North Korea internet outage: cyber war hots up with infrastructure attack
The cyber war sparked by an attack on Sony Pictures took a turn for the more serious last night, with North Korea’s internet being taken completely offline for almost 10 hours, seemingly by a DDoS attack.
Yes, you read that correctly, a DDoS attack.
It would normally be very difficult for attackers to disrupt an entire nation’s internet connectivity through this type of attack, however North Korea is connected to the internet via a single server, which made it uniquely vulnerable.
It’s thought the attack was made in retaliation for the hacking of Sony Pictures, which saw scripts, un-released films, emails and the personal data of Sony staff leaked online. A group calling itself Guardians of the Peace claimed responsibility for the hack, which was apparently carried out to deter Sony from releasing The Interview, a film about a plot to assassinate North Korean dictator Kim Jong-Un.
Due to the subject that drew Guardians of the Peace’s ire, and the fact that North Korea had previously protested the film to the US, saying its release would constitute an act of terrorism and war, the insular state has been blamed for sponsoring the original hack. North Korea, however, has denied any culpability and the evidence presented so far claiming to show the country’s guilt has been rather scant and flimsy.
The US has been particularly vociferous on the matter, with the FBI claiming it had linked North Korea with the attack due to the tools and techniques used. This has led to speculation that America may have been behind yesterday’s takedown of North Korea’s internet – speculation the country isn’t trying to deny.
A US State Department spokeswoman told CNN: “We aren’t going to discuss … publicly, operational details about the possible response options or comment on those kind of reports in any way, except to say that as we implement our responses, some will be seen, some may not be seen.”
However, there are other suspects as well. Both the Anonymous and Lizard Squad hacking collectives have claimed responsibility for the attacks, and Matthew Prince of network performance and security firm CloudFlare has said the perpetrator is “more likely it’s a 15-year-old in a Guy Fawkes mask” than the USA.
China has also been mooted in some circles as a culpret – the fact North Korea’s giant neighbour provides the country’s internet connectivity would certainly make it easier to carry out an attack like this. However, the lack of motive makes this unlikely.
Whoever carried out the attack, it appears to be over and North Korea’s internet is stumbling back to its feet at the time of writing, but there has been another twist in this tale of cyber-tit-for-tat.
Earlier in December South Korea also suffered a hacking incident, which saw the attacker make off with blueprints of some of the country’s nuclear reactors.
The hacker, who goes by the handle “president of anti-nuclear reactor group”, has been steadily publishing the details on Twitter. They have also claimed they will continue to release the data unless the country’s nuclear reactors are shut by Christmas day, and have warned the general population to “stay away” from the facilities, according to the BBC.
The company that runs South Korea’s 23 nuclear power plants has said the publications pose no threat, but has decided to run a cyber war drill anyway.
While correlation doesn’t equal causation, PC Pro can’t help but wonder about the timing of these leaks – particularly the 25 December deadline (which is when The Interview was scheduled to be released).
We’ll keep you updated as the story unfolds.