Woah, read the timeline at the top of this. The fire happened the very day the government ordered onsite inspection was supposed to start due to Chinese/NK hacking.
Phrack's timeline may read like it, but it wasn't an onsite inspection due to hacking, but a scheduled maintenance to replace the overdue UPS, hence battery-touching involved. Even the image they linked just says "scheduled maintenance."
So right after the investigation was announced, they suddenly scheduled a UPS battery replacement which happened to start a fire big enough to destroy the entire data centre and all data or evidence?
Yeah, that's way less suspicious, thanks for clearing that up.
Such coincidences do happen. 20 years ago the plane which was carrying all the top brass of the Russian Black Sea Fleet as well as the Fleet’s accounting documentation for inspection to Moscow burst in flames and fell to the ground while trying to get airborne. Being loaded with fuel it immediately became one large infernal fireball. By some miracle no top brass suffered even minor burn/injury while all the accounting documentation burned completely.
Who has the incentive to do this, though? China/North Korea? Or someone in South Korea trying to cover up how bad they messed up? Does adding this additional mess on top mean they looked like they messed up less? (And for that to be true, how horrifically bad does the hack have to be?)
It might be different “they”s. Putting on my tinfoil hat, whoever was going to be in hot water over the hack burns it down and now the blame shifts from them to whoever manages G-drive and don’t have a backup plan.
Not saying I believe this (or even know enough to have an opinion), but it’s always important to not anthropomorphize a large organization. The government isn’t one person (even in totalitarian societies) but an organization that contains large numbers of people who may all have their own motivations.
"NK hackers" reminds me "my homework was eaten by a dog". It's always NK hackers that steal data/crypto and there is absolutely no possibility to do something with it or restore the data, because you know they transfer the info on a hard disk and they shoot it with an AD! Like that general!
How do we know it's NK? Because there are comments in north-korean language, duh! Why are you asking, are you russian bot or smt??
Though this is far from the most important points of this article, why do even the article’s authors defend Proton after having their accounts suspended, and after having seemingly a Korean intelligence official warn them that they weren’t secure? Even if they’re perfectly secure they clearly do not have the moral compass people believe they have.
Ohh side note but this was the journalist group which was blocked by proton
The timing as well is very suspicious and I think that there can be a lot of discussion about this
Right now, I am wondering about the name most tbh which might seem silly but "APT down - The North Korean files"
It seems that APT means in this case advanced persistent threat but I am not sure what they mean by Apt Down, like the fact that it got shut down by their journalism or-? I am sorry if this may seem naive and on a serious note this raises so many questions...
> 27th of September 2025, The fire is believed to have been caused while replacing Lithium-ion batteries. The batteries were manufactured by LG, the parent company of LG Uplus (the one that got hacked by the APT).
Witness A said, “It appears that the fire started when a spark flew during the process of replacing the uninterruptible power supply,” and added, “Firefighters are currently out there putting out the fire. I hope that this does not lead to any disruption to the national intelligence network, including the government’s 24 channel.”[1]
For more context, the name derives from "phone hacking" or phreacking. You got your legends like Captain Crunch and many of you big tech players were into this stuff when they were younger, such as Woz
This was also often tied to a big counter culture movement. Which one interesting thing is that many of those people now define the culture. I guess not too unlike how many hippies changed when they grew up
Not sure why people downvoted you as I actually read the wikipedia and learnt a lot about phrack and how their name is sort of inspired by "phreaking,anarchy and cracking" and I think thus the name ph-ra-ck.
Woah, read the timeline at the top of this. The fire happened the very day the government ordered onsite inspection was supposed to start due to Chinese/NK hacking.
Phrack's timeline may read like it, but it wasn't an onsite inspection due to hacking, but a scheduled maintenance to replace the overdue UPS, hence battery-touching involved. Even the image they linked just says "scheduled maintenance."
So right after the investigation was announced, they suddenly scheduled a UPS battery replacement which happened to start a fire big enough to destroy the entire data centre and all data or evidence?
Yeah, that's way less suspicious, thanks for clearing that up.
11 replies →
Supply chain interceptions can happen for batteries and other electronics being used.
https://www.ispreview.co.uk/index.php/2025/09/openreach-give...
Recently in the UK a major communication company had issues with batteries
look at the timeline again. this is the second fire.
1 reply →
Such coincidences do happen. 20 years ago the plane which was carrying all the top brass of the Russian Black Sea Fleet as well as the Fleet’s accounting documentation for inspection to Moscow burst in flames and fell to the ground while trying to get airborne. Being loaded with fuel it immediately became one large infernal fireball. By some miracle no top brass suffered even minor burn/injury while all the accounting documentation burned completely.
One hell of an act of God that... Believable though, given the consistent transparency and low corruption in the Russian government's administration.
1 reply →
Quite a few of those top brass years later shot themselves in the head several times before jumping from a window.
Anyway, shoe production has never been better.
So, someone figured out how to do backups
They certainly will after this.
Yeah, this whole thing smells.
Who has the incentive to do this, though? China/North Korea? Or someone in South Korea trying to cover up how bad they messed up? Does adding this additional mess on top mean they looked like they messed up less? (And for that to be true, how horrifically bad does the hack have to be?)
It might be different “they”s. Putting on my tinfoil hat, whoever was going to be in hot water over the hack burns it down and now the blame shifts from them to whoever manages G-drive and don’t have a backup plan.
Not saying I believe this (or even know enough to have an opinion), but it’s always important to not anthropomorphize a large organization. The government isn’t one person (even in totalitarian societies) but an organization that contains large numbers of people who may all have their own motivations.
4 replies →
The good news is: there are still off-site backups.
The bad news is: they're in North Korea.
"Your Holiness! I have terrible news! Jesus has returned!"
"But that's a blessed event? How could that be terrible?"
"He appeared in Salt Lake City."
"NK hackers" reminds me "my homework was eaten by a dog". It's always NK hackers that steal data/crypto and there is absolutely no possibility to do something with it or restore the data, because you know they transfer the info on a hard disk and they shoot it with an AD! Like that general!
How do we know it's NK? Because there are comments in north-korean language, duh! Why are you asking, are you russian bot or smt??
Though this is far from the most important points of this article, why do even the article’s authors defend Proton after having their accounts suspended, and after having seemingly a Korean intelligence official warn them that they weren’t secure? Even if they’re perfectly secure they clearly do not have the moral compass people believe they have.
What other service would you use?
not use email in this day and age?
2 replies →
When you see a chronology like that, you don't keep trying to speak truth to power.
You delete your data, trash your gear, and hop on a bus, to start over in some other city, in a different line of work.
And with no technology! Perhaps become some kind of ascetic monk.
s/city/country/
Ohh side note but this was the journalist group which was blocked by proton
The timing as well is very suspicious and I think that there can be a lot of discussion about this
Right now, I am wondering about the name most tbh which might seem silly but "APT down - The North Korean files"
It seems that APT means in this case advanced persistent threat but I am not sure what they mean by Apt Down, like the fact that it got shut down by their journalism or-? I am sorry if this may seem naive and on a serious note this raises so many questions...
“APT Down” is likely a reference to a popular Korean drinking game.
https://www.thetakeout.com/1789352/korea-apt-drinking-game-r...
For a moment there I was wondering if “apt down” was a typo and you meant “ifdown”. ;)
> 27th of September 2025, The fire is believed to have been caused while replacing Lithium-ion batteries. The batteries were manufactured by LG, the parent company of LG Uplus (the one that got hacked by the APT).
Compromised batteries or battery controllers?
Witness A said, “It appears that the fire started when a spark flew during the process of replacing the uninterruptible power supply,” and added, “Firefighters are currently out there putting out the fire. I hope that this does not lead to any disruption to the national intelligence network, including the government’s 24 channel.”[1]
[1] https://mbiz.heraldcorp.com/article/10584693
How large is this UPS that a fire can bring down all 96 servers?
This story is really unbelievable.
7 replies →
Silver lining: it's likely that technically there is a backup (section 1.3).
It's just in NK or china.
Yikes.
I don't backup my phone. The NSA does it for me!
The recovery process and customer service around that is near impossible
The only part of our government that listens.
In the same respect /dev/null can backup mine. Good luck getting data back.
Thanks for this, it gives a lot of extra info and content compared to the original article.
> KIM is heavily working on ToyBox for Android.
2 HN front page articles in 1!
This sounds like a real whodunit.
Well, I think we know "who"dunnit it's more of a how-dunnit & are-they-still-in-dunnit
This is the first time I see this site, who/what is phrack? A hacker group?
It’s a zine. Been around since the 80’s. Hackers / security industry types read and publish to it.
For more context, the name derives from "phone hacking" or phreacking. You got your legends like Captain Crunch and many of you big tech players were into this stuff when they were younger, such as Woz
This was also often tied to a big counter culture movement. Which one interesting thing is that many of those people now define the culture. I guess not too unlike how many hippies changed when they grew up
2 replies →
https://en.wikipedia.org/wiki/Phrack
Not sure why people downvoted you as I actually read the wikipedia and learnt a lot about phrack and how their name is sort of inspired by "phreaking,anarchy and cracking" and I think thus the name ph-ra-ck.
It looks delightful, but definitely for and by a specific subculture.
thanks for the info, canceling proton rn
proton is alternative to gmail still. you replace nsa and ad networks with nsa only. it's a win.
Currently, still on Proton for its aliasing service but keeping my eye out for a suitable replacement candidate.
Thankfully I made the right choice to stay on Bitwarden instead of moving to Proton Pass.
holy shit lol. this is naked gun level incompetence
Figures.