Even in North Korea, it was DNS
System administrator haiku:
It’s not DNS
There’s no way it’s DNS
It was DNS
I decided to start this blog to discuss the human impact of the IT sector. Many technicians in the space spend so much of their time focusing on network latency and web page response times and IOPS that they (we?) forget that there are real people that these technologies affect (and effect).
Today I want to discuss a very interesting GitHub repository that was published overnight: a collection of the entirety of the .kp DNS zone from a mis-configured name server, likely being run inside the hermit kingdom of North Korea.
Various websites have dedicated articles to discussing and analyzing the findings (such as how only 4 total IP addresses are used, 2 for what seem to be the country’s name servers, and 2 for what seem to be the authorized webservers for the country) but one thing that isn’t being talked about is what this simple mis-configuration could mean for the administrator who inadvertently left the AXFR query type available.
If DNS is new to you, it is the technology that is invoked when you go to check your fantasy sports team, for example. DNS is what converts “football.fantasysports.yahoo.com” into the IP address “126.96.36.199”. This information is kept in zone files; there is a zone file for “.com”, there is a zone file for “.yahoo.com”, and there is a zone file for “.fantasysports.yahoo.com” which contains an entry (“188.8.131.52”) for “football.fantasysports.yahoo.com”. The AXFR query type is the method to download the entire zone file, and due to the fact that it can potentially leak sensitive information means that it is typically disabled.
If an corporate system administrator had made this mistake, it could lead to attackers gaining a better understanding of the internal structure of the company’s network, or it could possibly leak embarrassing information depending on how systems are named, but at the end of the day, the issue could/would be mitigated and everyone would move on with their lives.
In a country where the leader routinely has offenders — including close members of his own family — sent to labor camps or outright killed, it is not out of the realm of possibility that the administrator who messed up here will be executed. Whether it’s because the rest of world looks at North Korea’s 28 domains (vs. the approximately 124 million .com domains alone) and silently judges them for having a small internet presence, or whether it’s simply an act of punishment for making the DPRK government look bad, the person who made this mistake may pay for it with his or her life.
This is the true, human impact of IT.