I’m wrapping myself in all sorts of tinfoil lately.
A whole lot’s been made of North Korea undergoing a Distributed Denial of Service attack yesterday that basically cut it off from the rest of the internet. There’s been speculation that the DDoS was perpetrated by the US, or by Sony, in response to the hack of Sony that North Korea’s currently being blamed for.
In regards to both the Sony hack and Korean DDoS, we don’t know at this point who did them. The FBI is obviously blaming North Korea for the former, but a number of experts find that implausible, as does this layperson. This is one of the major problems to the idea of “responding” to a cyberattack: unlike a gunshot, mortar or missile it’s hard as hell to tell where it came from. And the technologies to change that are the same technologies being abused by major governments around the world to spy on whole populations.
I’m going to go out on a limb here, though. And I’m going to make a stab at identifying the people that attacked North Korea and cut them off the internet.
It was the same damn people that hacked Sony.
I’m pretty sure the US wouldn’t respond with something as blatant as a DDoS attack, but it’s the perfect move to escalate US/North Korean tensions sky high. And it’s startlingly easy:
Prince and others bet that a run-of-the-mill DDoS attack took down North Korea’s Internet because the isolated country has a “pipe” to the Internet so narrow that a routine attack could easily flood its capacity and take it offline.
Ofer Gayer, security researcher at Incapsula, estimated North Korea’s total bandwidth at 2.5 Gbps, far under the capacity of many recent DDoS attacks, which typically are in the 10Gbps to 20Gbps range. “Even if North Korea had ten times their publicly reported bandwidth, bringing down their connection to the Internet would not be difficult from a resource or technical standpoint,” Gayer said, also in an email.
Almost all of North Korea’s Internet traffic passes through a connection provided by China Unicom, the neighboring country’s state-owned telecommunications company. North Korea has just a single block of IP (Internet protocol) addresses, or just 1,024 addresses, another vulnerability; in comparison, the U.S. boasts 1.6 billion IP addresses.
As the Computer World article states, there’s even the chance this is some random “kid in a Guy Fawkes mask.” But I’m willing to bet a small amount of money that it’s the same people that hacked Sony, who have no affiliation to North Korea whatsoever. It’s a fascinatingly easy way to screw around in the International Relations game, and a logical second step to their first with Sony. The inability to attribute hacks and cyberattacks means that a single actor can easily pretend to be both aggrieved sides.
The first attack had them down for nine hours yesterday. According to the folks that broke the story, DynResearch, North Korea is down again.
Let’s see what happens next.