Hacker group hints it caused North Korean Internet crash


Fresh Internet outages continued to plague North Korea on Tuesday, and speculation about the cause of the rogue country’s systemwide crash earlier in the day broadened to include a hacking group that hinted it was responsible.

North Korea’s Internet connection went down about 2 a.m. Tuesday and wasn’t restored for more than 9 1/2 hours, prompting speculation that the U.S. government might have waged a cyberattack against Pyongyang in retaliation for the Nov. 24 hacking of Sony Pictures Entertainment. The FBI has accused North Korea of committing the attack on the Los Angeles-area studios where the controversial film “The Interview” was made, portraying a fictional assassination plot against North Korean leader Kim Jong Un.

North Korea’s online community consists of only about 1,000 Internet Protocol addresses, estimates the Dyn research firm that evaluates Internet performance worldwide.


President Obama warned last week that the United States might respond “proportionally” to the attack at Sony that released sensitive information into cyberspace, including executives’ salaries, confidential email exchanges, scripts and full-length films.

North Korea has denied it hacked into the Sony computer systems and leaked the trove of documents and productions but called the breach a “righteous deed” to punish the studios for making the film Pyongyang has denounced as a bellicose provocation. On Sunday, the country’s defense department threatened to “blow up” the White House, the Pentagon and other U.S. targets if Washington retaliated against North Korea.

The FBI reported last week that North Korea’s government was believed to be behind the Sony hacking and anonymous emails that threatened to launch massive attacks on U.S. cinemagoers if “The Interview” was premiered in theaters as scheduled on Dec. 25. Sony pulled back the release in response to the threats but on Tuesday announced that the film will screen on schedule in limited release to independent theaters.

Neither the White House nor the State Department responded to inquiries about whether the United States was responsible for the early Tuesday crash of North Korea’s Internet, which is accessible to only small circles of the Pyongyang elite.

Internet security analysts’ speculation on the cause of the long outage focused on sources outside of government and included the possibility of North Korean officials taking down the network to protect it from any long-term damage or even a technical fault like a systemwide hardware failure or a severed cable.

On Tuesday, the “hacktivist” group Lizard Squad proclaimed via Twitter that the shutdown of North Korea’s Internet was “a piece of cake.” The group’s Twitter account, @Lizardunit, was suspended shortly after three tweets intimating that the cyber saboteurs had caused the outage.


Internet security analysts said the North Korean crash looked more like the work of technology vandals than a government action.

“The attack being the act of vigilantes is a much more plausible theory than the U.S. government,” said a blogger for Incapsula, a cloud-based website security provider that has been tracking the North Korea outage. “And true to form, they took credit publicly, which is typical behavior for a hacktivist group.”

Dan Holden, director of Arbor Networks’ security engineering and response team, said he was sure the North Korea crash wasn’t Washington’s handiwork, as it didn’t conform to “the modus operandi of any government work.”

Several brief disruptions occurred after Tuesday’s major outage, said David Belson, senior director of industry and data intelligence for Akamai Technologies, a cloud computing services firm.

Follow @cjwilliamslat for the latest international news 24/7