North Koreas tiny corner of the global Internet was knocked offline Monday as U.S. officials hinted about secret responses to Pyongyangs cyberattack on Sony Pictures Entertainment, but the temporary outage was likely the result of an attack by hackers rather than any strike by another country.
Dan Holden, a director at network defense firm Arbor Networks, which tracks Internet attacks around the world, says all the technical evidence shows that the North Korean outage was more likely a denial of service attack an intentional network traffic jam orchestrated by hackers.
Story Continued Below
Much like a real-world strike from the U.S., you probably wouldnt know about it until it was too late. This is not the modus operandi of any government work, he wrote in a blog post.
Late Monday, however, Dyn Research, which monitors global Internet connectivity, tweeted that service was back up in North Korea, after about a 10-hour outage.
Holden said it was unclear whether North Korea had been knocked offline or had unplugged itself as a defensive measure but either way, the denial of service attack was responsible. It certainly would not be difficult, he said.
Arbor said it began observing denial of service attacks targeting the approximately 1,000 North Korean Internet addresses on Thursday. Media reports circulated connecting the reclusive Stalinist regime to the massive Nov. 24 hack that crippled Sony Pictures Entertainment, supposedly in retaliation for the Seth Rogen comedy The Interview.
The outage spurred speculation that it might be part of the proportionate response that President Barack Obama promised over the weekend and U.S. officials did little to tamp it down.
We arent going to discuss publicly operational details about the possible response options or comment on those kind of reports in any way except to say that as we implement our responses, some will be seen, some may not be seen, said State Department spokeswoman Marie Harf in response to questions about the North Korean outage. So I cant confirm those reports, but in general, thats what the president has spoken to.
White House Cybersecurity Coordinator Michael Daniel declined to comment on the outage, but said the administration wants to send a deterrence message to North Korea and and others that might be tempted to follow the same path.
This meant that at least part of the response would probably need to be public, he said, or if not public, at least knowable to the North Koreans.
But much would remain covert, he said. We also may want to be able to just diminish their capacity to carry out these kind of attacks in the future, in which case we may not want them to know everything that we have done to do that, Daniel said.
Attacks peaked over the weekend according to Arbors data, drawn from nearly 300 Internet service providers that share anonymized traffic data with the Burlington, Mass.-based company.
Around noon Eastern Time on Monday, the North Korean IP range went out, and did not come back up, said Jim Cowie, chief scientist of Dyn Research, which monitors global Internet connectivity.
About a day of intermittent connectivity preceded the shutdown, according to Dyn Research and other companies observations. Almost the entirety of the very small North Korean Internet of approximately a thousand Internet protocol addresses is routed through the Chinese state-owned Internet service provider Chinese Unicom, Cowie said. That presents a very small attack surface for anybody who wants to take it out, he added.
Hackers known as the Lizard Squad, who have a history of launching sophisticated denial of service attacks including against the Sony PlayStation network took credit. North Korea #offline reads a Tweet from @LizardUnit posted Monday afternoon.
Xbox Live & other targets have way more capacity. North Korea is a piece of cake, the account said shortly afterward.
In an interview with POLITICO, Holden also noted that the attack accomplished little, if the goal is disruption, since Internet connectivity with the outside world hardly pervades North Korean society.
But experts say when that Obama described the North Korean attack on Sony Pictures Entertainment as a very expensive act of cyber vandalism rather than an act of war, he laid out important limits on the response.
Cyber scholars dont agree on what precisely an act of cyber war would look like, but the general consensus is that if it were aimed at a private company rather than the U.S. government, the effects must be catastrophic dead bodies, massive financial ruin or an attack targeting critical infrastructure such as energy grids and water lines. Hacking a movie studio no matter how devastatingly effective doesnt make the cut.
That means the proportionate response Obama promised is extremely unlikely to include a conventional military strike. Theres no military option on the table. The Sony hack doesnt meet that threshold, said James Lewis of the Center for Strategic and International Studies.
The response might include a cyber counterattack, but if and when Obama were to order such a strike, it would likely be carried out by intelligence agencies whose operations are less legally restricted rather than by uniformed military, former national security officials say.
Thanks to the way U.S. cyberpower is now organized, however, the same man could be in charge: Adm. Michael Rogers heads both U.S. Cyber Command, the militarys online warriors, and the NSA, whose hackers would likely lead any intelligence cyber operation designed to punish North Korea.
This is less about Sony and its more about trying to deter North Korea from attacks on critical infrastructure in the future, added Adam Segal, director of the Council on Foreign Relations Cyberspace Policy program.
The president also has a range of diplomatic options, such as returning North Korea to the list of state sponsors of terrorism and rallying other nations to further isolate the rogue communist state. Secretary of State John Kerry over the weekend asked China for help, and the State Department would also take the lead when weighing sanctions or other diplomatic measures.
In a normal situation, with a normal country, youd probably call the ambassador into the State Department and tell [him or her] this is very bad and you shouldnt do this kind of thing, said Bruce McConnell, former Homeland Security Department cyber counsel. Of course, North Korea is not a normal country, and that limits your diplomatic impact.
The attacks against North Korea used a well-known method called reflection attacks that require only a little Internet traffic to overwhelm routers with too many connection requests, a technique typical of hacktivists rather than governments, Holden noted.
Other cybersecurity experts also cautioned against rushing to assuming that the attack is part of the proportionate response Obama promised last week.
Its impossible to know how much bandwidth flows into North Korea, but its likely quite small, noted Matthew Prince, CEO of content delivery network provider CloudFlare.
Its probably risky to speculate that that attack is being launched by any state-based entity, he said. Its much, much more likely that its some 15-year-old in a Guy Fawkes mask.
Source: http://www.politico.com/story/2014/12/north-korea-internet-113746.html
No comments:
Post a Comment