NEW YORK – North Korea’s limited access to the Internet was restored after being cut off for hours, days after the U.S. government accused the country of hacking into Sony Corp.’s files.
The connection, which can be patchy, was restored after a nearly 10-hour outage, Dyn Research said on Twitter today. Two state-run news websites were working as of 11:30 a.m. local time, including that of the Workers’ Party newspaper Rodong Sinmun, which showed leader Kim Jong Un touring a catfish farm.
North Korea, which has four official networks connecting the country to the Internet — all of which route through China — began experiencing intermittent problems yesterday and today went completely dark, according to Doug Madory, director of Internet analysis at Dyn Research in Hanover, New Hampshire.
“I don’t know that someone is launching a cyberattack against North Korea, but this isn’t normal for them,” Madory said. “It is kind of out of the ordinary. This is not like anything I’ve seen before.”
U.S. President Barack Obama said last week that Sony Pictures Entertainment had suffered significant damage and vowed to respond.
But the North warned yesterday that any U.S. punishment over the hacking attack on would lead to a retaliation “thousands of times greater,” while insisting that it doesn’t know the identity of the hackers — who call themselves “Guardians of Peace” — claiming responsibility for breaking into Sony’s computer network.
The attack on Sony’s computers destroyed data, exposed Hollywood secrets and caused the studio to cancel the release of “The Interview,” a comedy about a fictional assassination of Kim Jong Un. The hackers rendered thousands of computers inoperable and forced Sony to take its entire computer network offline.
The outage probably isn’t a cut of a fiber-optic cable, which would be shown in an immediate loss of connectivity, and other possible explanations include a software meltdown on North Korea’s Web routers or denial-of-service hacking attacks, Madory said.
Marie Harf, a spokeswoman for the U.S. State Department, told reporters in Washington today she can’t confirm reports of cyberattacks on North Korea and won’t say what steps the U.S. may take in response to the Sony attack.
“We are considering a range of options in response,” Harf said at a State Department briefing. “Some will be seen. Some may not be seen.”
While North Korea has four networks connected to the Internet, the U.S. has more than 152,000 such networks, according to Dyn Research.
North Korea appears to be suffering from a relatively simple distributed denial-of-service attack that is causing temporary Internet outages, said Dan Holden, director of security research for Arbor Networks Inc., based in Burlington, Massachusetts.
Such attacks flood Internet servers with traffic to knock infrastructure offline. In North Korea’s case, the attack appears to be aimed at the country’s domain-name service system, preventing websites from being able to resolve Internet addresses, Holden said.
It’s unlikely the attack is being carried out by the U.S., as any hacker could probably spend $200 to do it, Holden said.
“If the U.S. government was going to do something, it would not be so blatant and it would be way worse,” he said. “This could just be someone in the U.S. who is ticked off because they’re unable to see the movie.”
The small number of computers connecting North Korea to the Internet makes disabling them straightforward, said Jose Nazario, chief scientist at Invincea Inc., a Fairfax, Virginia-based security-software company.
“It’s actually pretty easy,” he said. “There are only a handful of hosts. It’s relatively easy to attack just those hosts or the pipes that are present there. There’s not that much bandwidth there. It’s very, very accessible to anyone who wanted to attack them.”
The impact of the outages will probably be limited, because so few people in North Korea have access to the Internet, and North Korea uses outposts in other countries to perform cyberattacks, Nazario said.
“It may not interfere with any cyberoperations they have going on,” he said. “It’s probably more symbolic and patting yourself on the back to launch these kinds of attacks than to disrupt any of their cyberactivities.”
China has started an investigation into a possible North Korean role in the Sony hacking following a request from the U.S. government, a person with direct knowledge of the matter has said. The foreign ministry will cooperate with other Chinese agencies including the Cyberspace Administration to conduct a preliminary investigation, said the person, who asked not to be identified because the probe hasn’t been made public.
“We have no new information regarding North Korea today,” White House National Security Council spokeswoman Bernadette Meehan wrote in an email today. “If in fact North Korea’s Internet has gone down, we’d refer you to that government for comment.”