"HE WHO LOVES PRACTICE WITHOUT THEORY IS LIKE THE SAILOR WHO BOARDS SHIP WITHOUT A RUDDER AND COMPASS AND NEVER KNOWS WHERE HE MAY CAST".
Leonardo Da Vinci
Tuesday, December 23, 2014
Korean Web goes dark days after Obama pledges response to Sony hack
A South Korean army soldier watches a TV news program showing North Korean leader Kim Jong Un at the Seoul Railway Station in Seoul, South Korea, Monday, Dec. 22. (Ahn Young-Joon/AP)
North Korea’s fledgling Internet access went dark Monday, days after President Obama promised a “proportional response” to the nation’s alleged hack of Sony Pictures Entertainment. The question of who pulled the plug immediately became the stuff of a global cyber-mystery.
Was it a shadowy crew of guerrilla hackers, under the flag of Anonymous?
A retaliatory strike from the United States? A betrayal from China,
North Korea’s top ally and its Web gatekeeper? Or just a technical
glitch or defensive maneuver from the Hermit Kingdom itself?
On Monday, a State Department official issued a somewhat coy
non-denial when asked about U.S. involvement in North Korea’s
The official wouldn’t comment on how the government plans to
avenge North Korea’s alleged attack on Sony but added, “As we
implement our responses, some will be seen, some will not be seen.”
The mystery behind North Korea’s 91/2-hour outage highlights
a paradox of modern cyberwarfare: As attacks become more
prominent, the combatants — and their motives — are becoming
harder to identify.
“This is the standard for espionage: Things are murky. It’s not
like the movies, where in the last scene someone ties it all together
with one long soliloquy,” said James Lewis, a senior fellow at
the Strategic Technologies Program at the Center for Strategic
and International Studies.
North Korea continues to deny that it was responsible for the hack
that hobbled Sony, exposed intimate e-mails from top executives
and posted online copies of unreleased films — all efforts in an
apparent revenge scheme for “The Interview,” a comedy about two
goofballs told to assassinate North Korean leader Kim Jong Un.
After Obama accused the country last week and promised retaliation,
North Korean officials at first offered to hold a joint investigation
with the United States to find the source of the attack.
Then Pyongyang warned through its state-owned news agency that
it would fight any retaliation with “our toughest counteraction . . .
against the White House, the Pentagon and the whole U.S. mainland,
the cesspool of terrorism, by far surpassing the ‘symmetric counteraction’
declared by Obama.”
On Thursday, researchers began to notice an uptick in attacks against North Korea’s Internet infrastructure. Designed to overload servers and Web sites with a flood of fake traffic, such “denial-of-service” attacks can render entire networks inoperable.
The next day, a Twitter account affiliated with Anonymous — the
collective behind numerous high-profile hacks — announced that
a counterattack against North Korean hackers had begun.
“Operation RIP North Korea, engaged. #OpRIPNK,” tweeted the
account known as @theanonmessage. (That account was suspended
by Twitter on Monday over separate threats it had made to
release a sex tape belonging to rapper Iggy Azalea.)
On Monday, a separate group, also claiming links to Anonymous,
sought credit for the outages.
The timing of the two tweets was consistent with statistics tracked
by the security research firm Arbor Networks. On Thursday, the
company recorded two denial-of-service attacks. The next day it
saw four. The wave peaked Saturday and Sunday with 5.97
gigabits of data inundating North Korea’s pipes every second.
Late Monday, Dyn Research said North Korea’s Internet access was
restored after a nine-hour, 31-minute outage.
While it is unclear whether Anonymous played a role in North
Korea’s downtime, at least six of the observed denial-of-service
attacks originated from the United States, Arbor Networks said.
But other security experts said hostile code can be adapted from
other attacks and filtered covertly through foreign servers. Even
basic cyberattacks can use decoys or distractions, including hosts
of “zombie” computers or falsified location data, to shake pursuers
off the trail.
“The actual work of evidence-gathering and prosecution is so much more difficult in the digital world than in the biological world,” said Alec Ross, a senior fellow at Columbia University’s School of International and Public Affairs. “Unlike a bullet, something ‘shot’ as a cyberweapon can be reused and repurposed. Obfuscation s much easier, and it’s much easier to distribute an attack.”
Some security analysts noted that North Korea’s rudimentary
Web pipeline flows directly through the routers of a company
called China Unicom, leading some experts to speculate that
Chinese hackers were responsible for the blackout. China may
have seen the Sony hack as an embarrassing, unauthorized mishap
from its small but loud ally, or thought the friction it sparked
with the economies of the United States and Japan could be too
destabilizing to ignore.
“It is quite possible that the Chinese are reminding the North Koreans
of who really controls those networks,” Ross said.
On Monday, the U.S. envoy to the United Nations called for global
partners to hold North Korea accountable for the hack on Sony as
well as longtime human rights abuses. “It is exactly the kind of
behavior we have come to expect from a regime that threatened
to take ‘merciless countermeasures’ against the U.S. over a Hollywood
comedy and has no qualms about holding tens of thousands of people
in harrowing gulags,” Ambassador Samantha Power said.
Doug Madory, director of Internet analysis at Dyn Research, doubted
that North Korea took down its own Internet, saying the event was
not consistent with a more common outage, like a cut wire or
technical error, because the connections struggled for hours to
come back online.
“This doesn’t look they’re taking themselves down. You’ve got hours
and hours of instability, and that comes from somewhere,”
Madory said. “It looks like their network is for hours just struggling
to stay online, trying to come back, and eventually it’s just over,
But Madory said that attributing blame for something like a distributed
denial-of-service (DDOS) attack is “notoriously difficult,” and that
something as unsophisticated as a DDOS attack would be easy to replicate.
Some hackers agreed the job wasn’t necessarily a mission-impossible
situation. A group of hackers calling itself Lizard Squad, which
has claimed knocking Sony’s PlayStation Network and several
other gaming services offline over the past few months, tweeted a
Web address it called the “North Korea off button.” It also tweeted
a message suggesting the blackout would be easy: “Xbox Live &
other targets have way more capacity. North Korea is a piece of cake.”
Source: By Cecilia Kang,, Drew Harwell and Brian Fung The Washington Post.