Norks' internet goes TITSUP in possible DDoS attack

Complete outage for Little Kim's kingdom

Kim Jong-un

If the North Koreans really do have an elite hacking squad, it'll be twiddling its thumbs at the moment, as all internet activity in the country has gone dark in an outage that bears the hallmarks of a distributed denial of service (DDoS) attack.

"In the last 24 hours the signal has been getting worse and worse and today it went offline completely and has been out for a couple of hours now," Doug Madory, director of internet analysis at Dyn Research (formerly known as Renesys) told The Register at midday on Monday.

The North Korean network is usually pretty stable, he explained, with the regime getting its interlinks from China Unicom. An outage like this is unusual, particularly as it comes at a time when the Norks' internet abilities are under the microscope.

Outages typically occur one of two ways, Madory said. If the wrong cable has been cut, traffic falls off a cliff until the break is fixed. But if it's a software problem, performance degrades in a similar way to the traffic patterns seen in North Korea now.

"It could be that this is the day their router flakes out and has a software malfunction that caused the network to crash," Madory said. "But it would also be consistent with some form of attack, such as a DDoS."

Last week, the FBI announced that it had concrete evidence that North Korea was behind the attack on Sony Pictures, which has forced the Japanese company to cancel the release of the Seth Rogan/James Franco comedy film The Interview. Security experts are skeptical, but President Obama promised that the US would respond "proportionally, and at a time of our choosing."

But Madory said that the outage, if it was a DDOS attack, needn't have come from the United States, or indeed from any nation-state.

"It all depends on what kind of mitigation systems the North Koreans had in place," he said. "If they had very little security against this kind of attack then anyone with a credit card could buy time on a botnet and launch an attack." ®




Biting the hand that feeds IT © 1998–2019