Downing North Korea's Internet not much of a scalp

Downing North Korea's Internet not much of a scalp

SINGAPORE - If someone did just knock North Korea off the Internet for half a day, it wouldn't have taken much.

With barely 1,000 Internet addresses, one Internet service provider and one connection to the outside world via China, North Korea's cyberlinks are negligible - barely one per cent of that of Afghanistan, a similarly impoverished country with a roughly comparable population.

By the same token, closing down the links wouldn't have had much of an effect within North Korea. For internal online communications it uses a closed Intranet network, but that was apparently not affected, according to officials across the border in the South.

North Korea is "one of the least connected countries in the world," said Matthew Prince, CEO of US-based CloudFlare, which, among other services, protects websites against web-based attacks.

It's also one of the most vulnerable, said Jim Cowie, chief scientist at Dyn, a US-based Internet performance company. "North Korea, historically, is fairly fragile," he said after Internet access to North Korea was restored at 0146 GMT on Tuesday. Internet links to the country remained snapped for serveral hours, but Cowie said the country had experienced outages of similar length this year.

The country is at the centre of a confrontation with the United States over the hacking of Sony Pictures, but several US officials said the US government was not involved in any cyber action against Pyongyang.

Following the hacking, Sony cancelled the release of a comedy about the fictional assassination of North Korean leader Kim Jong Un.

An outage of this kind could have been caused by one of several factors, according to CloudFlare's Prince.

North Korea may have disabled the Internet itself, which could have been as simple as sending one command to a single router - possibily to seal the country from access to the movie and news about the confrontation with Washington.

It could also have been cut by China Unicom, the Chinese network which connects the country to the outside world. China has denied that it was involved.

Another possibility could have been a hardware issue, like for instance, a router breaking down.

Then there's the possibility of an attack - meaning someone directed a flood of internet traffic at websites in North Korea until they, and eventually the country's entire network, ground to a halt.

This is called a distributed denial of service, or DDoS, attack because the flood is spread across hundreds of computers, called a botnet.

A PROVINCIAL NETWORK

North Korea's Internet service is run by a joint venture between its Post and Telecommunications Corporation and Thailand's Loxley Pacific in Thailand. Any attack on the network would have go through China Unicom's network, though it would be unlikely to affect it. "This is a provincial network on the back of a provincial network," said Dyn's Cowie.

It's not known how much Internet capacity North Korea has - how much traffic its network can tolerate before it is overwhelmed - but Prince reckons it could handle up to a maximum 10 gigabytes per second.

DDoS attacks nowadays can marshall hundreds of gigabytes per second. "It's not particularly challenging for an individual to launch an attack which completely saturated North Korea's access to the internet," he said.

Last week, by comparison, a 17-year old Londoner pleaded guilty to launching a DDoS attack against internet exchanges and an anti-spam service last year. Traffic during the attack exceeded 300 gigabytes per second.

A Twitter account with the handle @LizardSquad, which under similar accounts has previously claimed credit for attacks on prominent gaming websites, said in a tweet it was behind the North Korean outage.

CloudFlare's Prince said the fact that North Korea's Internet was now back up "is pretty good evidence that the outage wasn't caused by a state-sponsored attack, otherwise it'd likely still be down for the count".

Dyn's Cowie said that while the evidence "was not inconsistent with an attack, it was not conclusive".

This website is best viewed using the latest versions of web browsers.