Sleep Tight

Inside the ‘Surprisingly Great’ North Korean Hacker Hotel

North Korea is so isolated that rather than bring the Internet to its hackers, it brings them to it—in a swank hotel in China.

12.20.14 6:40 PM ET

The luxury hotel that has been called a command post for North Korean hackers would make for a unique holiday getaway and give you lots to talk about back home.

For just $53, you get “a deluxe twin room,” including a North Korean breakfast considerably more substantial than those enjoyed by the vast majority of North Koreans.

The amenities include a fitness room, a sauna, a beauty parlor, and a karaoke setup. There is also broadband Internet access, which is the reason why North Korean hackers have favored this 16-story hotel across the border from their homeland.


The hermit kingdom has maintained an army of thousands of hackers for more than a decade, but it did not establish its first direct connection to the Internet until 2010.

The problem with connections is that they can go both ways and the North Korean regime is in a constant struggle to keep its citizens from glimpsing the splendors of the outside world.

At the same time, the regime has recognized that the Internet is a realm where it can act out its aggressions at relatively little cost or risk.

And this is a form of warfare where North Korea’s lack of a cyber infrastructure or even a reliable electrical gird actually works to its advantage; the hermit kingdom is so hermetically sealed as to be virtually hack proof, thereby confounding anybody bent on retaliation.

So, rather than bring the Internet to the hackers, the North Korean regime brought the hackers to the Internet, at places such as the Chilbosan Hotel, which it partly owns in partnership with the Chinese.

The priority that the regime places on cyber warfare is made clear by its recruiting. Fledgling hackers are chosen from among the youngsters who show the most talent for mathematics and they are given years of training, often with additional instruction in China or Russia. They then become members of the ultra elite Unit 121, granted premium housing and a well-stocked cupboard.

While the world was rightly fretting about North Korea’s nuclear bomb, the hackers tested a malware “logic bomb” in 2007. The United Nations was prompted to impose a ban on selling mainframe computers or laptops to North Korea. But soon one of the UN’s own offshoots was doing exactly that.

“Fully ready for any form of high-tech war,” the regime said of itself in 2009.

The North Korean hackers helped defray the cost of their program by tapping into the South Korean cyber role-playing game Lineage and using autoplayers to rack up huge numbers of points that were then sold online. South Korean police busted up one such scheme in 2011, which was said to have netted millions.

At the same time, North Korean hackers are said to have used gaming to infect some 100,000 computers in South Korea, commandeering them in 2012 to mount a cyber attack on Incheon Airport.

South Korean authorities, along with American cyber-security experts, say they have also tied North Korean hackers to a series of more serious attacks dating back to 2009 perpetuated by what is called “the DarkSeoul gang.”

These attacks have often occurred on significant dates, such as the Fourth of July or the anniversary of the start of the Korean War. The targets have included American military and diplomatic networks as well as South Korean newspapers and TV broadcasters, as well as financial institutions.

In March of 2013, during the weeks of the annual joint U.S.-South Korean military exercises, DarkSeoul hit three media outlets and two major banks in South Korea. A drawing of three skulls along with a message in English appeared on computer screens at the targeted firms.

Get The Beast In Your Inbox!
By clicking "Subscribe," you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason

“Hacked by Whois Team,” it read. ‘Who is ‘Whois?’”

Below that was:

“!!!Warning!!! Unfortunately, We have deleted Your Data. We’ll be back soon.”

Another supposed group, calling itself the New Romantic Cyber Army, also claimed credit. But most experts agreed that North Korea was behind the attacks, as well as a video that went up on YouTube showing the White House in a sniper’s crosshairs and then exploding into flames.

“Firestorms Will Rain on the Headquarters of War,” the title threatened.

That did not keep the North Korean regime from expressing outrage and fury when it learned that the upcoming American comedy “The Interview” would depict Kim Jung-un suffering a similar end.

Kim Jung-un clearly recognizes that Hollywood and American popular culture in general constitute a dire threat. The regime has publicly executed dozens of its citizens for the crime of watching smuggled DVDs, but North Koreans continue to risk death to watch South Korean soap operas and American films and TV shows.

“Desperate Housewives” is said to he especially popular. And a glimpse of Wisteria Lane is enough to give lie to the regime’s propaganda that North Koreans live in a worker’s paradise while its enemies suffer in grinding poverty, driven by envy to plot against Dear Leader.

And if “Desperate Housewives” can be smuggled into the hermit kingdom, so could a Seth Rogen comedy about assassinating Kim Jung-un.

Interestingly, The Interview was the one movie that was not stolen and made available online by those who hacked Sony. And image that flashed on the Sony computer screens was similar to the one that appeared at the South Korea firms last year, only this was a single skull and the group called itself GOP (Guardians of Peace.) This message read:

“Hacked by #GOP
We’ve already warned you and this is just a beginning.”

Following the attack, Sony hired the cyber security firm FireEye, which had recently issued a report titled “Digital Breadcrumbs: Seven Clues to Indentifying Who’s Behind Advanced Cyber Attacks.” FireEye as well as the FBI decided that in this case the clues point to North Korea, using computers traced to New York, Thailand, Poland, Italy, Bolivia, Singapore and Cyprus as well as an e-mail service based in France. 

Some experts suggest that other parties, perhaps Iranian or Chinese, may have played some role. But there seems little doubt that North Korea was the primary culprit.   

The problem is there seem to be few ways to retaliate against a regime that has kept itself so cyber-sealed that it is said to have used a hotel in China as a command post for its hackers.

The Chilbosan’s role as a hacker center was disclosed by a defector back in 2004, but outwardly it has continued to function as just another of the area’s many hotels, ranked by Trip Advisor at 66th of the 1,025 in Shenyang. Anyone able to go online can make a reservation.

You can also peruse the Trip Advisor reviews, which demonstrate a freedom of opinion and a diversity of views that would never be tolerated by the Kim Jung-un.

The reviews in themselves constitute a demonstration of why the regime restricts the Internet.

The two reviews in English may well be genuine, even if they do read like they were composed by the band of 200 hackers who are said to be assigned to post pro-regime sentiments on South Korean forums.

One reports, “This hotel was a wonderful find during a business trip to Shenyang. It is apparently a North Korean-Chinese joint venture and you can tell that they have gone to painstaking lengths to make it a solid 4 star hotel with 5-star amenities.”

This review goes on, “The room itself was new, immaculately clean with tasteful touches of North Korean tapestries and pillows - it also had a beautiful free-standing bathtub that could rival any 5-star hotel in Beijing. Some of the staff who work at this hotel are North Korean and wear traditional North Korean dresses. The crowning jewel is the in-house North Korean restaurant that can bring you delicious Korean food right to your room.”

The other says, “Stayed here as part of a tour group so only slept and had breakfast. This was the best hotel of the trip. Rooms were spacious and clean as well as being very well equipped. Breakfast was good with supplies being refreshed constantly.”

But there are reviews in Korean and in Chinese that would likely earn the guest a trip to the gulag on the other side of the border

One is translated by Google to read, “The size of the room the room is not very good, food is Korean style as well as performance, Heating bad. Attitude is not good… Not good service.”

Another says, “Not enough four-star hotel standards, aging equipment, like the bathroom of these things as well as bedside tables are relatively old… The rooms are small... Breakfast is not very good.”

But hey, maybe anti-regime posters wrote those, this being one place where it is open to being cyber-slimed.

Either way, guests seeking a holiday getaway there can also enjoy a tingle of telling truth to power by posting their own reviews.

And, the Chilbosan would make a hell of a comedy movie; “Fawlty Towers” meets the “Great Dictator.”

Sony could even reclaim some of its honor by making it the studio’s next project.

That hilarious satire could end with North Korean proposing a joint investigation with the U.S. to determine who hacked a major media conglomerate.