This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2014/12/23/world/asia/attack-is-suspected-as-north-korean-internet-collapses.html

The article has changed 5 times. There is an RSS feed of changes available.

Version 1 Version 2
Attack Is Suspected as North Korean Internet Collapses North Korea Loses Its Link to the Internet
(about 7 hours later)
SAN FRANCISCO — North Korea’s already tenuous links to the Internet went completely dark on Monday after days of instability, in what Internet monitors described as one of the worst North Korean network failures in years. SAN FRANCISCO — A strange thing happened to North Korea’s already tenuous link to the Internet on Monday: It stopped.
The loss of service came just days after President Obama pledged that the United States would launch a “proportional response” to the recent attacks on Sony Pictures, which government officials have linked to North Korea. While an attack on North Korea’s networks was suspected, there was no definitive evidence of it. While perhaps a coincidence, the failure of the country’s computer connections began only hours after President Obama declared Friday that the United States would launch a “proportional response” to what he termed an act of “cybervandalism” against Sony Pictures.
Doug Madory, the director of Internet analysis at Dyn Research, an Internet performance management company, said that North Korean Internet access first became unstable late Friday. The situation worsened over the weekend, and by Monday, North Korea’s Internet was completely offline. Over the weekend, as North Korean officials demanded a “joint investigation” into the Sony attacks and denied culpability an assertion the United States rejected Internet service began to get wobbly. By early Monday, the Internet went as dark as one of those satellite photographs showing the impoverished country by night.
“Their networks are under duress,” Mr. Madory said. “This is consistent with a DDoS attack on their routers,” he said, referring to a distributed denial of service attack, in which attackers flood a network with traffic until it collapses under the load. Experts who monitor the health of the global Internet called it one of the worst North Korean network failures in years. But American officials who had described over the weekend how they were intensely focused on the country’s telecommunications connections through China and how they had asked the Chinese government for help in cutting off the North’s ability to send malicious code around the world declined to discuss what befell those connections.
North Korea does very little commercial or government business over the Internet. The country officially has 1,024 Internet protocol addresses, though the actual number may be somewhat higher. By comparison, the United States has billions of addresses. “I guess accidents can happen,” one said in a very brief telephone conversation.
North Korea’s addresses are managed by Star Joint Venture, the state-run Internet provider, which routes many of those connections through China Unicom, China’s state-owned telecommunications company. A State Department spokeswoman, Marie Harf, told reporters on Monday, “We aren’t going to discuss, you know, publicly operational details about the possible response options,” adding that “as we implement our responses, some will be seen, some may not be seen.”
By Monday morning, those addresses had gone dark for over an hour. There was no definitive way, at least in the short term, to determine whether the connection had been cut, overloaded, or attacked. And security experts cautioned that there could be many reasons for Monday’s failure. North Korea could be pre-emptively taking its systems offline to prepare for an attack, some said.
Chris Nicholson, a spokesman for Akamai, an Internet content delivery company, said it was difficult to pinpoint the origin of the failure, given that the company typically sees only a trickle of Internet connectivity from North Korea. The country has only 1,024 official Internet protocol addresses, though the actual number may be a little higher. That is fewer than many city blocks in New York have. The United States, by comparison, has billions of addresses.
But as the sun rose in North Korea on Tuesday morning, the few connections to the outside world — available only to the elite, the military, and North Korea’s prodigious propaganda machine — were still out.
Those connections to the outside world are managed by Star Joint Ventures, the country’s state-run Internet provider, and almost all of them run through China Unicom, China’s state-owned telecommunications company. They were not operative on Monday, but the causes could include a cyberattack by the United States — something American officials have said they would be hesitant to do if it meant infringing on Chinese sovereignty.
It is also possible China Unicom simply unplugged its neighbor. Internet monitors said a maintenance issue was unlikely to have caused such a prolonged failure.
CloudFlare, an Internet company based in San Francisco, confirmed Monday that North Korea’s Internet access was “toast.” A large number of connections had been withdrawn, “showing that the North Korean network has gone away,” Matthew Prince, CloudFlare’s founder, wrote in an email.CloudFlare, an Internet company based in San Francisco, confirmed Monday that North Korea’s Internet access was “toast.” A large number of connections had been withdrawn, “showing that the North Korean network has gone away,” Matthew Prince, CloudFlare’s founder, wrote in an email.
Although the failure might have been caused by maintenance problems, Mr. Madory and others said that such problems most likely would not have caused such a prolonged, widespread loss. Doug Madory, the director of Internet analysis at Dyn Research, an Internet performance management company, said that North Korean Internet access first became unstable late on Friday. The situation worsened over the weekend, and by Monday, North Korea’s Internet was completely offline.
The failure follows requests by the Obama administration to China seeking its help in blocking North Korea’s ability to wage cyberattacks, an early step toward the “proportional response” that Mr. Obama promised, as well as a broader warning to others who may try similar attacks on American targets in the future, senior administration officials have said. “Their networks are under duress,” Mr. Madory said. “This is consistent with a DDoS attack on their routers,” he said, referring to a distributed denial of service attack, in which attackers flood a network with traffic until it collapses under the load.
The loss of service is not likely to affect the vast majority of North Koreans, who have no access to the Internet. The biggest impact would be felt by the country’s elite, state-run media channels and its propagandists, as well as its cadre of cyberwarriors. If the attack was American in origin something the United States would probably never acknowledge it would be a rare effort by the United States to attack a nation’s Internet connections.
If the attack was American in origin something the United States would probably never acknowledge it would be a rare effort by the United States to attack a nation’s Internet connections. Until now, most operations by the United States have amounted to cyberespionage, mostly to collect defense information or the communications of terrorism suspects. Certainly the United States is positioned to cause failures in many places in the Internet: Among the most interesting documents released by Edward J. Snowden, the former National Security Agency contractor now in Moscow, was a map of “implants” that the United States has put in strategic places, from network connections to individual computers, around the world.
During the Iraq war, there were periodic efforts to send fake messages to cellphones or computers to lure Qaeda suspects or other adversaries into traps. “Olympic Games,” the cyberattack on Iran’s nuclear enrichment facility, was an extremely rare and sophisticated destructive attack, intended to slow Iran’s progress toward a nuclear weapons capability. Those are most useful in cyberespionage, and the United States does a lot of that in China. Other Snowden documents showed that a major Chinese maker of network switching equipment, Huawei, was among American targets. So were leadership compounds and military locations.
But a denial-of-service attack is more like cybervandalism, the term that Mr. Obama used to describe North Korea’s action against Sony. It is temporary, and while it imposes some costs, it would be limited in the case of North Korea because of the scarce availability of Internet services in the country. But there is no evidence that American cyberactivities in China have moved from surveillance to what experts call “computer network exploitation” or, the next step, actual attacks. And the Chinese themselves have been coy.
Security experts cautioned that the origins of such a failure could be many. North Korea could be preemptively taking its systems offline to prepare for an attack, or the loss of service could be the result of an attack by vigilante hackers, though hacking collectives, such as Anonymous, had not taken credit for the failure. China’s foreign ministry spokeswoman, Hua Chunying, said it was too early to know if Mr. Obama’s accusation against the North concerning the Sony attacks was true, Reuters reported Monday.
Chris Nicholson, a spokesman for Akamai, an Internet content delivery company, said it was difficult to pinpoint the exact origin of the failure, given that the company typically sees only a trickle of Internet connectivity from North Korea. “China will handle it in accordance with relevant international and Chinese laws according to the facts,” she said.
“All we know for sure is that their networks are under duress,” Mr. Madory said. “And we have not seen this kind of outage there before.” But she also said that China’s foreign minister, Wang Yi, “reaffirmed China’s relevant position, emphasizing China opposes all forms of cyberattacks and cyberterrorism” during a call on Sunday with Secretary of State John Kerry.
While rare, disruption of computers and networks is certainly part of the American offensive playbook. During the Iraq war, there were periodic efforts to send fake messages to cellphones or computers to lure Qaeda suspects or other adversaries into traps.
“Olympic Games,” the cyberattack on Iran’s nuclear enrichment facility, was an extremely sophisticated destructive attack that destroyed centrifuges, the machines that enrich uranium. It was intended to slow Iran’s progress toward a nuclear weapons capability.
The United States has never acknowledged the attacks, and the central role played by Mr. Obama did not become clear until the summer of 2012, more than two years after the events.
But a denial-of-service attack is far easier to arrange on short notice than a destructive attack. And it may be more akin to the “cybervandalism” that Mr. Obama spoke of against Sony. It is temporary, and while it imposes some costs, it would be limited in the case of North Korea because of the scarce availability of Internet services in the country.
“Proportional would mean that we would hack a North Korean movie company,” said Victor Cha of Georgetown University, who handled North Korean issues in the George W. Bush White House. “But that would not get you very far.”
Mr. Obama spoke Friday, during an interview with CNN, of the possibility of restoring the North to the list of state sponsors of terrorism. That, too, would have limited impact: The country is already among the most isolated on earth.
But it is also not clear that cutting off Internet service, if that is what happened in this case, would slow North Korean hackers. Many are believed to be based in China. Sony’s attackers used servers in Bolivia, Singapore and Thailand to launch their attacks. So any cutoff of Internet services would be mostly symbolic, a warning shot that two can play the game of disruption.