Outages in reclusive state highlight uncertaintiesLONDON - North Korea’s microscopic corner of the Internet has had a rough couple of days, suffering seven outages in 48 hours, according to one web traffic monitor.
The mysterious problems have some talking of a retaliatory cyberattack by the United States, which holds Pyongyang responsible for last month’s spectacular hack of Sony Pictures.
American officials have fueled speculation with vague denials, but security experts say North Korea’s Internet infrastructure is so skeletal that even amateurs - or a simple glitch - could have brought it clattering down.
“A large city block in London or New York would have more IP (Internet Protocol) addresses than North Korea,” said Ofer Gayer, a security researcher at Redwood Shores, California-based Incapsula Inc.
Even on a good day, web watchers see less Internet traffic from North Korea than from the Falkland Islands, a North Atlantic archipelago of fewer than 3,000 people, said Gayer. Media companies like Sony easily dwarf the communist country’s web presence.
He said that if the network was targeted by a kind of distributed denial-of-service - or DDoS - attack, the list of suspects is endless.
“Any kid that knows how to run a small-sized DDoS amplification attack can do it from his home.”
For many, the uncertainty over the outage - and lingering doubts over who hacked Sony - illustrates how little we can really know about attacks in the Information Age.
“This whole incident is a perfect illustration of how technology is equalizing capability,” Bruce Schneier, a respected security expert, said in a blog post. “In both the original attack against Sony, and this attack against North Korea, we can’t tell the difference between a couple of hackers and a government.”
After spending a significant chunk of Monday offline, North Korea’s Internet had two short outages Tuesday morning, according to Jim Cowie, the chief scientist at Dyn Research, an Internet performance company.
Cowie characterized the outages as a “return to instability,” and said they were the same type of outages that caused the original disruption.
Hiccups continued until Wednesday. Internet monitor BGPmon says it has detected seven interruptions, with the last hour-long outage reported between 6:30 and 7:45 GMT.
North Korea has a tiny online footprint, thousands of millions of times smaller than that of the United States or even archrival South Korea.
Gayer, the Incapsula researcher, pegged the country’s total bandwidth at 2.5 gigabits per second, a minuscule amount of traffic which could easily be overwhelmed by a denial-of-service attack. Only last week, a London teenager pleaded guilty to a cyberattack against an anti-spam group which clocked in at 300 gigabits per second.
U.S. officials have refused to be drawn over the online mischief, feeding speculation that American retribution may be to blame for North Korea’s Internet problems. “Ask the North Koreans if their Internet wasn’t working,” said U.S. State Department representative Marie Harf in response to questions about the outages on Tuesday. “I would check with them.”
The attack doesn’t fit the pattern of an American cyber-strike, said Dan Holden of Arbor Networks, which works to block denial-of-service attacks. He said online activists may be to blame, and social media chatter provides some support for the claim.
One prominent account linked to Anonymous, the amorphous collective of self-appointed cyber-vigilantes, briefly claimed credit for knocking North Korea offline before it itself was yanked from the Internet by Twitter.
In March 2013, North Korea experienced connectivity problems for the better part of a day and a half. It blamed the United States for the problems, but the cause was never publicly confirmed.