Tuesday, December 23, 2014

North Korean Internet Outage Probably Caused By Hackers, Not US (Updated)

December 23, 2014 - North Korea's internet was disrupted over the weekend, and finally went down completely on Monday. It came back online, but then it went down two more times. And tonight, reports Yonhap News Agency, "some major North Korean websites remained blocked Wednesday [Korea time] for the second straight day amid growing speculation over cyber warfare between Washington and Pyongyang. Since going down Monday evening, the website of the North's main propaganda organ, Uriminzokkiri, remained inaccessible as of early Wednesday."

North Korea's Kim Jong-un, digital dictator
UPDATE, 27 Dec 2014 - North Korea's Internet and 3G mobile network 'paralyzed,' according to Reuters: "Internet connectivity had not returned to normal as of 21:30 local time [Saturday night], Xinhua reported, citing reporters in the country that had confirmed the situation over fixed telephone systems. The report comes after the North Korean government called Obama a 'monkey' and blamed the United States for enduring instability in the country's internet infrastructure, after the U.S. blamed North Korea for hacking attack on Sony Studios."

But was it the work of the U.S. seeking revenge for the cyber attack on Sony Pictures? Some security experts "say the attack that temporarily knocked the isolated nation offline looks more like the work of hacker pranksters than a vengeful U.S. government," says Fusion.net.

The network was not down very long (about 10 hours), which indicates that the outages were probably not the retaliation promised by President Obama as for the devastating cyber attack on Sony Pictures on November 24.  Sure, it seems the outages are continuing, and it seems impressive that an entire nation's internet access was taken down. Right? Well, no, not really. Read on to find out why that's not true in the strange case of North Korea.

The FBI and Obama have blamed North Korea for penetrating Sony's computer system, stealing massive amounts of information, and then rendering the computers useless. Many in the info security business are skeptical of the accusations against North Korea, however, and some even say it might have been in inside job.

The mainstream assumption is that a film called "The Interview" pissed off North Korea's leader, Kim Jong-un by - among other things - depicting him as a douchebag and dying in a fiery explosion. Some say that the depiction of Kim in the film could have caused damage to his prestige if any of his generals or other privileged persons were able to access it, say on a black market DVD or even on the Internet.

On December 19, Obama vowed that the U.S. would "respond proportionally" against North Korea. If the most recent outage/s was caused by an Obama-authorized cyber attack on North Korea's interwebs, then it's a lame response. It certainly was not a proportionate response, considering the enormous, yet to be fully determined, financial losses of Sony Pictures. After all, to simply cause a disruption of less than 24 hours to a very few elite North Koreans probably did not cause any great hardships or damage.

Poster for "The Interview"
I think most of us are wishing for Obama to order up the crippling of Pyongyang's power grid. That would not only deny the North Koreans access to the Internet (no power, no computers), it would also force the artificially privileged of the capital city to live in the same desperate poverty that the rest of the country suffers. A simple EMP blast in the sky over Pyongyang ought to do the trick. Of course, that would cause more public relations problems than it's probably worth.

"North Korea's circle of internet users is so small that the country has only 1,024 IP addresses for 25 million people," reports Vox, "whereas the US has billions of IP addresses for 316 million people. While it's impossible to infer a specific number of internet-connected devices from this, it is safe to say that the number is very, very small." Kim Jong-un's regime has turned Internet access into "something that exists almost purely to cement his government's rule and to reward himself."

"The internet in North Korea is not a public good, nor even a good that the public is aware of," notes Vox. " It is purely and solely used as a government tool, for serving such ends as propaganda and hacking, and as a luxury good for the elites who run the government." The biggest inconvenience that an Internet outage might cause for North Korea would be the inability of their professional hackers and propagandists to operate.

This could pose a threat to Kim Jong-un's prestige. Who cares if the peasants never hear of "The Interview?" Theoretically, the elites could stream the film via their unfiltered Internet access or obtain the film on DVD.

If the elite watch "The Interview," it could hurt Kim's prestige and damage respect for the little dictator. It wouldn't change things immediately, says Rand Corporation senior defense analyst Bruce Bennett, "but the elite in North Korea aren’t happy with Kim Jong Un." Bennett says Kim is "purging people right and left, in far extreme of what his father did. He’s inducing instability in the country…You never know what’s going to change things."

Dyn Research in March 2013 that "the four networks of North Korea are routed by a single Internet service provider, Star JV (AS 131279), which has two international Internet service providers: China Unicom (AS 4837) and Intelsat (AS 22351)."

Taking down North Korea's access to the Internet for a few hours would be an inconvenience for Pyongyang and Kim Jong-un. But it would not impart any proportional damage (relative to the Sony losses) unless it also fried all of the computers connected to it. (There are other computers in North Korea, such as in schools, but they are connected to the state-run intranet, not to the internet. And so headlines referring to "Massive North Korea Internet Outages" are amusing because there is nothing "massive" about Internet access in North Korea.)

Then again, taking it down for a prolonged period of time (a very, very long time measured in years) would cripple North Korea's hacking program, which they use as a substitute for their weak military. A 62-year old defector from North Korea told Aljazeera that there are five reasons why Pyongyang loves cyber warfare, which can all be summed up briefly this way: Cyber warfare can be highly effective, low risk and relatively inexpensive.

While this recent outage might be an attack [by the U.S.], Dyn Research notes that "it’s also consistent with more common causes, such as power problems. Point causes such as breaks in fiberoptic cables, or deliberate upstream provider disconnections, seem less likely because they don’t generate prolonged instability before a total failure. We can only guess. The data themselves don’t speak to motivations, or distinguish human factors from physical infrastructure problems."

It shouldn't be surprising to learn that North Korea has had Internet outages in the past, and they've been on the receiving end of cyber attacks too: Uriminzokkiri, for example, was hacked back in April, 2013. North Korea has blamed those past outages and attacks on the U.S. But they were more likely the symptoms of a lousy infrastructure. Or the actions of playful hackers.

Also See:
Did North Korea Hack Sony? Bruce W. Bennett, Rand
The Sony saga: 10 reasons why the FBI is wrong IT Pro Portal
Obama Vows a Response to Cyberattack on Sony New York Times
Were hackers behind North Korea outage? Politico
North Korea’s Internet Outage Is Probably Due To Pranksters,Not U.S. ‘Cyberwar’ Fusion
It's Alarmingly Easy To Take North Korea's Internet Offline Business Insider UK
How to bring North Korea to its cyber-knees Matthew Gault
How North Korea, one of the world's poorest countries, got so good at hacking Vox