Downing North Korea’s Internet not much of a scalp
A student looks at a screen in the Grand People’s Study House in the North Korean capital of Pyongyang October 27, 2008.
Credit: Reuters/Jo Yong-Hak
SINGAPORE (Reuters) – If someone did just knock North Korea off the Internet for half a day, it wouldn’t have taken much.
With barely 1,000 Internet addresses, one Internet service provider and one connection to the outside world via China, North Korea‘s cyberlinks are negligible – barely one percent of that of Afghanistan, a similarly impoverished country with a roughly comparable population.
By the same token, closing down the links wouldn’t have had much of an effect within North Korea. For internal online communications it uses a closed Intranet network, but that was apparently not affected, according to officials across the border in the South.
North Korea is “one of the least connected countries in the world,” said Matthew Prince, CEO of U.S.-based CloudFlare, which, among other services, protects websites against web-based attacks.
It’s also one of the most vulnerable, said Jim Cowie, chief scientist at Dyn, a U.S.-based Internet performance company.
“North Korea, historically, is fairly fragile,” he said after Internet access to North Korea was restored at 0146 GMT on Tuesday. Internet links to the country remained snapped for several hours, but Cowie said the country had experienced outages of similar length this year.
The country is at the center of a confrontation with the United States over the hacking of Sony Pictures, but several U.S. officials said the U.S. government was not involved in any cyber action against Pyongyang.
Following the hacking, Sony canceled the release of a comedy about the fictional assassination of North Korean leader Kim Jong Un.
An outage of this kind could have been caused by one of several factors, according to CloudFlare’s Prince.
North Korea may have disabled the Internet itself, which could have been as simple as sending one command to a single router – possibly to seal the country from access to the movie and news about the confrontation with Washington.
It could also have been cut by China Unicom, the Chinese network which connects the country to the outside world. China has denied that it was involved.
Another possibility could have been a hardware issue, like for instance, a router breaking down.
Then there’s the possibility of an attack – meaning someone directed a flood of internet traffic at websites in North Korea until they, and eventually the country’s entire network, ground to a halt.
This is called a distributed denial of service, or DDoS, attack because the flood is spread across hundreds of computers, called a botnet.
A PROVINCIAL NETWORK
North Korea‘s Internet service is run by a joint venture between its Post and Telecommunications Corporation and Thailand‘s Loxley Pacific in Thailand. Any attack on the network would have go through China Unicom’s network, though it would be unlikely to affect it.
“This is a provincial network on the back of a provincial network,” said Dyn’s Cowie.
It’s not known how much Internet capacity North Korea has – how much traffic its network can tolerate before it is overwhelmed – but Prince reckons it could handle up to a maximum 10 gigabytes per second.
DDoS attacks nowadays can marshall hundreds of gigabytes per second. “It’s not particularly challenging for an individual to launch an attack which completely saturated North Korea‘s access to the internet,” he said.
Last week, by comparison, a 17-year old Londoner pleaded guilty to launching a DDoS attack against internet exchanges and an anti-spam service last year. Traffic during the attack exceeded 300 gigabytes per second.
A Twitter account with the handle @LizardSquad, which under similar accounts has previously claimed credit for attacks on prominent gaming websites, said in a tweet it was behind the North Korean outage.
CloudFlare’s Prince said the fact that North Korea’s Internet was now back up “is pretty good evidence that the outage wasn’t caused by a state-sponsored attack, otherwise it’d likely still be down for the count”.
Dyn’s Cowie said that while the evidence “was not inconsistent with an attack, it was not conclusive”.
(Additional reporting by Sohee Kim in Seoul; Editing by Raju Gopalakrishnan)