A Blog by Jonathan Low


Dec 24, 2014

Source of North Korea Internet Blackout Questioned...As Is That of Sony Hack

So, just in time for Christmas, it appears that Sony and various movie theater exhibitors have announced that The Interview, the Seth Rogen- James Franco comedy about the pretend assassination of Kim Jung-un will begin screening after all.

This is certainly a huge gift to the Sony studio executives, movie theater operators and mall owners who surrendered their Profiles in Courage moment by caving in to threats delivered via internet hack. And it takes some of the heat off Messrs. Rogen and Franco whose judgment has been questioned for making a film about an actual person who happens to the apparently unstable leader of a rogue state with the largest standing army in the world and a rather impressive albeit less than convincingly disciplined nuclear capability.

All of which leaves us relieved - although a frisson of danger may accompany attendance at this film - which will probably boost its box office. It also leaves some lingering questions about who is responsible for the original hack, the rather auspicious or suspicious North Korean internet disappearance, neither of which, as the following article explains, is as clear as the FBI might want us to believe.

Suffice it to say that like a good Agatha Christie mystery, lots of people could have done it. But we'll probably have to wait for the movie version - based, no doubt, on 'real events' - to find out. JL

Russell Brandom reports in The Surge:

"I'd be far more surprised if it was a government launching the attack than I would if it was a kid in a Guy Fawkes mask."
Just two days after President Obama promised a proportionate response to the North Korean attack on Sony, the country mysteriously disappeared from the internet and stayed offline for the next 10 hours. Given the timing, the question was inevitable: was this the retaliation Obama had promised? But while it's tempting to connect the two, early reports suggest it's very unlikely that the downtime was the work of a government actor.
"I'm quite sure that this is not the work of the US government."
For a start, the timing doesn't add up. Arbor Networks' traffic monitoring project Atlas has been tracking denial of service attacks against North Korea all week, and it saw the first signs of an attack on Thursday, a full day before the FBI confirmed North Korean involvement. In his speech this Friday, President Obama pledged a proportionate response from the US, but also said he was still waiting for retaliatory options to be presented to him in the wake of the FBI's report, implying that he had not yet taken action. According to Atlas' data, the denial-of-service attacks against North Korea had already begun when Obama made that announcement, although they were not yet strong enough to bring the connection down entirely.

A graph from Atlas tracking the volume of attacks sent to North Korean IPs. (Note: The data from the 22nd is incomplete.)
Denial-of-service attacks work by flooding a connection or server with so much phony traffic that it becomes impossible for legitimate traffic to get through. In North Korea's case, that connection is the country's single link to China Unicom, the pathway for all of the country's limited internet traffic. But while the flood of traffic eventually grew large enough to overwhelm the connection, Atlas' research suggests it was primarily directed at the public-facing websites for the DPRK and Kim Il-sung University, neither of which seem to be likely targets for a military operation. More importantly, the slow ramp-up of the attacks suggests group-limited capabilities. If Obama had really ordered a North Korean blackout, the resulting attack would have taken seconds, not days — and stayed offline for significantly more than 10 hours. "I’m quite sure that this is not the work of the US government," concludes Atlas' Dan Holden. "Much like a real world strike from the US, you probably wouldn’t know about it until it was too late. This is not the modus operandi of any government work."
The content delivery network CloudFlare, which does significant work in denial-of-service mitigation, took a similar line. Reached by The Verge, CloudFlare CEO Matthew Prince broke out three alternate scenarios: a hardware failure, a voluntary internet shutdown, or a cut-off on the part of China Unicom. "I do think that it's highly unlikely that, if this was caused by an attack, that it was necessarily sponsored by a nation state," Prince said. Given the exceptionally low barrier to entry for a denial-of-service attack, nearly anyone on the web could be behind North Korea's connectivity problems. In fact, a number of online groups are already claiming responsibility, including an Anonymous-affiliated group called Lizard Unit. As with any Anonymous-linked claim, it's best to be skeptical — but as Prince put it, "I'd be far more surprised if it was a government launching the attack than I would if it was a kid in a Guy Fawkes mask."


Post a Comment