Who — or what — might have caused North Korea's Internet outage? The mystery has all the trappings of an international spy thriller, all the more so now that some people claiming links to Anonymous are seeking credit for the disruption. A shadowy hacker clan taking down the IT infrastructure of the world's most secretive regime? It's just too good.
But although analysts largely believe some hacktivists were involved, it's unlikely anyone from Anonymous was actually responsible for taking down the Hermit Kingdom's systems. Here's why.
We know at least a few things about the 9.5-hour outage, even if we can't pinpoint the culprit. The break in service coincided with a number of denial-of-service attacks recorded by Western network researchers. These attacks are designed to flood a network with bogus traffic so that the target's systems are forced to shut down.
The denial-of-service attacks targeted two servers responsible for routing Internet traffic to North Korean Web sites, along with a number of actual sites belonging to a North Korean university and the government's official public portal, according to IT analysts at Arbor Networks.
The surge in fake traffic also took place at roughly the same time that Twitter accounts claiming to represent Anonymous announced #OpRIPNK, a retribution campaign against North Korea.
All these signs point to the work of hacktivists — not the U.S. government, researchers say.
"If the government wanted to do something about this, I would suspect they would do something more targeted toward the leadership rather than just shutting down the network," said Eugene Spafford, a professor of information security at Purdue University. "Teenagers with botnets regularly shut down networks."
Targeting the financial assets of North Korean leaders (rather than the country's Internet equipment) would be much more closely aligned with President Obama's warning of a "proportional response" — and something the White House could accomplish that nameless hacktivists probably couldn't on their own, Spafford added.
Still, Anonymous appears only loosely connected if at all to North Korea's outage. Dissent within the organization bubbled over this week when one Twitter account that endorsed #OpRIPNK was shut down by Twitter over separate threats to release a sex tape belonging to rapper Iggy Azalea. Another Anonymous-affiliated Twitter account then responded with this:
— Anonymous (@YourAnonNews) December 21, 2014
Other Anonymous watchers agreed that #OpRIPNK isn't much to sneeze at. More likely, it's an attempt by some members of Anonymous to claim credit at an advantageous moment, said Gabriella Coleman, a researcher who studies Anonymous at McGill University.
@anonycraig yea I bet someone is capitalizing on it... Does not seem to really be an op.
— Gabriella Coleman (@BiellaColeman) December 22, 2014
There isn't much chatter about #OpRIPNK taking place among the "big accounts" associated with the group, either, Coleman said in an e-mail.
But just because Anonymous wasn't the culprit doesn't rule out other hacker groups. For instance, a group known as Lizard Squad (which gained notoriety for reportedly taking down the PlayStation Network) also celebrated the North Korean Internet disruption.
— Melissa, Basílissa (@0xabad1dea) December 23, 2014
"Let me say this about Lizard Squad," said Dan Holden, a lead researcher for Arbor Networks. "My personal opinion is those guys know what they're doing, and if they're coming after you, you're going to have a bad day."