>Like many other US hackers and security researchers, Caceres had been personally targeted by North Korean spies who aimed to steal his intrusion tools. He had detailed that targeting to the FBI but received no real government support. So he decided to take matters into his own hands and to send a message to the regime of Kim Jong Un: Messing with American hackers would have consequences. “It felt like the right thing to do here,” Caceres told WIRED at the time. “If they don’t see we have teeth, it’s just going to keep coming.”
Hardly. He's creating tools that interest state actors with no real means of defending himself or the tools. If he's that concerned he could just destroy the tools, but he wants to have his cake and eat it too.
Then, in response to what should have been an obvious outcome to his actions, he commits what should be described as a "crime against humanity" against the entire communications infrastructure of a foreign country with nuclear weapons.
There is nothing based here. This is stupid with a tinge of greed and ego mixed in.
> Ask yourself. Do 'hackers' talk like this or military/government employees?
He said thought his tools would be "stolen?" Then this is a lame manufactured pretext which makes it worse. It also makes his actions and broadcasting them _more_ of a crime.
Glad someone is saying this. Some obnoxious moron putting countless lives in danger to virtue signal has gotta be a new low on the internet retard scale.
Also, if the entirety of the US goverment will not protect you from foreign state-sanctioned personal attacks, what should one do? Just sit there and take it, even if one could stop it?
> The State Department has a thing called "Rewards for Justice" and they talk extensively about the NK problem and how we're being hacked all the time. They pay millions for information. I told them "I don't want any of your money, I want you to know who I am [insert wired article here] and that I can listerally make any attack coming from the country North Korea stop in its tracks within minutes. Let me grab their response:
> Just be ready to be fucking infuriated. They have a bunch of shit about how we need to take on the NK cyber threat. I literally give them a SOLUTION and they say it's not within their purview, go to other intelligence agencies. I told them I FUCKING DID. No response since.
Examine how their own actions were a large part in creating this particular outcome? Then question if they're worth continuing under such circumstances?
> No response since.
Yea, maybe diplomats should lead the charge, and not self important hackers with a desire to "shut down the internet" in a fit of nerdy rage?
I believe that this was an appropriate level of protest on his part.
The reason that I posted this AMA on HN is that a lot people with influence peruse this website, and it would appear that this person went to intel agencies first, then went to State, and was shut down on all counts. Not just shut down for his personal validation, but shut down as far as potential operations.
I posted this in the hopes that someone with influence would see it, and work to prevent this from ever happening again. This guy tried to go through all the right channels. The US gov failed him, and all Americans, at every level.
Ideally, an intel contact would have responded with: "thanks, I'll make sure that the proper people know about this. Await a reply." Reply: "Please come in... OK yes, we know and will save it for an emergency. Never mention this again. Here is your monetary award, as advertised."
For unknown reasons, that did not occur. After this all happened and got written up in Wired, he is finally getting contact from the appropriate people. Let's not let this go this far in the future.
If North Korea took down US infrastructure we would consider it an act of war. The dange of exposing your devices to the open internet should be well understood by this so-called "hacker".
For him to unilaterally decide to commit an act of war against a foreign nation means he should also be held accountable for it in international criminal court.
Were this any other two nations you might have a different tone. But these are the facts of the matter. He played with fire and if he winds up dead because of it he only has himself to blame. The only people I am concerned about is anyone else now facing danger because of his idiotic actions.
He did not commit an "act of war." He is an individual, who tried to cooperate with his government and was denied.
Meanwhile NK offense regularly attacks him on a nice day, and on every other day installs ransomware on US hospital infrastructure, putting actual lives at risk... All this guy did was shut down their capability to do so.
I am unaware of any law that he broke. IMO, he also did not do anything immoral.
He defended himself against an inept state that regularly shoots random people out of cannons and murders entire family lines of anyone who flees their hell hole.
If NK took down our infrastructure, it would be our fault because we have been warning our corrupt leaders for years and nothing is being done.
He contradicts himself left and right. In one comment, he writes that they will never come after him, in another that he's seriously concerned. He writes that he has a lot of serious connections in the DoD up to the highest level, and then explains that he has a way to stop any attack from NK, but nobody will even listen to him.
There are a couple good points in the linked Wired article, such as the fact that the Russians, Chinese, Iranians, and North Korea are already escalating attacks on civillian and commercial targets and our restraint isn't being matched.
I fully understand why the US and partner governments won't be able to respond in kind, but there is certainly a lot more that could be done in that domain.
There are people that are in offensive cyber security in the US government, but realistically they have a bit more moral compass than the other state level actors that try and bring a hospital to its knees for the grand goal of making america look stupid for the nationalistic few who might actually care about that sort of thing. There's a saying we have here about never wrestling a pig in the mud: you will both be dirty but the pig will like it.
> that try and bring a hospital to its knees for the grand goal of making america look stupid for the nationalistic few who might actually care about that sort of thing
That the public believes this is our biggest problem from an international policy perspective... (as far as this topic, that is)
These governments are turning a blind eye, if not quietly supporting such because of the sheer economic and social damage.
I know a local hospital group paid 22mil in ransom on top of a lot of days where stuff barely got done.
Iirc United Health said a recent attack was probably 900 million in total costs to them?
Having worked in this space a while back, every federal gov digital service experiences nation-state intrusion attacks daily and in the 1,000s on the low end. Our gov digital infrastructure has been born under the weight of constant attack.
Responding in kind has minimal value because it’s not a deterrent.
These supposed messages between him and the state department lead me to believe it's either all or mostly exagerations or lies: https://imgur.com/a/s-lX6inGA
Maybe it's just my lack of knowledge of some regionalism, but doesn't it seem very odd that a technical person would use "in the open source", to refer not to code, but to a PR article on some news website?
I was getting kind of similar vibes. When they reveal the story, it’s basically “traceroute identifies 2 choke point routers, and I DDoSed them with traffic”.
That’s cool and neat for guerrilla warfare, but I would assume the NSA and DoD are already aware of that possibility? I wouldn’t even be surprised if they saw the DDoS happening on network monitoring tools. Why clandestine meetings for that?
I get why the media is interested, it’s an awesome story.
I imagine the NSA has a fully mapped out network layout for most major foes continuously updated in some sort of inventory database but for enemies, the same way they track large military gear and in which bases its at for their enemies. So yeah this seems very strange.
NSA and similar agencies are probably even mad at him, because he exposed the weakness that they could have exploited when needed, which is probably now patched.
> NSA and similar agencies are probably even mad at him, because he exposed the weakness that they could have exploited when needed, which is probably now patched.
Then they should have caught this when he came forward to multiple agencies, and was told that no one cared.
Please see my related comment as to why I submitted his AMA to HN. It's to bring to light this egregious lapse in US gov procedures:
Disclaimer: I do see the possible benefits for citizen liberty, where all agencies do not share every interaction with citizens. However, when a US citizen volunteers something actionable, there should be a special cross-agency path.
> It's to bring to light this egregious lapse in US gov procedures:
There is no lapse, egregious or otherwise. This kid is playing in a game he doesn't fully understand, and likely just annoying people who have been playing the game a lot longer and at a deeper level than he is.
He thinks being able to DDoS chokepoint routers with $5000 worth of VMs to spam traffic is an amazing discovery. It isn't. That's why no one cares.
The first is that it was already obvious to anyone who has worked with large-scale networks even before firing up traceroute. It was already widely known that North Korea has bad peering, because nobody but China wants to peer with them. The US is where most of the major cloud companies are headquartered (i.e. resources can be commandeered), and the defense budget would support an _enormous_ DDoS attack without even flinching.
Secondly, denial of service attacks are worth much less to governments. They have the capability to physically break infrastructure either obviously with bombs or clandestinely via who knows what. They don't _need_ a DDoS to deny service, and it's certainly not their most effective way to cut off communications.
It's a weird term. My impression is that it mostly means "randos LARPing spies", though there's a commercial angle too, it being to intelligence what PMCs are to the military. May or may not be called after "Open Source Publishing, Incorporated", featured here: [0].
it is not a weird term, and is absolutely a thing. a big deal in 2024, really.
back in the day it was just "reading the newspapers and talking to the local cab drivers", but on 2024 you're scanning forums and social media, on top of news sites.
go to a military-related subreddit and start asking questions about stuff, and you'll eventually get an expert to chime in. Make wrong & stupid claims and then have them slap you down and spill some details -- that's how they got dudes to release classified tank info in Warthunder.
dudes in Palestine and in Ukraine are getting killed because they post selfies and tweets that have GPS coordinates in the metadata. Not hidden behind any top secret firewall, easy to find if you're checking VK or Instagram, but very real implications for dropping bombs.
OSINT is also absolutely a thing in Cyber, where you can get a lot of details about a target by reading their press releases -- "Corp X signs big new deal with Oracle" -- which can give you a new attack surface. Phishing, on a long, broad timeline, has a very high success rate, so go onto Linkedin and start connecting to people. Figure out their tech stack, create a Sales Guy account, and start reaching out to Architects and Managers, and then map out the teams that might have elevated access...
the military uses it to describe all things relating to the internet, the rest of us used to use it to mean cybersex, which why you mostly only ever hear it from military folks and c-suite type people now and the rest of us kinda chuckle under our breath every time they mention it.
To summarize, there are many people in government who are interested in open source intelligence.
Traditional sources of intelligence are gathered with secret means and therefore must be restricted in distribution to prevent burning the source. This means you can have the best possible intelligence but be unable to a) act on it or b) distribute it to people who can.
The value proposition of using open-source intelligence is that you can distribute it very widely to decisionmakers since it's already "out in the open". Intelligence isn't about hoarding secrets for the sake of such; it's about getting information to people who can use it.
The political issue is that people assume that "secret = higher quality" when there's no inherent value to secrecy. So, spy agencies overinvest in secret-gathering, get a ton of info, and are unable to do anything with it.
Meanwhile, if someone posts a tank manual on the WarThunder gaming forums you can give that to every soldier that might encounter that tank.
This is doubly important in tech because many big tech companies play a significant role in national security but cannot get intelligence that would help protect them, and by extension, American interests.
I'm a little confused by the news stories about this. Did he take down their country-wide network, or just the few lines in and out of the country? It seems like he just hit a few NK websites and they everything stopped responding to him. Its like cutting the uk-europe power links and saying you took down all of the UK's power infrastructure
Only the lines in/out. NK has their own intranet which is completely separate from the global internet, which was presumably entirely unaffected by this.
I worked with him briefly on another project and he was pretty comfy and open about the whole thing. In fact I think I remember him mentioning doing a talk at a conference about it. He's a genuinely nice guy and fairly laid back about things. NK regime maybe is annoyed with him, but there is an almost zero probability of them being able to do anything other than digital harrassment to him.
The film The Interview was released in 2014. Ten years later, Seth Rogen and James Franco are still alive.
> North Korean state media threatened "merciless" retaliation for his depiction in the film. Seth Rogen responded, "People don't usually wanna kill me for one of my movies until after they've paid 12 bucks for it."
The hacker doesn't understand what they're getting themselves into, especially bragging about it. The hard part about going up against an entire nation/state is that it's relentless. The state never gets tired and never runs out of money, they could setup a team of people to 'work' on that individual and also potentially his present and future family members for a very long time. They can keep replenishing their teams with more people. The state always has a few people to spare for high-exposure targets. The leaders of that state might even forget about the existence of the individual but the operation will keep going until it's canceled... But since they forgot about the operation in the first place, it will keep going until there is some kind of broader administrative restructuring, cost-cutting or something... Which could be a long time away. Few things are more terrifying than totalitarian state bureaucracy.
While it's true that North Korea's tradecraft within the U.S. might not be as sophisticated as some fear, the situation isn't so straightforward. Given the significant public exposure of this case and the individual's prior connections within the U.S. government, NK would need to carefully weigh their options.
I would wager that if NK would attempt to harm this hacker it would be through using third parties like cartels or local gangs. This could offer NK plausible deniability and physical access to the target, but it also complicates their operational control and increases the risk of exposure. The calculus for NK would include considerations such as:
- The individual's public and former government status, which might provoke a stronger U.S. response if harmed. NK would have to vet the hackers assertions that he still has meaningful and significant contacts within the USG.
- The cost and complexity of outsourcing such an operation discretely.
- The types of U.S. responses that might follow, from diplomatic measures to cyber counterattacks.
While an attack via third parties is plausible, and given these factors which I am sure there are others I haven't considered, it would require NK to balance the benefits against the potential repercussions and the likelihood of successful attribution. But I am very confident that if they do follow through it will be using a cartel or local gang as proxy for the reasons I mentioned.
P4x's public disclosures and technical skills make him a unique target, but as he himself noted, the operational capabilities of North Korea within the U.S. are limited. It's a nuanced threat landscape where indirect methods might be considered but are not guaranteed to succeed without significant risks.
Someone engrossed in digital foolery not understanding how the real world works is so stereotypical I wonder if there's more to this.
Incidentally for anyone who's actually paying attention, the first rule in covert actions is being and staying inconspicuous. The real world isn't like Hollywood where people working in the shadows can become celebrities as a side gig.
I hope this guy has a really good security detail now that he painted such a biglyarse target on himself. God damn, man.
> the first rule in covert actions is being and staying inconspicuous.
Some hacker movie said the problem is when you brag about it, and you desperately want to... and just looking at his post with the edits, he really is metaphorically jerking off to how awesome he is.
Holy frakk, he's even posted his face on that post. GOD DAMN! I half look forward to reading about how 2 women were fooled into pranking^W assassinating him (1). I hope dude isn't thinking of travelling to Asia anytime soon.
100%. Maybe he will get a job with US intelligence or something, that could provide some safety. People should take this stuff seriously. As you say, it's not like in the movies. Hollywood continuously trivializes the enormous power wielded by states. There are some enemies you really don't want to make.
North Korea is a poor country with millions of starving citizens, and rather than sending food aid, you broke down their only comms to the rest of the world?
The starving, and heavily repressed citizens do not have access to the internet in NK. This attack did not affect any of them to any extent.
Whom it did affect a bit, hopefully, were the people complicit in the repressive dictatorship that runs the country.
The repressive dictatorship that engages in, among many other bad things, scams and online fraud to partially finance the country. For this they of course use the internet. So, taking them off-line for a week may have prevented someone from getting scammed. Good result.
There's rarely such a thing as a clear, objectively simple 'good result' for this sort of action because outcomes have knock-on effects. For example, if the North Koreans responsible for maintaining internet access were executed over this that diminishes the result significantly.
Good point, but the original comment was about whether the hacker was morally dubious, not the outcomes. If a bad actor does bad things because of what you did, you're not morally responsible for it — he is.
Only the elite in that country has access to the Internet. The starving citizens do not have access to the Internet, and even if they do/did, they're so heavily monitored the minute they even glanced at something controversial they'd be shipped to a concentration camp.
It's not like he went in out of pure malice or anything though, they were trying to hack him first. Not saying it's some morally pristine thing, but it definitely communicated what it was trying to communicate.
As an analogy, we should have empathy for homeless people stuck in poverty, but if one of them continually bikes to your house and tries to break in, is it morally dubious to eventually take their bike chain rather than just shooing them away each attempt? I imagine the moral razor would fall on similar lines.
Regarding your analogy: I think it would be more like taking the bikes of every homeless person as opposed to just the one. Would that make it more or less morally dubious?
I don't think it's quite like that, since there's no direct action aiming to antagonize poor North Korean citizens; they are suffering indirectly due to the harm done to the actual target.
In the homeless analogy, maybe the attempted-robber's friends go hungry, since he usually uses the bicycle to go to the grocery store.
To me, I don't imagine this changes the calculus much, since almost any intervention will have side-effects.
I dont agree. Did you send food aid to North korea? And if you did, are you sure it was not used to feed the guards? I find sending food instead of trying to destroy the regime a morally dubious thing to do for exactly this reason...
Food aid rarely reaches the people who need it. The North Korean regime is notorious for diverting aid, or selling to finance its nuclear program. Responsible food distribution requires careful monitoring, which the regime rejects. https://www.reuters.com/article/idUSSEO369467/
Any attack on any sufficiently large structured system will indirectly harm those who depend on it, irrespective of how unjust, dangerous, and/or corrupt it might be. That does not make resistance inherently immoral. If we permit these institutions to take their subjects as hostages and refuse to confront that kind of monstrous behavior for what it is, we permit those institutions to continue abusing their populaces forever because they will never stop of their own volition.
Every resistance action carried out by every resistance group against tyranny throughout history has been washed in the blood of people who did nothing wrong.
I agree with that statement. What's the point in embarrassing that regime. Some IT guys might get in pretty serious trouble now. Good that you found out though, impressive work.
Why isn’t he in prison? I mean, going by the West’s own laws, or the spirit of them, anyway. Unless he is part of said West’s Armed Forces, in which case this would get really close to a casus belli.
Not an enforcement priority for the same reason a lot of domestic abuse goes unprotected: the victim is uncoöperative.
> going by the West’s own laws, or the spirit of them, anyway
Pyongyang and prosecutors would have to show he attacked a “protected computer” under the CFAA [1]. Given the two routers he allegedly overwhelmed were internet connected, that shouldn’t technically be hard under Trotter and Kane. But it would be a novel expansion of interstate commerce to encompass a country with whom Americans cannot legally trade, i.e. do commerce.
Put another way, North Korea’s status as a sanctioned country might put this into a legal grey area—it might not be criminally punishable. To settle that question would take a lot of prosecutorial resources. It’s not clear those are well spent on a case where the witness won’t coöperate.
I can imagine he did piss of some agencies? I mean other states could have mapped NK's whole infra, made a plan to take down NK's internet when "needed" (i.e. in case of some event)... Then some dude triggers it just for fun...
Some things are too big to just mess around with, I would feel extremely vulnerable having pulled such a stunt.
Sure. But OP asked why he isn’t being arrested. Plenty of people piss off the IC when they publish e.g. long-coveted (and independently discovered) zero days, or write an exposé on something an agency was hoarding for interagency political value.
Good point: a final hurdle inhibiting criminality is his lack of profits. No disgorgeable gains. That means you’re only left with damages, which again, requires the victim’s coöperation to assess.
there is a lot of 'looking the other way' when it comes to people hacking 'adversaries'. Just look at people going at russia's network now. western authorities arent exactly busy trying to stop that. i imagine similar priorities for NK, china and other places.
He very much could, if politics changed. The US hates NK not because they are authoritarian but because they are not aligned. If they were to be aligned, and this guy didn't act on proper authorization, he could find himself in hot waters in the USA.
Plus he might have broken a bunch of "international" rules which could see him in trouble if he was to travel to some countries.
It is really reckless; but then there is a good chance he was acting behind some agency.
"the West" has to keep some degree of not officially caring to avoid being backed into a policy corner and has no incentive to take law enforcement action when threat actors in those other countries operate with impunity.
That link doesn't really explain what exactly it's talking about, it's a single reply with the original post invisible and all replies invisible. It speaks of a cyberattack without mentioning which one.
It works for me? That's normal behavior if you aren't signed into Twitter :(
Summary of thread: Society doesn't handle 2nd order consequences well. NK cryptolocker attack on healthcare-involved systems in British hospitals disrupted treatment to the extent that hundreds of people died who probably wouldn't have.
Expanding on that: Organized crime groups located in and sometimes tasked by RU SVR & GRU (not to mention NK state groups) have caused sufficient disruption to US healthcare systems to have indirectly caused more US Citizen deaths than the Sept 11 attacks. Right now cyber that does not directly cause destruction such as making buildings blow up or poisoning water supply is treated as just an annoying white collar crime.
I don't think anyone wants the US Government to be in a position where their options are to admit powerlessness or get proportional against nuclear armed states.
Because one of the 3 basic principles of sovereignty (as is understood by western political philosophy, known as Westphalian sovereignty) is that there is no other authority inside a State’s borders except its own.
This means no other country has jurisdiction in North Korea, besides, there’s also no incentive to help in case DPRK asks for help.
France doesn’t investigante crimes that happen in Spain, Portugal doesn’t investigate crimes that haven in Canada, the USA doesn’t investigate crimes that happen in Germany, etc…
> western political philosophy, known as Westphalian sovereignty) is that there is no other authority inside a State’s borders except its own
You’re citing centuries-old political philosophy, only remnants of which remain in our world [1].
The West that arose after WWII and through the Cold War is decidedly non-Westphalian. Concepts like human rights, non-proliferation and self determination are non-Westphalian. The Nuremberg trials were anti-Westphalian.
The closest modern analogues to (and proponents of) Westphalian philosophy are Russia, China and North Korea.
The Westphalian treaties gave France, Sweden and later Russia the explicit right to intercede to guarantee the Imperial constitution [1]. (Westphalia was concerned with the Holy Roman Empire.)
Westphalian sovereignty as a historical concern is a myth [2].
>France doesn’t investigante crimes that happen in Spain, Portugal doesn’t investigate crimes that haven in Canada, the USA doesn’t investigate crimes that happen in Germany, etc…
Remember this guy didn't fly to DPRK, he committed what could be considered crimes under CFAA while on US soil? (CFAA written broadly enough that taking a country offline could be considered to affect foreign commerce/communication of the US)
> Russia wanted to join nato, but nato wouldn't let them.
That's not true. You will not find a single law approved by Russian Duma that sets it as a foreign policy goal like in countries that did choose to join NATO.
Putin, at least, says he wanted to join NATO back in 2000 (according to the Stone interview). But he put it, "the U.S. delegation got very nervous."
Granted this was well before his total Machtergreifung, and he definitely was not equated with "Russia" at the time like he is now. But that's his telling of events, in any case.
Because the "rules based order" means a diferent set of rules for different situations.
If it's something "we like", then it's ok, if not, then prison.
Same for geopolitics... in one case, we care about teritorial integrity, that minorities should not seced, and in others we help with the breakup of countries... well.. or in some cases, we act is if nothing is happening at all, and noone wants to break away at all :)
It would take someone that wanted to prosecute him. If his story is real he deserves a medal and possibly a job at the NSA/CIA instead of a court date.
No no no, ofc its morally justified to do such thing against impoverished nations! After all, if they are subjected to famine-inducing embargoes, they probably deserve it!
This is a good point that no one has really pointed out based on my skimming, except for the OP saying they could stop all NK based attacks, which I’m guessing is based on blocking the 2 country routers.
However, a minimal amount of cyber attacks probably actually originate from NK directly. It’s known the NK hackers are trained in China and attacks probably flow through compromised VPS accounts, VPNs, open proxies, and open SOCKS-5 located around the world.
The NK hackers could be sitting in NK using the systems I referenced above to do their attacks and were not able to because they couldn’t connect to the internet. Maybe so, but they are most likely usually sitting in China and other locations.
Sounds like a terrible way. One screw up, and then you have one of the worst nations on earth in every metric with an axe to grind against you. No thanks. Meetups in Vegas hotels seem a lot safer and more fun to practice hacking skills.
Talk about delusions of grandeur. He knocked a few public facing HTTP hosts offline, amazing! I can “a bring down North Korea’s internet” aka a few public hosts for a week too if I rent Lizard Squads stresser for $400 a week. What’s supposed to be impressive about that?
No, he knocked out the two routers serving the entire country. NK sites were inaccessible to the outside world, and outside sites were inaccessible to NK.
But very very few North Koreans even have access to the internet. Regular people just have access to a local intranet with censored information.
That exercise that Russia did a few years ago to see if they could function cut off from the internet? For north Korea that's the regular self-imposed status quo. I don't think it will have had much impact on daily life there.
Not true, there are/were North Korean hackers actively using platforms like Hackerone and other lesser known SaaS that haven't implemented KYC for training.
I think this was a pretty stupid joke. Especially if the OP is an individual. Making a nation state your adversary as merely a sole individual is something you never ever want to even risk. Any rational human being (not just hacker) would know or recognize that. Very often it is ego that directly leads to doing irrational actions like this.
>> JDdoc: Once you knew you had access, did you make a point of saying “I’m IN!” out loud, even if no one was in the room with you?
> dotslashpunk: lol, no I only say that during either sex or when I'm able to join a meeting successfully with my microphone and speakers actually working. Both are rare.
Talented and funny. He's wearing his new found fame well.
Even if they really wanted to there isn’t enough electricity in NK. Lots of articles written about the minimal amount of emitting lights seen at night.
It's 100% clear why his I initiative was buried. The guy is a reckless egomaniac jerk. He is very transparent that he would do illegal stuff on a whim, target civillians, escalate conflict with other nations without even consulting a superior, and then reveal his face to the whole world, spilling secrets left and right, for a minute of internet publicity. And do a reddit AMA. And put "I am single LOL" there, showing just how much he can be trusted with leading a government cyberwarfare task force
What I read is that guy did a clever DDoS, which is mildly impressive, and decided to become a twitter celebrity/NK assassination victim. I am no hacker, but I expect real hackers to be laughing their asses off.
I think I can make it simple. Would love to hear of any cases refuting this.
If the country is on the US State Department's 'Sponsored' program list (currently DPRK, Iran, Sudan, and Cuba) it doesn't count. Florida terrorism ok, you get a pass and called a hero: https://en.wikipedia.org/wiki/Luis_Posada_Carriles
Comparing to other more recent Florida originated attack on against a poor country, the assassination of Haiti's president. Haiti is not on that country approval list, go directly to jail: https://www.justice.gov/opa/pr/four-florida-men-arrested-plo...
So basically the elites are using the internet to control (feeding) the starving folk.
No internet means less control. Brings them closer to the starving folks level, more chance of actually being a "people's republic" then.
There's not much government worth salvaging in that country, basically an army.
The only loss would be them improving their security now. Other world governments may have left that vulnerability untouched purely in case they need to use it at a later stage.
Nothing about this ama/article suggests that NK is anything but a Potemkin country - a false baddie for others to hide behind. The NK idea is useful to agencies, in certain circumstances.
Indescribably based.