N.Korean internet shut down by suspected cyberattacks -researchers

An illustration shows a projection of binary code onto a man holding a laptop, in an office in Warsaw, June 24, 2013. REUTERS/Kacper Pempel/Illustration/File Photo

Register now for FREE unlimited access to Reuters.com

SEOUL, Jan. 26 (Reuters) – The internet in North Korea appears to have been hit by a second wave of outages in as many weeks, possibly caused by a distributed denial-of-service (DDoS) attack, researchers said Wednesday.

The latest incident occurred over about six a.m. on Wednesday morning local time and occurred a day after North Korea carried out its fifth incident. missile test this month.

Junade Ali, a cybersecurity researcher in Britain who monitors a range of different North Korean web and email servers, said that at the height of the apparent attack, all traffic to and from North Korea was removed.

Register now for FREE unlimited access to Reuters.com

“If someone tried to connect to an IP address in North Korea, the internet literally wouldn’t be able to send their data to the country,” he told Reuters.

Hours later, servers handling email were accessible, but some individual web servers from institutions such as the airline Air Koryo, the Ministry of Foreign Affairs of North Korea and Naenara, the official portal for the North Korean government, continued to experience stress and downtime. .

Internet access is strictly restricted in North Korea. It is not known how many people there have direct access to the global internet, but estimates generally put the figure at a small fraction of one percent of the population of approximately 25 million.

Seoul-based NK Pro, a news site that monitors North Korea, reported that log files and network records showed that websites on North Korean web domains were largely unreachable because the North Korean Domain Name System (DNS) stopped communicating. of the routes that data packets should take.

A similar incident was observed on Jan. 14, NK Pro reported.

The concurrent nature of the server outages suggested a DDoS attack, in which hackers attempt to flood a network with unusually large amounts of data traffic to cripple it, Ali said.

“It’s normal for one server to go offline for a period of time, but in these incidents, all web properties went offline at the same time. It’s not common for their entire internet to go offline.”

During the incidents, operational degradation would increase first with network timeouts, then individual servers going offline and then their main routers disconnected from the internet, Ali said. “This indicates to me that this is the result of some form of network stress and not something like a power outage.”

Register now for FREE unlimited access to Reuters.com

Reporting by Josh Smith Editing by Mark Heinrich

Our standards: The Thomson Reuters Trust Principles.

Leave a Comment

Your email address will not be published. Required fields are marked *