North Korea back online: Was it the target of a cyberattack?

North Korea lost its connection to the Internet following days of instability, monitors say

North Korea experienced a major Internet outage on Tuesday, according to companies that monitor global networks, raising suspicion that the country may have been the target of a cyberattack.

The loss of service came just days after President Obama warned that the U.S. would respond to the recent computer hack of Sony Pictures Entertainment, which the FBI has blamed on North Korea. But U.S. officials declined to say whether the government was responsible.

Researchers at Dyn, an Internet performance management company based in New Hampshire, began noticing increasing amounts of instability in North Korea’s connection over the weekend.

Networks that govern how traffic is supposed to reach North Korea “began to appear and disappear, sort of flickering on and off,” said James Cowie, chief scientist at Dyn. “That’s a very typical thing to see when an end site is under a large attack and it’s having trouble staying connected to the Internet. But it can also be consistent with something like a power outage.”

About 2 a.m. Tuesday (9 a.m. Monday in Los Angeles), North Korea’s Internet connection went down, Dyn reported. It was restored after nine hours and 31 minutes, the company tweeted.

San Francisco-based CloudFlare confirmed the outage, which it said lasted 9 hours and 50 minutes. But neither company could say what caused it.

North Korea may have decided to take itself off the Internet, CloudFlare's cofounder, Matthew Prince, said in an email. Countries with low levels of connectivity and a high degree of government control over telecommunications have been known to do this when they feel threatened, as Egypt did during the 2011 uprising that toppled President Hosni Mubarak.

A decision could also have been made in China to terminate North Korea's access to the Internet. The four networks that North Korea uses rely on China Unicom, the state-run telecommunications company, Cowie said.

Or there may have been an attack by a third party. Experts said that it would not require the involvement of a state actor to overwhelm North Korea's connection with traffic until it collapsed.

"While we don't know how much capacity there is coming in and out of North Korea, it is unlikely to be more than 10s of gigabits per second," Prince wrote. "It's worth remembering that just a few weeks ago a teenager in the UK plead guilty for single handedly generating a 300-Gbps attack against Spamhaus."

He later said he thought it unlikely that North Korea's outage was caused by a state-sponsored attack, "otherwise it'd likely still be down for the count."

North Korea's Internet problems could have been the result of a technical fault, such as a hardware failure or a severed cable.

"It's unlikely that North Korea has an up-to-date Cisco support contract, and a critical resource may have failed for innocuous reasons," Prince said.

Such loss of connectivity is not without precedent in North Korea.

“We have seen instability, and we’ve even seen multi-hour outages in the past because it is a kind of end-of-the-road, fragile connection,” Cowie said. “But I think the timing and the duration of this one are causing us to look a little harder at it.”

President Obama on Friday said the U.S. would respond to the cyberattack on Sony, which led to a massive leak of sensitive information, and threats that prompted the studio to cancel the release of “The Interview,” a comedy centered on a fictional plot to assassinate North Korean leader Kim Jong Un.

“They caused a lot of damage. And we will respond,” he said. “We will respond proportionally, and we'll respond in a place and time and manner that we choose.”

Officials did not elaborate on what the U.S. might do.

“We aren’t going to discuss publicly operational details about the possible response options, or comment on those kind of reports in any way, except to say that as we implement our responses, some will be seen, some may not be seen,” State Department spokeswoman Marie Harf told reporters  Monday.

The U.S. has discussed the issue with Chinese officials and asked for their cooperation. On Monday, a Chinese official told reporters that the country’s foreign minister, Wang Yi, had assured Secretary of State John F. Kerry in a phone conversation the previous day that Beijing “opposes all forms of cyberattacks and cyber terrorism.”

But ministry spokeswoman Hua Chunying cautioned against “making any conclusions” about who was responsible for the cyberattack against Sony before there has been a full accounting of the facts.

North Korea has denied responsibility and reacted angrily to the U.S. accusations. On Sunday, the country’s defense department threatened to “blow up” the White House, the Pentagon and other U.S. targets if Washington retaliated against North Korea.

For more international news, follow @alexzavis on Twitter

Copyright © 2016, Los Angeles Times

UPDATES

10:39 p.m.: This post was updated with Prince saying he thinks it unlikely that North Korea's outage was the result of a state-sponsored attack.

7 p.m.: This post was updated with North Korea's Internet connection reportedly restored.

6:44 p.m.: This post was updated with comment from CloudFlare co-founder Matthew Prince.

This post was originally published at 5: 30 p.m.

61°