North Korea accidentally leaked all of its propaganda websites, providing global internet users with unprecedented insight into the secretive nation's internet infrastructure. The websites were leaked on Tuesday (19 September) and it was found that North Korea had just 28 sites registered on its .kp domain.
The leak was a result of an accidental misconfiguration of North Korea's nameserver, which stores information of all the domains existing under .kp. The misconfiguration allowed users to request information on the nation's DNS data, which in turn revealed the country's existing domains. The accidental misconfiguration was uncovered by researchers at the TL;DR project, who then proceeded to perform an AXFR (zone transfer) request, which allowed them access to North Korea's top-level DNS data.
The researchers then posted aggregated data on GitHub with a message that reads, "On Sept 19, 2016 at approximately 10:00PM (PDT), one of North Korea's top level nameservers was accidentally configured to allow global DNS zone transfers. This allows anyone who performs an AXFR (zone transfer) request to the country'sns2.kptc.kp nameserver to get a copy of the nation's top level DNS data. This was detected by the TL;DR Project- an effort to attempt zone transfers against all top level domain (TLD) nameservers every two hours and keep a running Github repo with the resulting data. This data gives us a better picture of North Korea's domains and top level DNS."
According to reports, majority of the leaked sites are dedicated to describing everyday activities of the nation's supreme leader Kim Jong-un. Two websites had the top news story about Kim Jong-un visiting a fruit farm. One site, Rodong.rep.kp also came with a dedicated section titled "Supreme Leader's Activities", which detailed the various contributions made by the dictator, including heralding the supposed transformation of the country's youngsters into "Kimilsungist-Kimjongilist's," the nation's only youth organisation.
Many sites also discussed rival South Korea, anti-US propaganda and the nation's nuclear tests. One article titled, Peruvian Party Urges US To Stop Nuclear Threat And Sanctions Against DPRK, allegedly made false claims about the government in Peru speaking out against US President Barack Obama's denouncement of North Korea's nuclear tests.
Among the sites discovered were a few that appeared clones of popular western social media sites, such as friend.com.kp, which appears to be a clone of Facebook. This appeared to be a different site from the one hacked in June. Website clones for Yahoo, and movie4k, a piracy site were also discovered, Motherboard reported.
"We didn't think there was much in the way of internet resources in North Korea, and according to these leaked zone files, we were right," said Doug Madory, a researcher at internet monitoring and performance firm Dyn.
At the time of writing, many of the websites were offline.