Obama Makes Good His Threat as North Korea Internet Goes Dark
North Korea’s fledgling Internet access went dark Monday, days after President Obama promised a “proportional response” to the nation’s alleged hack of Sony Pictures Entertainment. The question of who pulled the plug immediately became the stuff of a global cyber-mystery.
Was it a shadowy crew of guerrilla hackers, under the flag of Anonymous? A retaliatory strike from the United States? A betrayal from China, North Korea’s top ally and its Web gatekeeper? Or just a technical glitch or defensive manoeuvre from the Hermit Kingdom itself?
On Monday, a State Department official issued a somewhat coy non-denial when asked about U.S. involvement in North Korea’s blackout. The official wouldn’t comment on how the government plans to avenge North Korea’s alleged attack on Sony but added, “As we implement our responses, some will be seen, some will not be seen.”
The mystery behind North Korea’s 9 1/2 -hour outage highlights a paradox of modern cyberwarfare: As attacks become more prominent, the combatants — and their motives — are becoming harder to identify.
Spokesperson Marie Harf sidestepped questions from reporters about what role the U.S. may have played in the apparent internet outage in North Korea during a news briefing on Tuesday. (Reuters)
“This is the standard for espionage: Things are murky. It’s not like the movies, where in the last scene someone ties it all together with one long soliloquy,” said James Lewis, a senior fellow at the Strategic Technologies Program at the Center for Strategic and International Studies.
North Korea continues to deny that it was responsible for the hack that hobbled Sony, exposed intimate e-mails from top executives and posted online copies of unreleased films — all efforts in an apparent revenge scheme for “The Interview,” a comedy about two goofballs told to assassinate North Korean leader Kim Jong Un. After Obama accused the country last week and promised retaliation, North Korean officials at first offered to hold a joint investigation with the United States to find the source of the attack.
Then Pyongyang warned through its state-owned news agency that it would fight any retaliation with “our toughest counteraction . . . against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the ‘symmetric counteraction’ declared by Obama.”
On Thursday, researchers began to notice an uptick in attacks against North Korea’s Internet infrastructure. Designed to overload servers and Web sites with a flood of fake traffic, such “denial-of-service” attacks can render entire networks inoperable.
The next day, a Twitter account affiliated with Anonymous — the collective behind numerous high-profile hacks — announced that a counterattack against North Korean hackers had begun.
On Monday, a separate group, also claiming links to Anonymous, sought credit for the outages.
The timing of the two tweets was consistent with statistics tracked by the security research firm Arbor Networks. On Thursday, the company recorded two denial-of-service attacks. The next day it saw four. The wave peaked Saturday and Sunday with 5.97 gigabits of data inundating North Korea’s pipes every second.
While it is unclear whether Anonymous played a role in North Korea’s downtime, at least six of the observed denial-of-service attacks originated from the United States, Arbor Networks said.
But other security experts said hostile code can be adapted from other attacks and filtered covertly through foreign servers. Even basic cyberattacks can use decoys or distractions, including hosts of “zombie” computers or falsified location data, to shake pursuers off the trail.
“The actual work of evidence-gathering and prosecution is so much more difficult in the digital world than in the biological world,” said Alec Ross, a senior fellow at Columbia University’s School of International and Public Affairs. “Unlike a bullet, something ‘shot’ as a cyberweapon can be reused and repurposed. Obfuscation is much easier, and it’s much easier to distribute an attack.”
Some security analysts noted that North Korea’s rudimentary Web pipeline flows directly through the routers of a company called China Unicom, leading some experts to speculate that Chinese hackers were responsible for the blackout. China may have seen the Sony hack as an embarrassing, unauthorized mishap from its small but loud ally, or thought the friction it sparked with the economies of the United States and Japan could be too destabilizing to ignore.