North Korea's limited Internet connectivity has been cut off just days after President Barack Obama promised to "respond proportionately" to the Sony Pictures cyber attack believed by the Federal Bureau of Investigation (FBI) to be the brainchild of the isolationist regime.
Internet performance firm Dyn Research first reported the nationwide Internet blackout, saying North Korea has been experiencing intermittent Internet since Dec. 19 until it completely went dark on Dec. 22.
"The situation now is they are totally offline," Doug Madory, director of Internet analysis at Dyn Research, told Bloomberg. "I don't know that someone is launching a cyber attack against North Korea, but this isn't normal for them. Usually they are up solid. It is kind of out of the ordinary. This is not like anything I've seen before."
The outage is confirmed by Arbor Networks' director of security research Dan Holden, who says that North Korea has been under attack for several weeks, culminating in a sustained attack on Monday, which led to Pyongyang's disconnection.
CloudFlare founder Matthew Prince also confirmed the loss of service to The New York Times, saying North Korea's Internet connection is "toast."
The blackout appears to be caused by a simple denial of distributed service (DDoS) attack on North Korea's routers, where attackers flood the network with fake traffic until the servers crash. Any hacker with middling skills, says Holden, can launch the same attack with $200 in hand, suggesting North Korea's extremely limited Internet infrastructure.
"It's actually pretty easy," Jose Nazario, chief scientist at security software firm Invincea, said. "There are only a handful of hosts. It's relatively easy to attack just those hosts or the pipes that are present there. There's not that much bandwidth there. It's very, very accessible to anyone who wanted to attack them."
Experts believe the outage will not affect day-to-day life in North Korea very much, as the country only has 1,024 official Internet protocol addresses and little business and government activity is conducted online.
Analysis by Arbor Networks shows the volume of traffic in the country peaked at only 6Gbps on Dec. 20. North Korea's Internet connection is routed through state-owned China Unicom. It is unknown what its bandwidth is but it appears to be below 10Gbps. Furthermore, much of the network is limited to the capital city of Pyongyang.
The outage comes after President Obama's announcement that the White House takes North Korea's act of "cybervandalism" seriously. The timing certainly raises suspicions that North Korea's network was attacked in retaliation for the country's alleged involvement in the Sony Pictures hack, which Pyongyang's officials have repeatedly denied but praised as a "righteous deed."
A DDoS attack by the U.S. government appears to be the proportionate response to North Korea's "cybervandalism," but experts believe the outage was simply caused by hackers, some of whom have already surfaced to claim responsibility for cutting off North Korea.
"I'm quite sure this is not the work of the U.S. government," said Holden. "Much like a real-world strike from the U.S., you probably wouldn't know about it until it was too late. This is not the modus operandi of any government work."
Hacktivist group Anonymous has been vocal about its discontent over Sony Pictures' decision to withdraw The Interview after the Guardians of Peace threatened to bomb theaters showing the controversial Kim Jong-Un assassination film.
Lizard Squad, a cyber terrorist group that has claimed responsibility for the attacks of PlayStation Network and Xbox Live in the past, is also taking the credit for bringing North Korea's Internet down.
Xbox Live & other targets have way more capacity. North Korea is a piece of cake.
— Lizard Squad (@LizardUnit) December 22, 2014
22.214.171.124 = North Korea off button — Lizard Squad (@LizardUnit) December 22, 2014
North Korea #offline — Lizard Squad (@LizardUnit) December 22, 2014
"All we know for sure is that their networks are under duress," Madory says. "And we have not seen this kind of outage there before."
U.S. State Department Marie Harf says she cannot confirm if the U.S. government is behind North Korea's outage. Asked during a briefing about what steps the U.S. might take against North Korea, she said the government is considering a "range of options."
"Some will be seen. Some may not be seen," she said.
Hours after the hard crash, Internet in North Korea is back. Who pulled the plug? Nobody knows and no one will say. Perhaps, an "interview" may reveal answers.