’s name, censor certain words, and see everyone’s emails, according to McKean. In the backend, he is also able to see the name of the site, which is “Best Korea's Social Network.” 

sector

Government (Foreign); Social Media

reported

May 27, 2016

reported by

Motherboard

Link to report

number affected

Unknown

location of breach

North Korea

perpetrators

College Student

location of perpetrators

UK

date breach occurred

May 27, 2016

date breach detected

May 27, 2016