North Korea Tech has more:
“I haven’t seen such a steady beat of routing instability and outages in KP before,” said Doug Madory, director of Internet analysis at Dyn Research. “Usually there are isolated blips, not continuous connectivity problems. I wouldn’t be surprised if they are absorbing some sort of attack presently.”
Is this an attack? The chances aren't zero, considering that the few North Koreans who can actually get online tend to be government and military officials. Even if the outages are the result of somebody's deliberate act, however, proving that the United States did it would be difficult.
In a press briefing Monday, a State Department official wouldn't comment on "operational details about the possible response options" but did say, somewhat cryptically, that "some will be seen, some may not be seen."
There are other questions, too. When one country wants to bomb another but has to fly through a third country to get there, it typically needs the third country's permission. How does that work in cyberspace? Early reports suggest the United States did indeed ask China for help in attacking North Korea's digital infrastructure. (Pretty much all the telecom routes to North Korea run through China.) But those reports last week said China had not responded to the U.S. request. Did that change in the last few days?
North Korea's struggles do sound consistent with "cyber vandalism," which is the term Obama used for the Sony hacking, so perhaps this is Washington's idea of a proportional response. Then again, a disruption in connectivity is very different from infiltrating a network and stealing secrets. And we know the U.S. military has a very precise way of talking about cyber operations.
In a twist, hackers claiming to be associated with the group Anonymous sought credit for the outages in a tweet published Monday with the hashtag #OpRIPNK.
On Friday, a separate Twitter account, also thought to be affiliated with Anonymous, announced that a counterattack against North Korean hackers had begun. "Operation RIP North Korea, engaged. #OpRIPNK," tweeted the account known as @theanonmessage. That account was suspended by Twitter Monday over separate threats it had made to release a sex tape belonging to rapper Iggy Azalea. The timing of the two tweets is consistent with statistics tracked by the security research firm Arbor Networks, which found an uptick in denial-of-service attacks against North Korea beginning Thursday. That day, the company recorded two outages. The following day it saw four. And the attacks began peaking on Dec. 20 and 21, according to Arbor, with 5.97 gigabits of data flooding North Korea's pipes every second.
While it's unclear whether Anonymous had a role to play in North Korea's downtime, at least six of Arbor's observed denial-of-service attacks originated from the United States, the security firm said. Arbor’s analysis showed that the denial-of-service attacks targeted a handful of North Korean Web sites. They include Pyongyang’s official Web portal, Naenara, as well as an educational site belonging to Kim Il Sung University. The attackers also took aim at two servers that route Internet traffic to North Korean sites. The highly public nature of the hack suggests the work of outside hackers, according to the firm. “It would be easier to say who is NOT doing this,” wrote Dan Holden, Arbor’s director of security research, in a blog post Monday. "This is not the modus operandi of any government work."
Update: Dyn Research is now reporting that North Korea's Internet is back up.