Default password helped British teen hack into North Korea’s Facebook clone StarCon
It was recently revealed that North Korea has its own version of Facebook social media website, apparently installed by the state-run Internet service provider. However, this clone set up in North Korea has already been hacked.
While North Korea is known for its strict censorship of the internet with most citizens unable to access the web, the website appears to be hosted from within North Korea, according to an internet analysis company that traced the site’s DNS to the notoriously isolated country, reports Motherboard. Star is the name of the Internet service provider in North Korea.
The website, StarCon, appears to have been named after the country’s Internet service provider and is modelled on the famous social network. But in its North Korean avatar, it is known as “Best Korea’s Social Network”. Like Facebook, this website allows people from any part of the world to register with it after uploading their profile picture. It also allows users to post messages and upload videos and share them with their friends.
The site, which was first spotted by Doug Madory at Dyn Research, a company that monitors internet use and access around the world, is available at www.starcon.net.kp. Madory says that the site’s DNS resolves to North Korea’s Domain Name System, the servers that convert domain names to IP addresses. DNS is often referred to as the “address book of the internet.”
While it’s not known who set up the site, it is running PHP Dolphin, a do-it-yourself social network application that advertises to allow anyone to create their own social network.
“It seems like it’s brand new,” Madory told Motherboard. “Very few websites resolve to the North Korean address space, and this one does.”
According to a report published by Motherboard, the Facebook clone didn’t deviate much from it’s original, or from the color themes and feel to the navigation and user experience.
“Madory says he doesn’t know who set the website up, but if you click around it for a while, you’ll see that it’s a pretty faithful clone of Facebook, complete with a newsfeed, likes, and messaging service. The site is functional—I friended Madory and sent several messages back and forth, posted on his wall, and uploaded a profile picture. Right now, there are only a handful of test accounts on the site.”
Motherboard says that it’s possible that the site could only be a test-site.
“To speculate a bit, it’s possible that North Korea is testing a social network that it will eventually make available only within the country’s closely monitored intranet, which allows access to several government websites. Such a move wouldn’t be unprecedented for a communist government—Cuba has its own Facebook clone that only works within the country.”
However, it was not long before an imitation account of Kim Jung-un appeared on the site. Not long after it emerged on Friday the site existed, it was quickly hacked.
What is interesting to note that every posting and message immediately shows up as 30 minutes old, presumably because the Dolphin software doesn’t recognize North Korea’s recently created time zone, which is 30 minutes off most of the rest of the world.
Scottish teenager Andrew McKean told Motherboard that he was successfully able to log into the website’s backend by simply using “admin” and “password” as the login details. This gave the 18-year-old complete control on this website along with the power to delete and suspend users, modify the name of the website, censor certain words and also control the upcoming ads. Not just this, it also gave him the authority to “see everyone’s emails”.