NEW: Cybersecurity expert: North Korea "may have disconnected themselves"
Research company says North Korea's Internet goes back down, only to return
Monday's Web blackout lasted more than nine hours, according to Dyn Research
Web disruption came amid escalating war of words between the U.S., North Korea
North Koreans’ ability to surf the Internet – for the few in the isolated nation who could ever really go online anyway – is rockier than ever.
Dyn Research reported on Monday that the country’s Internet was down, after 24 hours of “increasing instability.” It stayed dead for more than nine hours, then came back to life – but not for long. Half a day later Dyn said it was down again. Then it was back up, at about 1 a.m. Wednesday Pyongyang time (11 a.m. Tuesday ET), the company said.
But the assessment of Dyn, a company that monitors Internet performance worldwide, made earlier Tuesday, did not change: “North Korea continues its struggles to stay online.”
The timing of North Korea’s latest Internet issues makes them significant. They come days after the U.S. government blamed Pyongyang for being behind the hacking of Sony Pictures over that company’s production of “The Interview” – a comedy depicting the assassination of North Korean leader Kim Jong Un – as well as threats against anyone who dared watch the movie.
North Korea denied any responsibility, even as it blamed the U.S. government for being behind the making of the Seth Rogen-James Franco film. Its totalitarian government went on to officially make its own threat, warning the United States that its “citadels” will be attacked, dwarfing the hacking attack on Sony.
Pyongyang hasn’t leveled any blame or threats about its latest Internet outage. But experts are skeptical that the American government had any involvement.
That’s almost irrelevant, said Mike Chinoy, a frequent traveler to North Korea and former CNN correspondent.
“The issue … is not whether it was or it wasn’t (the United States that knocked out North Korea’s Internet). The issue is what the North Koreans think it was,” said Chinoy, a U.S.-China Institute senior fellow.
“And I think it’s safe to assume – unless they themselves took their system offline for their own security, which is not impossible – they’ll be looking to respond.”
Expert: Could be ‘a 15-year-old in a Guy Fawkes mask’
So who is behind North Korea’s Internet problems?
Unlike the Sony cyberattack and threats, which were linked to a group called “Guardians of Peace,” the latest issues haven’t been tied to any group or government.
It’s possible they have nothing to do with the Sony dust-up and are simply an internal matter. Another possibility: North Korea’s Internet traffic is routed through China, so issues or officials there may be to blame.
Another option: it could be a deliberate move by the country’s own government.
“North Korea may have disconnected themselves, either preemptively to prevent that movie from being distributed, but also, probably more likely, in a defensive posture,” said Shawn Henry, a cybersecurity expert and former executive assistant director of the FBI.
Talking when North Korea’s Internet was totally down, Dyn Research’s Doug Madory said “usually there are isolated blips” anyway in the country’s service. But he thinks what happened here was different.
“I wouldn’t be surprised if they are absorbing some sort of attack,” Madory said.
U.S. State Department spokeswoman Marie Harf deflected a question about the disruption. “We aren’t going to discuss – you know – publicly, operational details about the possible response options or comment on those kind of reports in any way, except to say that as we implement our responses, some will be seen, some may not be seen,” she said.
No one is saying the U.S. government couldn’t have carried out such an attack. But tech experts say it might not have needed to, given the ability of anyone, anywhere to do something like this.
What happened with Sony, especially the studio’s decision to shelve – at least temporarily – the release of “The Interview,” got a lot of people upset.
Matthew Prince, president of the performance and security company CloudFlare, told CNN he couldn’t say definitively that there was an attack at all. But if there was, he said it’s possible a lone individual, not an entire government, was behind it.
“If it is an attack, it’s highly unlikely it’s the United States. More likely it’s a 15-year-old in a Guy Fawkes mask,” said Prince, tying the prospective attackers to those connected to or inspired by the hacktivist movement Anonymous.
Limited technology, but not when it comes to hacking
Do these outages equal outrage, leaving North Koreans unable to view “Gangnam Style” for the 2-billionth-plus time? Have they been frustrated when they tried to check on the latest NBA results for their fantasy teams or engage in heated debates about local, national and international politics?
No. There’s a reason the Committee to Protect Journalists ranks North Korea second on its list of “Most Censored Countries.” Only a smattering of “ruling elites” can go online freely, leaving the public limited to a “heavily monitored and censored (intranet) network with no connections to the outside world,” according to the advocacy group.
Widespread computer technology overall isn’t a reality in one of the world’s poorest and, according to many outsiders, most antiquated countries.
A 2012 report from KISA, South Korea’s Internet development agency, noted North Korea then had only 1,024 IP addresses – unique numbers assigned to every device that logs on to the Internet – in a country of about 25 million people. That figure may not exactly reflect the current usage since, for example, people can use one IP address for several items, but it’s still paltry by any modern measure. The United States has more than 1.5 billion IP addresses.
Still, even if most North Koreans aren’t Web-savvy by design, a dangerous handful of them may be.
Jang Se-yul, who claims he worked as a computer expert for North Korea’s government before defecting seven years ago, told CNN he thinks that Pyongyang has 1,800 cyberwarriors stationed around the world. He says even the agents themselves don’t know how many others work for the secretive group – called Bureau 121 – whose mission is to “conduct cyberattacks against overseas and enemy states.”
An FBI investigation linked the malware, infrastructure and techniques used by the Guardians of Peace in the Sony attack to previous North Korean cyberattacks.
After that, U.S. President Barack Obama called the hack “an act of cybervandalism that was very costly, very expensive,” though he stopped sort of calling it an act of war.
The next question is: Will Kim, in Pyongyang, say the same about his country’s Internet issues?
CNN’s Dana Ford, Ralph Ellis, Samuel Burke, Jose Pagliery, Jethro Mullen, Hala Gorani and Catherine E. Shoichet contributed to this report.