A strange thing happened to North Korea’s already tenuous link to the Internet on Monday: It failed.
While perhaps a coincidence, the failure of the country’s computer connections began only hours after President Obama declared Friday that the United States would launch a “proportional response” to what he termed an act of “cybervandalism” against Sony Pictures.
Over the weekend, as North Korean officials demanded a “joint investigation” into the Sony attacks and denied culpability — an assertion the United States rejected — Internet service began to get wobbly. By early Monday, the Internet went as dark as one of those satellite photographs showing the impoverished country by night.
Experts who monitor the health of the global Internet called it one of the worst North Korean network failures in years. But American officials who had described over the weekend how they were intensely focused on the country’s telecommunications connections through China — and how they had asked the Chinese government for help in cutting off the North’s ability to send malicious code around the world — declined to discuss what befell those connections.
“I guess accidents can happen,” one said in a very brief telephone conversation.
A State Department spokeswoman, Marie Harf, told reporters on Monday, “We aren’t going to discuss, you know, publicly operational details about the possible response options,” adding that “as we implement our responses, some will be seen, some may not be seen.”
There was no definitive way, at least in the short term, to determine whether the connection had been cut, overloaded, or attacked. And security experts cautioned that there could be many reasons for Monday’s failure. North Korea could be pre-emptively taking its systems offline to prepare for an attack, some said.
Chris Nicholson, a spokesman for Akamai, an Internet content delivery company, said it was difficult to pinpoint the origin of the failure, given that the company typically sees only a trickle of Internet connectivity from North Korea. The country has only 1,024 official Internet protocol addresses, though the actual number may be a little higher. That is fewer than many city blocks in New York have. The United States, by comparison, has billions of addresses.
But when the sun rose in North Korea on Tuesday morning, the few connections to the outside world — available only to the elite, the military, and North Korea’s prodigious propaganda machine — were still out.
As the morning wore on, however, some of the connections began to come back after a blackout of nearly 10 hours, though there was still very little traffic, according to CloudFlare, an Internet company in San Francisco.
Those connections to the outside world are managed by Star Joint Ventures, the country’s state-run Internet provider, and almost all of them run through China Unicom, China’s state-owned telecommunications company. They were not operative on Monday, but the causes could include a cyberattack by the United States — something American officials have said they would be hesitant to do if it meant infringing on Chinese sovereignty.
It is also possible China Unicom simply unplugged its neighbor. Internet monitors said a maintenance issue was unlikely to have caused such a prolonged failure.
Doug Madory, the director of Internet analysis at Dyn Research, an Internet performance management company, said that North Korean Internet access first became unstable late on Friday. The situation worsened over the weekend, and by Monday, North Korea’s Internet was completely offline.
“Their networks are under duress,” Mr. Madory said. “This is consistent with a DDoS attack on their routers,” he said, referring to a distributed denial of service attack, in which attackers flood a network with traffic until it collapses under the load.If the attack was American in origin — something the United States would probably never acknowledge — it would be a rare attack on another nation’s Internet connections.
Certainly the United States is positioned to cause failures in many places in the Internet: Among the most interesting documents released by Edward J. Snowden, the former National Security Agency contractor now in Moscow, was a map of “implants” that the United States has put in strategic places, from network connections to individual computers, around the world.
Those are most useful in cyberespionage, and the United States does a lot of that in China. Other Snowden documents showed that a major Chinese maker of network switching equipment, Huawei, was among American targets. So were leadership compounds and military locations.
But there is no evidence that American cyberactivities in China have moved from surveillance to what experts call “computer network exploitation” or, the next step, actual attacks. And the Chinese themselves have been coy.
China’s Foreign Ministry spokeswoman, Hua Chunying, said it was too early to know if Mr. Obama’s accusation against the North concerning the Sony attacks was true, Reuters reported Monday.
But she also said that China’s foreign minister, Wang Yi, “reaffirmed China’s relevant position, emphasizing China opposes all forms of cyberattacks and cyberterrorism” during a call on Sunday with Secretary of State John Kerry.
While rare, disruption of computers and networks is certainly part of the American offensive playbook. During the Iraq war, there were periodic efforts to send fake messages to cellphones or computers to lure militants into traps.
“Olympic Games,” the cyberattack on Iran’s nuclear enrichment facility, was an extremely sophisticated attack that destroyed centrifuges, the machines that enrich uranium. It was intended to slow Iran’s progress toward anuclear weapons capability.
The United States has never acknowledged the attacks, and the central role played by Mr. Obama did not become clear until the summer of 2012, more than two years after the events.
But a denial-of-service attack is far easier to arrange on short notice than a destructive attack. And it may be more akin to the “cybervandalism” that Mr. Obama spoke of against Sony. It is temporary, and while it imposes some costs, it would be limited in the case of North Korea because of the scarce availability of Internet services in the country.
“Proportional would mean that we would hack a North Korean movie company,” said Victor Cha of Georgetown University, who handled North Korean issues in the George W. Bush White House. “But that would not get you very far.”
Mr. Obama spoke Friday, during an interview with CNN, of the possibility of restoring the North to the list of state sponsors of terrorism. That, too, would have limited impact: The country is already among the most isolated on earth.
But it is also not clear that cutting off Internet service, if that is what happened in this case, would slow North Korean hackers. Many are believed to be based in China. Sony’s attackers used servers in Bolivia, Singapore and Thailand to launch their attacks. So any cutoff of Internet services would be mostly symbolic, a warning shot that two can play the game of disruption. via