Attack Is Suspected as North Korean Internet Collapses
SAN FRANCISCO — North Korea’s already tenuous links to the Internet went completely dark on Monday after days of instability, in what Internet monitors described as one of the worst North Korean network failures in years.
The loss of service came just days after President Obama pledged that the United States would launch a “proportional response” to the recent attacks on Sony Pictures, which government officials have linked to North Korea. While an attack on North Korea’s networks was suspected, there was no definitive evidence of it.
Doug Madory, the director of Internet analysis at Dyn Research, an Internet performance management company, said that North Korean Internet access first became unstable late Friday. The situation worsened over the weekend, and by Monday, North Korea’s Internet was completely offline.
“Their networks are under duress,” Mr. Madory said. “This is consistent with a DDoS attack on their routers,” he said, referring to a distributed denial of service attack, in which attackers flood a network with traffic until it collapses under the load.
North Korea does very little commercial or government business over the Internet. The country officially has 1,024 Internet protocol addresses, though the actual number may be somewhat higher. By comparison, the United States has billions of addresses.
North Korea’s addresses are managed by Star Joint Venture, the state-run Internet provider, which routes many of those connections through China Unicom, China’s state-owned telecommunications company.
By Monday morning, those addresses had gone dark for over an hour.
CloudFlare, an Internet company based in San Francisco, confirmed Monday that North Korea’s Internet access was “toast.” A large number of connections had been withdrawn, “showing that the North Korean network has gone away,” Matthew Prince, CloudFlare’s founder, wrote in an email.
Although the failure might have been caused by maintenance problems, Mr. Madory and others said that such problems most likely would not have caused such a prolonged, widespread loss.
The failure follows requests by the Obama administration to China seeking its help in blocking North Korea’s ability to wage cyberattacks, an early step toward the “proportional response” that Mr. Obama promised, as well as a broader warning to others who may try similar attacks on American targets in the future, senior administration officials have said.
The loss of service is not likely to affect the vast majority of North Koreans, who have no access to the Internet. The biggest impact would be felt by the country’s elite, state-run media channels and its propagandists, as well as its cadre of cyberwarriors.
If the attack was American in origin — something the United States would probably never acknowledge — it would be a rare effort by the United States to attack a nation’s Internet connections. Until now, most operations by the United States have amounted to cyberespionage, mostly to collect defense information or the communications of terrorism suspects.
But a denial-of-service attack is more like cybervandalism, the term that Mr. Obama used to describe North Korea’s action against Sony. It is temporary, and while it imposes some costs, it would be limited in the case of North Korea because of the scarce availability of Internet services in the country.
Security experts cautioned that the origins of such a failure could be many. North Korea could be preemptively taking its systems offline to prepare for an attack, or the loss of service could be the result of an attack by vigilante hackers, though hacking collectives, such as Anonymous, had not taken credit for the failure.
Chris Nicholson, a spokesman for Akamai, an Internet content delivery company, said it was difficult to pinpoint the exact origin of the failure, given that the company typically sees only a trickle of Internet connectivity from North Korea.
“All we know for sure is that their networks are under duress,” Mr. Madory said. “And we have not seen this kind of outage there before.”