Home / / N Korea’s Internet goes dark amid escalating Sony hack row: report

N Korea’s Internet goes dark amid escalating Sony hack row: report

US Internet monitoring firm claims total outage, days after Washington pledges response

N Korea’s Internet goes dark amid escalating Sony hack row: report
Kim Jong Un’s government has denied involvement in the attack on Sony Pictures.

A US-based Internet monitoring company yesterday claimed North Korea was struck by a complete Internet blackout, amid an escalating row between Kim Jong Un's government and Washington over last month's cyber-attack on Sony Pictures Entertainment.

The US government blames Pyongyang for the 22 November attack on Sony Pictures by a group calling itself Guardians of Peace, which crippled the studio's corporate network for more than a week and stole dozens of terabytes of data. The fallout from the incident included leaked movies and scripts, and the exposure of sensitive employee data and internal emails. The cost to Sony may have been as high as $100m, according to one analyst's estimate.

After his administration named North Korea as the perpetrator, President Barack Obama pledged a proportional response "in a place and time and manner that we choose".

According to Reuters, New Hampshire-based Dyn reported the outage, saying possible reasons ranged from technical problems to a cyber-attack.

Other cyber security commentators agreed, but also floated the theory that a non-state party could be responsible.

"It would be possible that a patriotic actor could achieve the same results with a botnet, however the president promised a proportional response," said Tom Kellermann, chief cybersecurity officer at Trend Micro.

Other specialists believed that a DDoS (distributed denial-of-service) attack would be sufficient to disable North Korea's Internet and would not require state-level resources.

"Even if North Korea had 10 times their publicly reported bandwidth, bringing down their connection to the Internet would not be difficult from a resource or technical standpoint," said Ofer Gayer, security researcher at Incapsula, in an emailed statement to ITP.net.

Continues on next page>>

North Korea had previously been on record as denouncing a forthcoming movie from Sony portraying the assassination of Kim, but has strongly denied direct involvement in the attack on Sony, instead choosing to praise "supporters" for carrying out the "righteous" operation. When Pyongyang's call for a joint investigation with US officials was rejected by Washington over the weekend, Kim's government pledged retaliatory strikes, of an indeterminate nature, on the US.

When the North lost Internet coverage, Dyn said it subsequently managed to restore it.

"We're yet to see how stable the new connection is," Jim Cowie, chief scientist for the company, told Reuters.

"The question for the next few hours is whether it will return to the unstable fluctuations we saw before the outage."

It is widely believed that only a privileged handful of North Korea's 24m population is allowed Internet access and according to Dyn, the country depends on a single provider, China Unicom, for traffic.

"When organisations - nation states or commercial entities - rely on a single Internet service provider and a small range of IP addresses, they make themselves easy prey," said Incapsula's Gayer. "Attackers have a single target - the one connection to the Internet backbone - to flood with traffic, effectively taking them offline."

The US this week reportedly asked China, one of North Korea's few allies, to send a strong message to Pyongyang by repatriating known hackers from the hermit nation, and disabling servers and routers used by North Korea that are part of Chinese networks.

In a separate incident, South Korea, which technically remains at war with the North, experienced a cyber-attack on a nuclear power plant. Command-and-control systems were reportedly not compromised and only resulted in the theft of non-critical data, but President Park Geun-hye today characterised the incident as a "grave situation". According to Reuters, South Korean officials would not rule out the North as a suspect.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.