A Bad Week for North Korea’s Rickety Internet, But Who’s to Blame?

It’s not clear how it happened. But following a massive leak of stolen Sony information—blamed on North Korea after the company filmed a movie about assassinating Kim Jong Un—the reclusive communist nation’s fragile Internet connections have spent a few days getting hammered by outages.

Thanks to a company based in Manchester, NH, we can get an idea of what this disruption looks like.

The Internet monitoring group at Dyn Research has spent more than 10 years watching the flow of Internet traffic around the world as part of its business selling network-monitoring services. That gives Dyn a pretty unique glimpse into the strength of Internet connections worldwide, and some insight into what might cause certain outages.

News of North Korea’s Internet crash has thrust the company’s expertise into the spotlight. It didn’t hurt that the crash of North Korea’s Internet connections came just a few days after President Barack Obama said the U.S. would “respond proportionally” for the cyberattack on Sony, which the U.S. has blamed on North Korea.

That statement by Obama came on Friday, Dec. 19. The following Sunday, North Korea’s Internet began facing “increasing instability.” By Monday afternoon East Coast time, North Korea’s Internet was down for the count.

It would take nine and a half hours for the North Korean Internet to get re-established, Dyn said:  

But that wasn’t the end of it. North Korea’s Internet would flicker off a couple more times on Tuesday, bouncing back both times. It finally bounced back Tuesday afternoon:

So, what caused this? When the network first went down, Dyn chief scientist Jim Cowie wrote that the pattern could reflect either an external attack or “more common causes, such as power problems.” It seemed unlikely to be caused by a cut in the physical Internet cables or a disconnection by one of the “upstream” Internet providers connecting North Korea to broader networks, he added.

After analyzing the broader pattern of on again, off again outages, the possible cause seemed to be a little clearer. In an interview with NPR, Dyn Internet analysis director Doug Madory said a power outage seemed less likely, and that two causes were potential culprits: a denial of service attack that sought to overload the North Korean network, or a bad-luck software glitch at the router level that just had very bad timing, in terms of geopolitical headlines.

The whodunit part is a lot harder to figure out. U.S. officials contacted by major news outlets declined to discuss whether the government was involved, which you’d expect. Madory, however, seemed to think this outage was evidence of something less powerful than a coordinated bit of cyberwarfare.

The North Korean Internet is extraordinarily small, with just about 1,000 IP addresses, compared to around 1 billion addresses in the U.S. alone. North Korea also depends on China for its sole link to the rest of the Internet, Dyn noted.

“It does seem that if it were a cyber-attack, that it would be surprising to find out a nation-state did this and it took them hours to take down this tiny network,” Madory told NPR.

Trending on Xconomy