North Korean Internet Outage Probably Caused By Hackers, Not US (Updated)

December 23, 2014 - North Korea's internet was disrupted over the weekend, and finally went down completely on Monday. It came back online, but then it went down two more times. And tonight, reports Yonhap News Agency, "some major North Korean websites remained blocked Wednesday [Korea time] for the second straight day amid growing speculation over cyber warfare between Washington and Pyongyang. Since going down Monday evening, the website of the North's main propaganda organ, Uriminzokkiri, remained inaccessible as of early Wednesday."

North Korea's Kim Jong-un, digital dictator
Reuters/KCNA

UPDATE, 27 Dec 2014 - North Korea's Internet and 3G mobile network 'paralyzed,' according to Reuters: "Internet connectivity had not returned to normal as of 21:30 local time [Saturday night], Xinhua reported, citing reporters in the country that had confirmed the situation over fixed telephone systems. The report comes after the North Korean government called Obama a 'monkey' and blamed the United States for enduring instability in the country's internet infrastructure, after the U.S. blamed North Korea for hacking attack on Sony Studios."

But was it the work of the U.S. seeking revenge for the cyber attack on Sony Pictures? Some security experts "say the attack that temporarily knocked the isolated nation offline looks more like the work of hacker pranksters than a vengeful U.S. government," says Fusion.net.

The network was not down very long (about 10 hours), which indicates that the outages were probably not the retaliation promised by President Obama as for the devastating cyber attack on Sony Pictures on November 24.  Sure, it seems the outages are continuing, and it seems impressive that an entire nation's internet access was taken down. Right? Well, no, not really. Read on to find out why that's not true in the strange case of North Korea.

The FBI and Obama have blamed North Korea for penetrating Sony's computer system, stealing massive amounts of information, and then rendering the computers useless. Many in the info security business are skeptical of the accusations against North Korea, however, and some even say it might have been in inside job.

The mainstream assumption is that a film called "The Interview" pissed off North Korea's leader, Kim Jong-un by - among other things - depicting him as a douchebag and dying in a fiery explosion. Some say that the depiction of Kim in the film could have caused damage to his prestige if any of his generals or other privileged persons were able to access it, say on a black market DVD or even on the Internet.

On December 19, Obama vowed that the U.S. would "respond proportionally" against North Korea. If the most recent outage/s was caused by an Obama-authorized cyber attack on North Korea's interwebs, then it's a lame response. It certainly was not a proportionate response, considering the enormous, yet to be fully determined, financial losses of Sony Pictures. After all, to simply cause a disruption of less than 24 hours to a very few elite North Koreans probably did not cause any great hardships or damage.

Poster for "The Interview"

I think most of us are wishing for Obama to order up the crippling of Pyongyang's power grid. That would not only deny the North Koreans access to the Internet (no power, no computers), it would also force the artificially privileged of the capital city to live in the same desperate poverty that the rest of the country suffers. A simple EMP blast in the sky over Pyongyang ought to do the trick. Of course, that would cause more public relations problems than it's probably worth.

"North Korea's circle of internet users is so small that the country has only 1,024 IP addresses for 25 million people," reports Vox, "whereas the US has billions of IP addresses for 316 million people. While it's impossible to infer a specific number of internet-connected devices from this, it is safe to say that the number is very, very small." Kim Jong-un's regime has turned Internet access into "something that exists almost purely to cement his government's rule and to reward himself."

"The internet in North Korea is not a public good, nor even a good that the public is aware of," notes Vox. " It is purely and solely used as a government tool, for serving such ends as propaganda and hacking, and as a luxury good for the elites who run the government." The biggest inconvenience that an Internet outage might cause for North Korea would be the inability of their professional hackers and propagandists to operate.

This could pose a threat to Kim Jong-un's prestige. Who cares if the peasants never hear of "The Interview?" Theoretically, the elites could stream the film via their unfiltered Internet access or obtain the film on DVD.

If the elite watch "The Interview," it could hurt Kim's prestige and damage respect for the little dictator. It wouldn't change things immediately, says Rand Corporation senior defense analyst Bruce Bennett, "but the elite in North Korea aren’t happy with Kim Jong Un." Bennett says Kim is "purging people right and left, in far extreme of what his father did. He’s inducing instability in the country…You never know what’s going to change things."

Dyn Research in March 2013 that "the four networks of North Korea are routed by a single Internet service provider, Star JV (AS 131279), which has two international Internet service providers: China Unicom (AS 4837) and Intelsat (AS 22351)."

Taking down North Korea's access to the Internet for a few hours would be an inconvenience for Pyongyang and Kim Jong-un. But it would not impart any proportional damage (relative to the Sony losses) unless it also fried all of the computers connected to it. (There are other computers in North Korea, such as in schools, but they are connected to the state-run intranet, not to the internet. And so headlines referring to "Massive North Korea Internet Outages" are amusing because there is nothing "massive" about Internet access in North Korea.)

Then again, taking it down for a prolonged period of time (a very, very long time measured in years) would cripple North Korea's hacking program, which they use as a substitute for their weak military. A 62-year old defector from North Korea told Aljazeera that there are five reasons why Pyongyang loves cyber warfare, which can all be summed up briefly this way: Cyber warfare can be highly effective, low risk and relatively inexpensive.

While this recent outage might be an attack [by the U.S.], Dyn Research notes that "it’s also consistent with more common causes, such as power problems. Point causes such as breaks in fiberoptic cables, or deliberate upstream provider disconnections, seem less likely because they don’t generate prolonged instability before a total failure. We can only guess. The data themselves don’t speak to motivations, or distinguish human factors from physical infrastructure problems."

It shouldn't be surprising to learn that North Korea has had Internet outages in the past, and they've been on the receiving end of cyber attacks too: Uriminzokkiri, for example, was hacked back in April, 2013. North Korea has blamed those past outages and attacks on the U.S. But they were more likely the symptoms of a lousy infrastructure. Or the actions of playful hackers.

Also See:
Did North Korea Hack Sony? Bruce W. Bennett, Rand
The Sony saga: 10 reasons why the FBI is wrong IT Pro Portal
Obama Vows a Response to Cyberattack on Sony New York Times
Were hackers behind North Korea outage? Politico
North Korea’s Internet Outage Is Probably Due To Pranksters,Not U.S. ‘Cyberwar’ Fusion
It's Alarmingly Easy To Take North Korea's Internet Offline Business Insider UK
How to bring North Korea to its cyber-knees Matthew Gault
How North Korea, one of the world's poorest countries, got so good at hacking Vox

FBI Still Blames North Korea for Sony Hack (Updated)

December 19, 2014 - The FBI blamed North Korea today for the unprecedented computer hacking attack of Sony Pictures Entertainment (SPE) in late November. It is widely believed that the cyber attack was North Korea's retaliation for Sony's film "The Interview." The film depicts a fictional CIA-sponsored assassination of N. Korea's young dictator Kim Jong-un. UPDATED, 30 December: New Evidence.....

Kim Jong Un 'death scene' from The Interview
- MirrorNinja (watch video)

The Interview was released to theaters on Christmas Day, despite earlier threats of terrorism that caused Sony to pull the film's release.

The attack on Sony was devastating. In it's statement, the FBI said that "the destructive nature of this attack, coupled with its coercive nature, sets it apart." The statement said that the FBI is confident that the North Korean government "is responsible for these actions."

Experts Doubt North Korea's Role:
Was North Korea really behind the attack on Sony Picture's computers? Or was is one or more former Sony employees, possibly working as a paid contractor for North Korea?

On Dec. 29, Hollywood Reporter: "Security firm Norse claims it has evidence that shows the Sony hack was perpetrated by six individuals, including two based in the U.S., one in Canada, one in Singapore and one in Thailand. Norse senior vp Kurt Stammberger told the Ledger, a security industry news website, that among the six was one former Sony Pictures employee, a 10-year veteran of the company with a very technical background who was laid off in May following restructuring. Norse used human resources documents that were leaked as part of the hack to first identify and then track the former Sony employee's online activity at least since May, when the person left the company."

Dec. 27, CNN: "It's clear to us, based on both forensic and other evidence we've collected, that unequivocally they are not responsible for orchestrating or initiating the attack on Sony," said Sam Glines, who runs the cybersecurity company Norse.

Dec. 29, Dark Matters: "Norse Investigation Focusing on a Small Group, Including Sony Ex-Employees"

Dec. 30, Daily Beast: "Stammberger said that Norse’s analysis is now pointing toward an attack against Sony by disgruntled employees that was conducted in stages and over the course of several months, beginning as early as July, and that North Korea opportunistically praised the attack only after it was discovered."

From the FBI's December 19 press release:

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

....The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.
....Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.
....the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

- Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

- The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

- Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

....the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior.... (read the full press release here.)

Also See:
U.S. suspects North Korea had help attacking Sony Pictures Reuters (29 Dec)
New Evidence Points to Inside Job, Security Experts Say Hollywood Reporter (Dec 29)
No, North Korea Didn’t Hack Sony Daily Beast (30 Dec)
FBI Fixated on North Korea for Sony Hack Despite New Evidence Daily Beast (30 Dec)
Hackers Make New Demands On Sony Pictures TMZ
Obama pledges proportional response to Sony hack AP/Watertown Public Opinion
Hack Attack Spurs Call For More North Korea Sanctions AP/Atlanta Daily World
Watch the Kim Jong-un Death Scene from The Interview MirrorNinja
Sony Pictures hack: Timeline of revelations from unprecedented cyber-attack IBTimes
Sony Pictures proves Hollywood is a land of cowards New York Post
George Clooney: Hollywood must push for release of The Interview  The Telegraph (UK)
North Korea’s Secret Movie Bootleggers Daily Beast

North Korea Threatens Nuclear Attack on U.S.

March 7, 2013 - Could North Korea launch a nuclear attack on the United States? Probably not, but today a North Korean Foreign Ministry spokesman said North Korea would do just that in a "preemptive" strike.

The reason: The United Nations Security Council today unanimously passed Resolution 2094 by a vote of 15-0. The resolution calls for strict new sanctions to punish North Korea for its most recent nuclear test, which was conducted on February 12. This is the fourth time the U.N. has slapped NK with sanctions as punishment for its pursuit of nuclear weapons. The U.N. vote has the lunatics in NK's capitol city, Pyongyang, in fits of rage.

Video: North Korean TV Announcement of Kim Jung Il's Death

December 18, 2011 - This is how the North Korean people learned about the death of their leader Kim Jung Il earlier today, as reported by the official Korean Central News Agency (KCNA).



See related story from BBC World News.