Outside the Beltway

North Korean Internet Connections Collapse

Doug Mataconis · Monday, December 22, 2014 · 10 comments

What does exist of North Korea’s connection to the Internet has largely collapsed in what may be an attack from outside sources:

SAN FRANCISCO — North Korea’s already tenuous links to the Internet went completely dark on Monday after days of instability, in what Internet monitors described as one of the worst North Korean network failures in years.

The loss of service came just days after President Obama pledged that the United States would launch a “proportional response” to the recent attacks on Sony Pictures, which government officials have linked to North Korea. While an attack on North Korea’s networks was suspected, there was no definitive evidence of it.

Doug Madory, the director of Internet analysis at Dyn Research, an Internet performance management company, said that North Korean Internet access first became unstable late Friday. The situation worsened over the weekend, and by Monday, North Korea’s Internet was completely offline.

“Their networks are under duress,” Mr. Madory said. “This is consistent with a DDoS attack on their routers,” he said, referring to a distributed denial of service attack, in which attackers flood a network with traffic until it collapses under the load.

North Korea does very little commercial or government business over the Internet. The country officially has 1,024 Internet protocol addresses, though the actual number may be somewhat higher. By comparison, the United States has billions of addresses.

North Korea’s addresses are managed by Star Joint Venture, the state-run Internet provider, which routes many of those connections through China Unicom, China’s state-owned telecommunications company.

By Monday morning, those addresses had gone dark for over an hour.

CloudFlare, an Internet company based in San Francisco, confirmed Monday that North Korea’s Internet access was “toast.” A large number of connections had been withdrawn, “showing that the North Korean network has gone away,” Matthew Prince, CloudFlare’s founder, wrote in an email.

Although the failure might have been caused by maintenance problems, Mr. Madory and others said that such problems most likely would not have caused such a prolonged, widespread loss.

The failure follows requests by the Obama administration to China seeking its help in blocking North Korea’s ability to wage cyberattacks, an early step toward the “proportional response” that Mr. Obama promised, as well as a broader warning to others who may try similar attacks on American targets in the future, senior administration officials have said.

The loss of service is not likely to affect the vast majority of North Koreans, who have no access to the Internet. The biggest impact would be felt by the country’s elite, state-run media channels and its propagandists, as well as its cadre of cyberwarriors.

If the attack was American in origin — something the United States would probably never acknowledge — it would be a rare effort by the United States to attack a nation’s Internet connections. Until now, most operations by the United States have amounted to cyberespionage, mostly to collect defense information or the communications of terrorism suspects.

While many minds will immediately jump to the idea of retaliation by the United States, it’s worth noting that the international hacker’s group Anonymous has threatened action against North Korea for its actions against Sony. Additionally, as noted, the collapse that is being reported could be due to North Korea’s own efforts to disconnect its Internet connections in anticipation of retaliation from the outside world. In either case, I guess this means they won’t be reading OTB in Pyongyang any time soon.