Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Garden-variety DDoS attack knocks North Korea off the Internet

Gregg Keizer | Jan. 2, 2015
Experts cite the fragility of North Korea's connection, note that routine DDoS attacks could have easily forced the country offline.

The IDG News Service, which like Computerworld is owned and operated by IDG, reported Monday that North Korea had fallen off the Internet.

North Korea's outage might have gone unreported but for the November hack of Sony Pictures; the release of gigabytes of the Hollywood studio's internal documents; Sony yanking The Interview, a comedy that portrayed the assassination of Kim Jung-un, the country's dictator, after hackers threatened American theaters; and the U.S. government's contention that North Korea was responsible.

In comments last week, President Obama said, "We will respond proportionally [to North Korea], and we will respond in a place and time and manner we choose."

But it's far more likely that North Korea's connection to the world was severed by hacktivists or cyber terrorists than by the U.S., or any other nation, the researchers said.

Dan Holden, the director of Arbor Networks' security engineering and response team, said the attacks were relatively small in scale -- the weekend peak was just shy of 6 Gbps -- and among other targets, took aim at the primary and secondary DNS (domain name system) servers for most websites in North Korea.

"It's not as if a super sophisticated attack is needed in order to cripple it," Holden said in a Monday blog.

Holden also pointed out that a pair of hacktivist cyber-terrorist groups, Anonymous and Lizard Squad, had taken to Twitter to threaten to attack North Korea. Both groups have used DDoS attacks in the past to knock sites offline.

Prince of CloudFlare posed other possibilities, ranging from North Korea purposefully cutting itself off from the Internet -- a move other authoritarian regimes have made, such as Syria -- to China Unicom breaking the connection.

But Prince leaned toward the DDoS theory. "Given the largest DDoS attacks are an order of magnitude larger than [North Korea's capability], it is conceivable that an attack saturated the connection and knocked the site offline," Prince said. "It's worth remembering that just a few weeks ago a teenager in the U.K. pleaded guilty for single-handedly generating a 300Gbps attack against Spamhaus."

Prince's reference was to the 17-year-old arrested this summer and charged with launching a massive DDoS attack in March 2013 against the anti-spam organization.

Cowie of Dyn Research concurred with the other experts who pointed to the flimsiness of North Korea's Internet connection, although like Prince, he said there might have been causes other than a DDoS. "A long pattern of up-and-down connectivity, followed by a total outage, seems consistent with a fragile network under external attack," Cowie said in a Monday blog. "But it's also consistent with more common causes, such as power problems."

North Korea did not mention the outage on its news website late Monday before it again went dark, but it did include a rambling 1,700-word missive from the National Defense Commission (NDC), the agency that controls the country's huge military forces. The NDC sharply threatened the U.S. with retaliation if a cyberattack was launched against the DPRK.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.