Cyber Escalation in Korea?

September 25, 2014 Doug Madory
korea-v

korea-f

On Friday, we published a blog confirming a disruption in Internet connectivity affecting the Internet of North Korea.

This morning, South Korean authorities reported that they have been the victims of a cyber attack which impacted TV News organizations as well as banking institutions.

Renesys can confirm that at least some of today’s incidents escalated to the point of global visibility, as both South and North Koreans networks experienced actual disconnections. We note similarly timed outages affecting South Korea’s largest natural gas company.

120725_FRC_northandsouthkoreaflagsEX.png.CROP.rectangle3-large.png

South Korea News Media Outages

We observed 5 routed networks of Korea Broadcasting System go down at 05:54:18 UTC this morning (20 March). At the time of this writing they are still down. The Yonhap News Network (YTN) also experienced outages of two of its networks today at 05:54:30 UTC and 06:29:26 UTC.

South_Korea_News_Media_Networks.png

South Korea Banking and Energy Outages

About thirty minutes after the South Korean media outages, we observed Korea Gas Corporation (Kogas, AS9857), the largest liquefied natural gas import company in the world, go completely offline as its 10 routed networks went down at 06:26:30 UTC and stayed down for over two hours. At the same time, we saw three routed networks of Shinhan Bank taken down as well.

South_Korea_Banking_and_Energy_Networks.png

For context, remember that South Korea normally routes over 15,000 networks. On a typical day, 40-50 of these networks are down temporarily for various technical reasons.
However, networks from these sectors (Media, Energy, and Banking) are typically some of the most stable, and the timing of their simultaneous outages seems suspicious.

Additional outages in North Korea

Since last week’s disruption in connectivity in North Korea, we have observed additional brief routing outages for the four routed networks of North Korea. On Monday (18 March) and this morning (20 March), we observed outages lasting for just a few minutes in North Korea. It should be noted that although North Korea’s Internet is small, it is very stable. Until last week, North Korean outages had been very rare.

KP_outa_1363642200.png KP_outa_1363750200.png

Summary

It is impossible to know from connectivity measurements alone whether these outages were the direct result of cyber attacks. However, given the recent rhetoric between these two nations, it is hard not to see these as ominous developments on the Korean peninsula.

The post Cyber Escalation in Korea? appeared first on Dyn Research.

Read more...

About the Author

Doug Madory is a Director of Internet Analysis at Dyn where he works on Internet infrastructure analysis projects. Doug has a special interest in mapping the logical Internet to the physical lines that connect it together, with a special interest on submarine cables.

Follow on Twitter More Content by Doug Madory
Previous Article
Intrigue Surrounds SMW4 Cut
Intrigue Surrounds SMW4 Cut

Learn about the dramatic impacts of yesterday’s SMW4 submarine cable cut.

Next Article
North Korea Suffers Outage
North Korea Suffers Outage

  Earlier this morning, North Korea accused the United States of conducting...