US Fights Back? North Korea Loses Internet Connection

The background image from the alleged Twitter page of the official Korea Central News Agency.

The background image from the alleged Twitter page of the official Korea Central News Agency.

UPDATED 7 pm EST with yet another hypothesis. See below.

North Korea's Internet access sputtered, then went completely dark today (Dec. 22), three days after U.S. President Barack Obama declared that the United States would retaliate for the perceived North Korean attack on the computer networks of Sony Pictures Entertainment.

New Hampshire-based Dyn Research, which bought longtime connectivity-monitoring company Renesys in September, posted graphs on Twitter showing the Democratic People's Republic of Korea (DPRK) began suffering intermittent outages yesterday (Dec. 21), which increased in frequency and duration as the day went on.

Finally, at about 1600 UTC (11 a.m. EST), the reclusive nation's Internet connection went "down hard."

The country's Internet access was "toast," Matthew Prince, founder of San Francisco reliability-maintenance firm CloudFlare, told The New York Times.

MORE: North Korea Hacked Sony? Don't Believe It, Experts Say

It wasn't immediately clear whether the outage was due to a cyberattack, to internal network problems or to China simply cutting North Korea off. Most of North Korea's Internet connections run through China, and there are signs Chinese leaders are not pleased with Pyongyang's latest alleged cyberantics. American officials have reportedly reached out to Beijing for assistance with the North Korean problem.

"There's no way to confirm that these outages are the result of an attack, but given the timing, it's something we have to consider," Doug Madory, lead analyst for Dyn Research, told the tech blog Re/code.

Speaking to The Wall Street Journal, CloudFlare's Prince raised a fourth possibility: that North Korea had deliberately shut off its own access in order to prevent American network intrusion.

Were it not for the Sony Pictures situation, Prince told The Journal, "I would have thought North Korea decided to turn the Internet off for some reason."

Meanwhile, the alleged Twitter feed of Pyongyang's mouthpiece, the Japan-based Korea Central News Agency, tweeted out yet another explanation.

"Technology Minister Park Soong-Kwon announces massive breakthrough in DPRK Internet technology, to be installed over next several days," read the @DPRK_News feed.

There was no mention of the outage on the Korea Central News Agency website.

UPDATE: Dan Holden, security researcher for Boston-based Arbor Networks, offered yet another theory in a company blog posting today.

"I'm quite sure that this is not the work of the U.S. government," Holden wrote. "This is not the modus operandi of any government work."

Instead, Holden said, this looks like a typical hacktivist or prankster attack, as indicated by Pastebin postings scanning several North Korean IP addresses.

"Anonymous has been tweeting about not only releasing the movie, The Interview, but taking revenge on North Korea for the movie being taken out of theaters," he noted.

Holden added that a Twitter account tied to a second well-known prankster group, Lizard Squad, was telling its followers how to hit North Korea.

"Xbox Live & other targets have way more capacity," read one tweet, referring to recent Lizard Squad denial-of-service attacks on gaming networks. "North Korea is a piece of cake."

Paul Wagenseil is a senior editor at Tom's Guide focused on security and gaming. Follow him at @snd_wagenseilFollow Tom's Guide at @tomsguide, on Facebook and on Google+.

Did the U.S. launch a denial-of-service attack on North Korea? Or did someone in Pyongyang forget to pay the cable bill? Give us your theories in the comments.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.