Internet Performance Delivered right to your inbox

Inside Dyn Research: North Korea

Last week I published a blog that discussed the role Dyn has played in major international news stories. This week I’ve decided to pull back the curtain a bit and give you an in-depth look into how something like this goes down.

This past month you may have read in publications like Vice, NBC or Bloomberg about a Facebook clone operating out of North Korea. You may have also noticed that it was our research team that first discovered this. Finally, you probably asked: how did they see this and why does Dyn care about Kim Jong-un and social networks?

I can answer the latter question first. At Dyn we are passionate about the performance of the internet. We believe the internet is a tool with unlimited potential. What is fascinating though is that it is a flawed tool. The internet by its very nature is volatile. There are outages and threats happening every day. It is up to the companies who want to use this tool to understand this volatility and prepare for it. At Dyn we believe with the right Internet Performance Management strategy you can own the Internet.

But to do that you must know the issues. That’s why we’re always watching. That’s why we can see things like our customer’s congested traffic or whether a new Facebook clone pops up in North Korea.

To understand that issue specifically, I reached out to Doug Madory, Dyn’s Director of Internet Analysis, to get a behind the scenes view of how he created a news cycle.

It all began when Dyn’s research team spotted the appearance of a social networking website in the reclusive nation of North Korea last month. As an IPM company, Dyn has both a robust intelligence network (the visibility into the internet) and DNS network (the control over it). As Dyn is a major DNS services provider, we have many analytical abilities that spot anomalous or interesting behavior. Once he noticed this, Doug turned to Twitter and his tweet caused quite a stir.

Dyn Research was the first to bring attention to the North Korean Facebook clone.
Dyn Research was among the first to bring attention to the North Korean Facebook clone.

“I noticed this generic social networking website hosted in North Korea IP address space and tried interacting with it,” Madory said. “Surprisingly enough I could make myself an account, which appeared to be the third user account on the website. The earlier two accounts appeared to be test accounts that were used to try the various site functions like posting photos and videos. So I was the first outsider on the website.

“Jason Koebler from Motherboard was the first reporter to inquire about the tweet,” Madory continued. “He got on the site and made himself an account. We started discussing the appearance of the website through the North Korean website’s chat functionality. Jason was the first to notice that the admin password was set to password. I knew well enough to leave the site alone – vandals would be messing with it soon enough.

“I also passed this site on to Martyn Williams of North Korea Tech blog who made himself an account,” Madory said. “I believe my exact words to him were: ‘drop what you’re doing now and get yourself an account’.”

Jason was the first to get a story out, but certainly not the last; Martyn wrote up a post on his site as well shortly afterwards. Once word had gotten out about this site, there were Kim Jung-un parody accounts created, and someone changed the name to “Best Korea’s Social Network”.

Eventually an 18-year-old college student from Scotland named Andrew McKean changed the admin password from “password” and took control of the site. Motherboard put out a second story that even said the site had been hacked.

Perhaps due to the world’s fascination with this repressive state, hundreds of articles were published about this development BBC and CNN also published accounts of this development – as did hundreds of other media outlets.

Facebook clone launched in North Korea
CNNMoney – May 27, 2016

Facebook copy briefly surfaces in North Korea
BBC News – May 31, 2016
The site was spotted by Doug Madory, a researcher at network management firm Dyn, who said it was rare to see any websites hosted in the secretive nation.

Even available in different languages:

كوريا الشمالية تطلق نسختها من فيسبوك بـ 137 مستخدم و تتعرض للقرصنة على يد شاب بريطاني !
عيون الخليج
و كان “Doug Madory” الخبير لدى شركة “Dyn Research” المتخصصة في حلول الاستضافة على الإنترنت قد اكتشف بالصدفة وجود موقع كوري شمالي خاص بالتواصل الاجتماعي على غرار موقع فيسبوك بل يكاد يكون نسخة مطابقة منه، كما أن الموقع الجديد يضم فقط 137 مستخدم …

18-летний шотландец взломал соцсеть КНДР с помощью пароля “пароль”
СЕГОДНЯ – 1d ago

This isn’t the first time Dyn has been in a story about North Korea. Dyn was the first to spot the national internet blackout of North Korea in December 2014 following the hack of Sony Pictures who had recently produced the movie The Interview about a plot to kill North Korean president Kim Jung-Un. This discovery lead to Doug appearing on NBC Evening News, CBS Morning News, Bloomberg, NPR’s All Things Considered, and the New York Times.

It is certainly interesting to watch a story become a hot news topic. Of course, it is much more fun when it is a North Korean social network and not your company’s outage.

Share Now

Whois: Adam Coughlin

Adam Coughlin is a Senior Manager, Corporate Communications at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.

To current Dyn Customers and visitors considering our Dynamic DNS product: Oracle acquired Dyn and its subsidiaries in November 2016. After June 29th, 2020, visitors to will be redirected here where you can still access your current Dyn service and purchase or start a trial of Dynamic DNS. Support for your service will continue to be available at its current site here. Sincerely, Oracle Dyn