[HN Gopher] Hunting for North Korean Fiber Optic Cables
___________________________________________________________________
Hunting for North Korean Fiber Optic Cables
Author : Bezod
Score : 185 points
Date : 2025-12-08 16:38 UTC (6 hours ago)
(HTM) web link (nkinternet.com)
(TXT) w3m dump (nkinternet.com)
| superducktoes wrote:
| Thanks for sharing my site. Happy to answer any questions
| monerozcash wrote:
| Don't have questions, but your blog is very cool.
|
| A bit over a decade ago I used to spend a lot of time hacking
| North Korean web infrastructure, I mostly found that they
| tended to have firewalling around almost all boxes exposed to
| the global internet and usually had pretty impressive reaction
| times if you tried to access the country intranet through a
| compromised web server.
|
| I've always wondered how successful NSA and the likes have been
| at infiltrating DPRK networks, as it would inherently be fairly
| easy to detect any sketchy traffic from the outside. I wonder
| if the recent NYT story essentially confirms that difficulty.
|
| Regarding the NSA and DPRK, there's this document from 2007
| least https://www.eff.org/files/2015/02/03/20150117-spiegel-
| fifth_...
|
| I guess I have a question after all: I'm not exactly clear on
| how NK treats end-user devices. Do you know if the endpoints
| used by NK based remote workers have internet and intranet
| access at the same time? If they do, such an endpoint could
| offer an easy and stealthy channel to access the intranet.
| superducktoes wrote:
| thanks really appreciate that! I've seen that doc before and
| it does really make me wonder. part of the leaks from the NSA
| tools years back had some references in there for detecting
| north koreas ant-virus silivaccine
|
| https://github.com/b30wulf/Malware-
| collection/blob/4f5906c93...
|
| There was also the hacking team leak from years ago and they
| were selling exploits for north korea's red star OS:
| https://nkinternet.wordpress.com/wp-
| content/uploads/2025/12/...
|
| I assume they've been on their networks in the past but i
| think North Korea has also done a lot over the years to
| secure their side. it used to be a lot easier when they left
| everything as an open directory and didn't realize what they
| were doing.
| monerozcash wrote:
| >There was also the hacking team leak from years ago and
| they were selling exploits for north korea's red star OS:
| https://nkinternet.wordpress.com/wp-
| content/uploads/2025/12/...
|
| South Korean NIS was in fact a hacking team client, so it
| would make sense. Especially considering how terrible Red
| Star OS was at the time, a HT engineer could probably have
| whipped those up in a couple of days.
|
| https://web.archive.org/web/20180302155452/http://english.y
| o...
|
| >I assume they've been on their networks in the past but i
| think North Korea has also done a lot over the years to
| secure their side. it used to be a lot easier when they
| left everything as an open directory and didn't realize
| what they were doing.
|
| I'm sure they've had _some_ success, but I 'd expect it to
| be a really difficult environment to operate in. Even for
| the NSA. I suppose eventually there'll be a better leak and
| we'll get to find out just how well it's been going.
| superducktoes wrote:
| the end user devices are also really interesting. as far as i
| know they require a piece of software called netkey or
| oconnect as it's recently been renamed. that's for getting
| access inside the country and then for anyone outside they
| have software called hangro that is similar to a vpn for
| connecting back to north korea and getting messages
| metadat wrote:
| Impressive sleuthing!
|
| It's interesting to discover the reality that packet routing
| ends up following political affiliations. I didn't know North
| Korea only has 1,024 IPv4 addresses. Do you know why so few
| IPs? How did they get them?
| monerozcash wrote:
| DPRK can certainly get however many IP addresses they want,
| DPRK just doesn't have that much infrastructure that they
| want externally accessible.
|
| As far as I know, end-user traffic from within North Korea
| usually does not originate from those few IP addresses. Or at
| least not visibly so, they might be connecting to a proxy
| from a DPRK IP address.
| lukan wrote:
| "DPRK can certainly get however many IP addresses they
| want"
|
| IP4 is quite limited as far as I know and not given out
| freely since a long time, or what do you mean here?
| jauer wrote:
| IPv4 continues to be available to entities that have a
| need that fits a particular policy shape, just most
| people don't. Specifically, you can get IPv4 /24s for
| IPv6 transition purposes. This includes anycast DNS, MX,
| etc for legacy clients on other networks, v4-side of
| CGNAT, etc.
|
| E.g. I was able to get a /24 in the ARIN region in 2021
| and could justify 2 more for a _logical_ network topology
| similar to what NK presents to the world.
|
| APNIC similarly has a pool available for IPv4
| allocations: https://www.apnic.net/manage-
| ip/ipv4-exhaustion/#the-situati...
| monerozcash wrote:
| IPv4 is readily available and not very expensive. DPRK
| can just buy or lease them.
| toast0 wrote:
| APNIC has some addresses [1] and will assign up to two
| /24s to qualified new accounts within the region. There
| are also carve outs for National Internet Registries and
| Internet eXchange Points.
|
| [1] as of Nov 2025, approximately 3 million or a little
| more than 12,000 /24s https://www.apnic.net/manage-
| ip/ipv4-exhaustion/#how-to-tras...
| toast0 wrote:
| > It's interesting to discover the reality that packet
| routing ends up following political affiliations.
|
| Certainly political affiliations have some influence, but
| also China and Russia have land borders with North Korea and
| are not at war. It's _very_ common to run fiber optic on
| /under railroads and vehicle roads, so there you go. It's
| probably pretty hard to attract an international cable
| consortium to land in North Korea given everything, but
| terrestrial cabling is easier to start with anyway.
|
| > I didn't know North Korea only has 1,024 IPv4 addresses. Do
| you know why so few IPs? How did they get them?
|
| They would have asked APNIC, the Regional Internet address
| Registry for their region (Asia-Pacific). I can't find an
| assignment date, but 175/8 was assigned to APNIC in 2009.
| 2009 lines up with wikipedia reporting of the startup of the
| current ISP joint venture.
| apercu wrote:
| What a great read. Thanks.
| liversage wrote:
| My understanding is that there are three mobile networks in North
| Korea: the normal one used by the citizens (they have smartphones
| made specifically for North Korea), one used by the
| government/military and one for tourists (requires a local SIM
| card only available in a specific hotel in Pyongyang).
|
| The last one is connected to the internet and this is why you can
| see (or at least before the pandemic could see) Instagram posts
| from North Korea.
|
| I have no idea if this information is still or ever was
| completely true though.
|
| There's a somewhat dated but very interesting AMA on Reddit by an
| American teaching computer science in Pyongyang:
|
| https://www.reddit.com/r/IAmA/comments/1ucl11/iama_american_...
|
| Reading about the internet knowledge possessed by North Korean
| students, I'm always surprised how they supposedly also manage to
| be some of the most cunning and evil actors when it comes to
| hacking.
| foota wrote:
| Re: "I'm always surprised how they supposedly also manage to be
| some of the most cunning and evil actors when it comes to
| hacking."
|
| I sort of suspect this is just the result of a nation state
| that is willing to be a pariah. That is, I think nearly any
| large state could do it if they didn't mind burning bridges.
| louthy wrote:
| It's not just that they don't care about being a pariah
| state, it's a literal fund raising exercise, unlike most
| other state sanctioned hacking.
| mikkupikku wrote:
| Do those small utility boxes alongside the tracks make sense for
| fiber optic? I expected things like that to be larger, if only
| because fiber has a minimum bend radius.
|
| Edit: Good article though, I enjoyed it a lot.
| adamcharnock wrote:
| The min bend radius isn't that large in my experience. On the
| order of 10cm IIRC, possibly even less.
| st_goliath wrote:
| Much smaller than that, some might even say a utility box is
| overkill: https://old.reddit.com/r/techsupportgore/comments/n
| vwcuh/the...
| Lukas_Skywalker wrote:
| Even less is correct: outdoor fibers (G.652.D) have a minimum
| bend radius of about 30mm. The indoor counterpart (G.657.A1
| and A2) have 10mm and 7.5mm.
| mikeyouse wrote:
| Fiber's perfectly happy being joined in 12" by 16" boxes for
| small runs. The terminal box in my garage has a few loops and
| is more like 6" x 8".
|
| https://www.seeclearfield.com/fiber-optic-wall-box/metal-wal...
| codedokode wrote:
| Isn't it easier to hang optic cable on the poles? It seems that
| burying the cable requires more work.
|
| As for utility boxes along the track, it could be something
| railway-related, for example, some railway control or monitoring
| equipment.
| samus wrote:
| They are too vulnerable to the elements there.
| dboreham wrote:
| I found the railroad part of the article unpersuasive. Optical
| repeater stations are fairly large and therefore wouldn't show up
| as random small underground vaults or little boxes on poles.
| These look like a collection of pictures of train tracks with no
| particular indicators of optical cables therein.
___________________________________________________________________
(page generated 2025-12-08 23:00 UTC)