The start of 2022 must have been hectic in the high offices of Pyongyang. The North Korean army carried out during the month of January several ballistic missile tests, which for the regime is synonymous with joy and celebration. But the party didn’t last long. Right after the last rehearsal, the internet went down across the country. A wave of cyberattacks left all systems hanging for more than seven days. First the main national websites failed, from the official news portal to the reservation page of the national airline. Then, the Asian state’s connections with the rest of the world were interrupted. Emails could not be sent or received; nor resort to cloud services. The blockade was total.
The coincidence in time of the military maneuvers and the cyber assault caused many to read the incident as the response from some western government to those war games. Nothing is further from reality. Everything had been orchestrated by a single man from his home in Miami, someone known as P4x (read Pax). He did it at night, in shorts and flip-flops and with frequent visits to the refrigerator for beer and snacks. He wrote some what he considers simple programs on his laptop, rented several remote servers and sat back to see how his plans were executed. His motivation was not geopolitical, he didn’t care about the missiles. It was personal: he wanted to hit back at the North Koreans, who tried to break into his computer a year earlier. “Something had to be done. I believe that if someone attacks you, you have to respond,” the American P4x tells EL PAÍS in perfect Spanish.
He hacker He documented his cyberattack, recording videos and taking screenshots of the entire process to prove that he had done it alone. He told him the details of his North Korean incursion to Wired, which confirmed its authorship and published the story in February 2022, shortly after the events. Now, after two years, P4x has made an unusual decision in the world: to come forward. The man who stopped the internet in an entire country is called Alejandro Cáceres, he is 39 years old and he owns his own cybersecurity company, Hyperion Gray. Born in the United States to Colombian parents, tattoos appear on the sleeves of his shirt: on his right arm is written the nickname he used before the affair North Korean, _hyp3ri0n; on the left, a hash cryptographic (an alphanumeric sequence) that encloses a word. Your commitment to the community hacker It goes beyond your arms. Asked if she has participated in the cyber defense of Ukraine, a cause supported by thousands of cybersecurity experts around the world, he answers: “I don’t remember.”
Cáceres has challenged a totalitarian regime and then revealed his identity. He doesn’t seem to fear for his life, although he takes precautions. “In fact… look,” he slips during the video call with EL PAÍS from his home-office in Florida. He opens a drawer, takes out an automatic pistol and shows it to the camera. “I don’t like weapons, but talking to military and intelligence service officers, they told me that things could happen. So now on my table I have the keyboard, the mouse, the microphone and the Glock,” she says with a laugh. Her light eyes stand out in her somewhat pale and bearded face. Brown curls peek out from under her ratty baseball cap. There it is 11 in the morning and she looks like someone who has spent the night on the computer. She sips an energy drink throughout the interview, held a month and a half after she came out of the cyberspace closet.
“In this time no one has attacked me. Before I did what I did, I looked at the numbers. In the last 45 years, the North Korean regime has only murdered two people: one was Kim Jong-un’s brother and the other, an American who was in the country,” he says, referring to Otto Warmbier, a young man who was imprisoned. in North Korea and arrived in a vegetative state in the United States, where he died a few days later. He decided that the risk was acceptable. “Dennis Rodman hasn’t come to hit me yet,” she says with a laugh in reference to the Chicago Bulls legend, who has shown off his friendship with Kim Jong-un.
Dennis Rodman hasn’t come to hit me yet. But now on my table I have the keyboard, the mouse, the microphone and the Glock
He remembers that “a strange thing” has happened to him. He met a girl through a dating app who claimed to be a Canadian-Japanese neuroscientist. “When we met I saw that she was clearly Korean. I also verified that the person writing the messages was another person, who she barely understood. He started looking for information about her and I didn’t find anything. She told me that she had changed her name because she was related to a North Korean dictator, surnamed Kim. “That’s where I said goodbye.” That happened in March of this year, shortly before P4x will reveal its identity.
Other than that, his life hasn’t changed much: he goes out little and avoids problematic, poorly lit neighborhoods. Since she came forward, yes, she receives about 200 messages a day. “Many want to associate and work with me, others see me as a hacker well and they ask me for help. “I’m a little exhausted,” she confesses, although is an active user of Xwhere he does not bite his tongue and displays his sarcastic humor.
Romance and disagreements with the Pentagon
Who he has collaborated with, and a lot, is with the US authorities. Cáceres has worked for a decade and a half through his cybersecurity company with the Pentagon, Darpa (Advanced Research Projects Agency of the Department of Defense) and the FBI, among others. Since he turned off the internet in North Korea, he has also been approached by the Department of Homeland Security or the NSA. Everyone wanted to know how he did it. “Officially they can’t say shit about what they told me about my cyberattack, but they were happy. “I know what I did is illegal, but I couldn’t imagine North Korea taking me to court.”
Cáceres has tried, but his relationship with the security agencies has not quite worked out. “My attack on North Korea was a response to his attempt to spy on me, but also a message to the United States,” he says. He still remembers the exact moment he realized that the North Koreans were inside his computer. On January 24, 2021, he received an alleged exploit (a script that exploits a vulnerability) that had been sent to him by another hacker. The next day, Google Threat Analysis Group warned of a campaign of North Korean espionage aimed at cybersecurity experts. He opened the file in a safe environment and sure enough, it was malware targeting him. He reported it to the FBI, but after three telephone interviews, the thing stayed there.
“It seemed very evident to me that they didn’t know what to do, they had no plan, they had nothing. A group of terrorists protected by a failed state attacked US citizens and they are not going to do anything? “It doesn’t seem right to me.” Cáceres accumulated resentment for almost a year until, one night, he decided to start studying the architecture of North Korea’s systems. “I found surprising things,” he explains. There were two large routers that centralized the connections of the entire country” (although it has 26 million inhabitants, very few have access to the internet). “I Googled their features and saw that they weren’t even giant, but rather medium-sized.”
From that moment on, the plan began to take shape in his head. He rented all types of servers around the country in the cloud and designed a denial of service (DoS) attack, which consists of saturating the target system with so many actions or data requests that it ends up blocking. In this case, Cáceres, or rather P4x, bombarded the North Korean routers from the servers he had rented by sending many packets of information and making data transmission extremely slow. To do this, he exploited some vulnerabilities in the country’s digital infrastructures, which were very old and, therefore, had security gaps.
In the US we have very, very good people working on our cyber defense, but they are tied up
His feat did not go unnoticed. Over the next year she had meetings with officials from the US Cyber Command, the branch of the military dedicated to this arena. He also met with officers from the Marines, Space Operations Command and intelligence (NSA). Cáceres shared with the uniformed men the keys to his coup and told them that, in his opinion, similar operations could be carried out successfully with small commandos of two to four. hackers. That would give them agility, autonomy and the ability to react.
He tried, but he didn’t succeed. “To do anything you need authorization, which takes six months to get. And when you get it, what you wanted to do no longer works. That is the reality here in the US: we have very, very good people working on our cyber defense, but they are handcuffed. “They don’t do anything, even though I know we have the resources to do a lot.”
Cáceres got fed up and decided to stop working with the Government. He does it again on his behalf from his company, Hyperion Gray, which he has now joined as a partner. George Perera, a veteran police officer specialized in cybercrime.
Cáceres’ disenchantment with the system has been one of the reasons that led him to reveal his identity. He believes the US should take a much more aggressive approach in the cyber arena. If there are groups like the North Korean Lazarus, capable of stealing hundreds of millions of dollars in cryptocurrencies in a single year, why aren’t they attacked? “Sometimes I have been told that this cannot be done, that there are diplomatic relations to maintain. And I say: it’s North Korea, I don’t give a shit. Others say that if the door to retaliation in cyberspace is opened, it will no longer be closed. But, let’s not play idiots, that door was opened a long time ago.”
You can follow The USA Print in Facebook and x or sign up here to receive our weekly newsletter.
