North Korea’s Internet down; cause unknown

Kim Jong Un
North Korea’s tiny piece of the global Internet went dark altogether Monday, after flickering on and off over the last 24 hours, and experts said it could be a cyberattack or a pre-emptive online retreat by Pyongyang. “The North Korean IP space is not reachable from anywhere on Earth right now. It’s a national shut down,” said Jim Cowie, chief scientist of Dyn Research, which monitors global Internet connectivity.

Shortly after noon ET, “it went out, and did not come back up,” he added.

About a day of intermittent connectivity preceded the shutdown, according to Dyn Research and other companies’ observations. Almost the entirety of the very small North Korean Internet of approximately a thousand Internet protocol addresses is routed through the Chinese state-owned Internet service provider Chinese Unicom. “That presents a very small attack surface for anybody who wants to take it out,” Cowie noted.

But as so often in cybersecurity, the technical evidence is inconclusive as to cause.
Experts say there are four possibilities.

  • The North Koreans themselves could have withdrawn their IP space from the wider Internet, as Syria has done in the past. “That, under normal circumstances, would be the best explanation for what we’re seeing,” said Matthew Prince, CEO of content delivery network provider CloudFlare. That could be a pre-emptive move to prevent any online attacks, including any U.S. retaliation, from reaching the country.
  • China Unicom could have cut North Korea off from the Internet. Technically, that would look no different than if North Korea itself had done so. The U.S. has asked for China’s help in blocking North Korea from the Internet.
  • The North Korean Internet could be under a denial of service attack. It’s impossible to know how much bandwidth flows into North Korea, but it’s likely quite small. One indicator that it’s an attack is the intermittent, up and down, quality of the North Korean Internet over the past day. Prince said it’s “probably risky to speculate that that attack is being launched by any state-based entity.
    “If I were speculating, it’s equally as likely that it’s some plucky 15-year-old in a Guy Fawkes mask.” “Because there is such a minimal amount of activity in and out of North Korea, the level of sophistication you would need to disrupt that network is relatively de minimis” as well, he added.
  • Today is the day the routers happened to go down in North Korea for reasons unrelated to any attack or other reason. “It could be even that there were power gird problems,” said Cowie.

There was no immediate response from the State Department or White House to questions about whether the outage was a result of the “proportionate response” President Barack Obama promised last week to the crippling cyberattack on Sony, which U.S. officials say was orchestrated by Pyongyang.

About

For the past 35+ years, computers, advanced technology and solving problems with this new technology have been his business. In 1978, he graduated from Appalachian State University in Boone, NC with the first graduating class in the 16 North Carolina Universities with an Information Systems degree from the College of Business. For the last 14 years Nicky has served as the visionary leader and CEO of CAROLINANET.COM, a web hosting and server colocation data center and since 2004 the CEO of Carolina Digital Phone offering hosted telephone services and SIP Trunking. Read more at his LinkedIN page http://www.linkedin.com/in/nickysmith