:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/63700365/north_korea_flag.0.1546214858.0.jpg)
Three days after an apparent denial-of-service attack halted its Internet connections, North Korea suffered another Internet outage and the country’s only wireless phone network was reportedly down.
The five-hour Internet disruption was flagged by DYN Research, a research firm that tracks the performance of the Internet’s global infrastructure. Reuters reported the 3G wireless outage, citing China’s official state news agency Xinhua, which said that service went down about 7:30 pm Pyongyang time (2:30 am PT). It is unclear whether the two outages were connected.
Unlike Internet service, which estimates suggest reaches no more than 1,000 people in the nation, a wireless phone service outage would affect a much wider population segment.
In September, Koryolink, the country’s only wireless carrier, reported that it had 2.4 million subscribers, or about 10 percent of the population, up from two million in May of 2013. The carrier is majority owned by Egypt-based Orascom.
North Korean citizens are restricted to making domestic calls only and have no Internet access on their phones, while foreigners staying in the country for long periods of time, usually diplomats, are allowed some limited wireless Internet access. Koryolink’s service area includes the capital city of Pyongyang and five other cities, as well as several major roads and railroad lines.
A spokesperson at the White House didn’t immediately return messages seeking comment.
DYN highlighted the Internet outage in a graphic posted on Twitter.
https://twitter.com/DynResearch/status/548875674531164160
The denial-of-service attack beginning on Dec. 22, which some have attributed to a group of self-styled hackers activists, halted Internet connections in North Korea for nine hours.
North Korea has blamed the United States for the Internet attacks. It didn’t immediately issue a statement concerning the reported wireless outage.
An official statement issued Friday night U.S. time chastised the nation for “disturbing the Internet operation of major media of the DPRK, not knowing shame like children playing a tag.” (North Korea’s formal name is the Democratic People’s Republic of Korea.)
The bellicose words are the latest escalation in the back and forth between the countries following a devastating hacking attack against Sony Pictures Entertainment. The United States has said North Korea was “centrally involved,” in the attacks, during which tens of thousands of sensitive emails from Sony senior executives, numerous confidential business documents, five films and other information were leaked to Internet file-sharing sites.
A group calling itself the Guardians of Peace has claimed responsibility for the attack, threatening further leaks as well as violence ahead of the release of the Sony-produced comedy “The Interview.”
Starring Seth Rogen and James Franco, the movie is a fictional account of a tabloid TV anchor and his producer who secure a rare interview with North Korean leader Kim Jong-un and are then recruited by the CIA to try to assassinate him. North Korea has condemned the film and sought to block its release. It debuted online and in 300 U.S. theaters on Christmas Day.
In its latest statement, North Korea called the film an “illegal, dishonest and reactionary movie,” and said President Obama forced Sony to “indiscriminately distribute it” after it was briefly shelved. It has previously denied any connection to the hacking attacks, but praised the efforts of the hackers, calling the attack a “righteous deed.”
Update: Some new data has surfaced concerning how the attacks against North Korea’s Internet systems unfolded. Arbor Networks, a security firm that tracks denial-of-service attacks around the world, said the attackers have switched tactics in recent days.
Dan Holden, an analyst at the firm, said the first attacks on Dec. 22 used the Internet’s time servers to launch anonymous denial-of-service attacks against North Korea’s domain name system, which translates domain names to numerical Internet protocol addresses.
By Dec. 25, the attacks appear to be focused on Border Gateway Protocol routers, which maintain connections between Internet providers.
“This represents a completely different approach than what had been previously reported,” Holden said. “Whomever was doing it was going after the router rather than the name servers and websites.”
This article originally appeared on Recode.net.
