Internet connectivity between North Korea and the outside world, though never robust to begin with, is currently suffering one of its worst outages in recent memory, suggesting that the country may be enduring a mass cyber attack a few days after President Obama warned the US would launch a "proportional response" to North Korea's hack against Sony.
"I haven't seen such a steady beat of routing instability and outages in KP before," said Doug Madory, director of Internet analysis at the cybsecurity firm Dyn Research, according to Martyn Williams of the excellent blog North Korea Tech. Madory explained, "Usually there are isolated blips, not continuous connectivity problems. I wouldn't be surprised if they are absorbing some sort of attack presently."
While it's entirely possible that this is due to run-of-the-mill maintenance or technical issues, it's hard to miss that the outage comes just days after President Obama condemned North Korea as responsible for the massive cyberattack against Sony and pledged a "proportional" US response. Two other cybersecurity firms confirmed to the New York Times that North Korea's is collapsing amid an apparent cyber attack.
The outage also comes as China is investigating the accusations against North Korea over the Sony hack. North Korea's internet access is wired through China, which gives China more or less direct control over North Korea's access to the outside world.
Yes, North Korea does have the internet. Very few citizens have access to it, it's slow, and the connection is shaky. But it allows North Korea's state media, its propagandists, and its vaunted cyberwarfare divisions a way to access the outside world, as well as ways for sympathetic Koreans in South Korea and Japan to link up with the Hermit Kingdom. The country is wired through China, North Korea's northern neighbor and sole ally.
Why could this be happening? Did the US launch a cyber attack against North Korea in retaliation for the Sony hack? On the one hand, the White House has reportedly ruled out any sort of "demonstration strike" cyber reprisal against North Korean internet targets. On the other, that does not necessarily rule out a possible American effort to simply disrupt or sever North Korea's connection to the outside internet, if only to block future attacks.
It's also possible that China is attempting to shut down North Korea's internet connections with the outside world, perhaps so as to avoid future North Korean attacks that would embarrass China. While China is North Korea's patron, it also typically seeks to tamp down the Hermit Kingdom's provocations, which Beijing rightly sees as bad for Chinese interests.
Vigilante hackers could also theoretically be responsible, perhaps in an attempt to punish North Korea for the Sony attack, although past efforts by groups such as Anonymous have been spectacular failures.
While it's possible that North Korea is preemptively closing off its own internet access, hoping to prevent or preempt any US reprisal attacks, that would not explain why connectivity occasionally pops back up, suggesting that either an outage or a deliberate attack is the cause.