MENU
cuba2-r

Cuban Fiber: Completo?

korea-v

Cyber Escalation in Korea?

March 15, 2013 Comments (4) Views: 83 Politics, Security

North Korea Suffers Outage

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInShare on Reddit

nkorea-f

 

Earlier this morning,
North Korea accused the United States of conducting a cyber attack that disrupted their Internet connectivity. While the details remain unknown, we can confirm that, in the last two days, North Korea’s sole Internet provider has had ongoing problems staying connected to the global Internet. We’ll summarize some of our evidence in this blog entry.800px-Flag_of_North_Korea.png

Internet in North Korea

North Korea has an extremely small Internet for a country of 24 million people. Not counting the network involved in the recent Pirate Bay hoax, the four networks of North Korea are routed by a single Internet service provider, Star JV (AS 131279), which has two international Internet service providers: China Unicom (AS 4837) and Intelsat (AS 22351). Star began service on 18 November 2010 and gained Intelsat as a provider on 8 April 2012.

131279_KP.png

Recent Disruptions

We observed disruptions in North Korean Internet connectivity beginning at 00:59:30 UTC on 13 March 2013. At this time, North Korea’s four networks were very briefly removed from the global routing table (chart lower left). When the routes were restored, one of the four networks was routed over Intelsat, while the other three were routed over China Unicom. After a few hours, all networks were once again routed over China Unicom. For about two hours starting at 22:40 UTC on 13 March, all four networks disappeared for a second time from the global routing table. Later on 14 March, we saw Intelsat again appear as a provider for one of the networks for several hours.

Despite such routing instabilities, North Korean networks were generally available in the global routing table. However, when we look at our active measurements (i.e., traceroutes) into North Korea during this time, we see a significant drop-off in successful responses, suggesting a loss of connectivity not visible in routing data alone (chart lower right).

pirt_routing_KP.png KP.March2013.traces3.ASedges.upstreamsof131279.png

 

The following graphic presents another view of latencies into North Korea, constructed from recent measurements using all of our worldwide servers. This perspective helps illustrate the disruption of connectivity. Traceroutes through Intelsat appear for some North Korean hosts as they failover to satellite service.

latencies_KPoutage_AllSources_b_s.png

Rest easy everyone. The Pirate Bay was unharmed in this incident.

4 Responses to North Korea Suffers Outage

  1. h4zzmatt says:

    Thats some nice raw data, it would be nice if based on your experience you could theorize as to the nature of the cause for these outages? Do you feel they are cyber attacks as DPRK says or more normal configuration issues. What do they look like to you.
    – H4zzmatt

  2. Steve says:

    Interesting. How do I get or monitor that data? Do you have some tools or is it opened? Thanks.

  3. Doug Madory says:

    Sorry Steve. This is our proprietary data.

  4. Doug Madory says:

    Hi H4zzmatt,
    It is difficult to estimate the cause of the disruption just using this data. Since it affected both Internet transit connections (China Unicom and Intelsat), it stands to reason the disruption was on the North Korean side.
    The instability of the routes suggests that those routers were affected in some way, but it is interesting that the routes mostly stayed up despite connectivity being impaired. This suggests that the router(s) announcing these routes must have stayed alive, kept their BGP sessions active and continued to announce the routes. So perhaps it was networking equipment deeper in the North Korean network which suffered the outage.
    Was it the result of a cyber attack? Maybe. It could also have been a power failure, equipment failure or a misconfiguration by a network admin.
    Thanks for the question,
    Doug

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>