Incident: Cyber-Attack Causes North Korea Internet Outages and Connectivity Issues

Published Date: 2014-12-22

Postmortem Analysis
Timeline 1. The software failure incident in North Korea happened over the weekend and grew progressively worse until North Korea went "totally down" [56266]. 2. Published on 2014-12-22 08:00:00+00:00. 3. The software failure incident in North Korea occurred in December 2014.
System The system that failed in the software failure incident reported in the news article was: 1. North Korea's internet infrastructure [56266]
Responsible Organization 1. A band of hacktivists could have been responsible for the internet outages in North Korea due to their limited connectivity and lack of internet sophistication [56266]. 2. The US government was suspected of possibly being responsible for the denial-of-service attacks aimed at North Korea's infrastructure, although they declined to confirm any involvement [56266].
Impacted Organization 1. North Korea's internet infrastructure [56266]
Software Causes 1. Denial-of-service attacks aimed at North Korea's infrastructure [56266] 2. Router suffering a software glitch [56266]
Non-software Causes 1. Denial-of-service attacks aimed at North Korea's infrastructure [56266] 2. Router suffering a software glitch [56266]
Impacts 1. The software failure incident led to sweeping and progressively worse internet outages in North Korea, with the country's online access going "totally down" at one stage [56266]. 2. The incident resulted in denial-of-service attacks aimed at North Korea's infrastructure, causing its internet equipment to become overwhelmed until the attacks stopped or the spurious traffic could be filtered and discarded to allow normal connections to resume [56266]. 3. The outage affected North Korea's limited connectivity and lack of internet sophistication, making it relatively simple for hacktivists to shut down online access, potentially impacting the population's access to the internet [56266]. 4. The prolonged and worsening outage indicated that the software failure incident was not a typical routing problem but rather a significant issue affecting North Korea's internet connectivity [56266].
Preventions 1. Implementing robust cybersecurity measures to protect against denial-of-service attacks [56266]. 2. Regularly updating and patching software to prevent vulnerabilities that could be exploited by hackers [56266]. 3. Conducting thorough security audits and assessments to identify and address any weaknesses in the network infrastructure [56266]. 4. Enhancing internet infrastructure and connectivity to improve resilience against potential cyber-attacks [56266].
Fixes 1. Implementing robust cybersecurity measures to prevent future denial-of-service attacks [56266]. 2. Conducting a thorough investigation to identify the root cause of the software glitch or cyber-attack that caused the outage [56266]. 3. Enhancing North Korea's internet infrastructure and connectivity to make it more resilient to potential disruptions [56266].
References 1. Computer expert 2. US-based internet monitoring company Dyn 3. Internet technology service Arbor Networks 4. Dan Holden, director of security research at Arbor Networks 5. Barack Obama 6. Doug Madory, director of internet analysis at Dyn 7. North Korean diplomat Kim Song 8. State department spokeswoman Marie Harf [56266]

Software Taxonomy of Faults

Category Option Rationale
Recurring (a) The software failure incident related to internet outages in North Korea does not indicate a similar incident happening again within the same organization or with its products and services. The incident in North Korea was attributed to denial-of-service attacks and routing instabilities, rather than a recurring software failure within the organization itself [56266]. (b) The incident in North Korea involving internet outages due to denial-of-service attacks and routing instabilities does not directly indicate a similar incident happening again at other organizations or with their products and services. The nature of the incident, such as the targeted denial-of-service attacks, was specific to the situation in North Korea and not necessarily indicative of a widespread issue affecting multiple organizations [56266].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be attributed to the denial-of-service attacks aimed at North Korea's infrastructure. Internet technology service Arbor Networks detected these attacks starting on Saturday and persisting on Monday, which tie up a target's internet equipment until the attacks stop or the spurious traffic can be filtered and discarded to allow normal connections to resume [56266]. (b) The software failure incident related to the operation phase can be seen in the statement by Doug Madory, the director of internet analysis at Dyn, who mentioned that the problems with North Korea's internet connectivity grew progressively worse until the country went "totally down." He suggested that a router suffering a software glitch or a cyber-attack involving North Korea's internet service could be potential reasons for the outage, indicating issues related to the operation or functioning of the system [56266].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident in North Korea, where the country experienced internet outages, could potentially be attributed to factors originating from within the system. The article mentions the possibility of a router suffering a software glitch as a benign explanation for the problem [56266]. Additionally, the article discusses how routing instabilities are not uncommon but highlights that this particular outage was prolonged and worsened over time, indicating a deviation from a typical routing problem and suggesting an internal issue within the system [56266]. (b) outside_system: The software failure incident in North Korea, particularly the internet outages, could also be linked to contributing factors originating from outside the system. The article mentions denial-of-service attacks aimed at North Korea's infrastructure, which tie up the target's internet equipment until the attacks stop or the spurious traffic can be filtered and discarded to allow normal connections to resume [56266]. This external attack on the system from outside sources could have played a significant role in the software failure incident.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in North Korea was potentially due to non-human actions, specifically denial-of-service attacks aimed at North Korea's infrastructure [56266]. These attacks tie up a target's internet equipment, overwhelming it until the attacks stop or the spurious traffic can be filtered and discarded to allow normal connections to resume. Additionally, the incident was characterized by routing instabilities that were not common, with the outage getting progressively worse over time, indicating a potential non-human cause [56266]. (b) The software failure incident in North Korea could also be attributed to human actions, particularly in the context of the tensions over the hacking of Sony Pictures and the cancellation of The Interview movie. The US government was considering responses to the cyber vandalism attributed to North Korea, but it was not immediately clear if North Korea's internet connectivity problems were in retribution [56266]. This suggests that human actions and decisions in the geopolitical realm could have played a role in the software failure incident.
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The article mentions a possible benign explanation for the internet outage being a router suffering a software glitch [56266]. - The director of internet analysis at Dyn, Doug Madory, suggested that a router suffering a software glitch could be a benign explanation for the problem [56266]. (b) The software failure incident occurring due to software: - The article discusses the possibility of a cyber-attack involving North Korea's internet service as a potential cause for the internet outage [56266]. - The director of security research at Arbor Networks, Dan Holden, mentioned that it would be relatively simple for hacktivists to shut down North Korea's online access due to their limited connectivity and lack of internet sophistication [56266].
Objective (Malicious/Non-malicious) malicious, non-malicious (a) The software failure incident in North Korea, where the country experienced sweeping internet outages, was suspected to be a result of a malicious attack. Internet technology service Arbor Networks detected denial-of-service attacks aimed at North Korea's infrastructure, which tie up a target's internet equipment until the attacks stop or the spurious traffic can be filtered and discarded [56266]. (b) On the other hand, there was also a mention of a benign explanation for the problem, such as a router suffering a software glitch, which could be considered a non-malicious contributing factor to the software failure incident [56266].
Intent (Poor/Accidental Decisions) unknown (a) The software failure incident related to the internet outages in North Korea was not due to poor decisions but rather potentially due to intentional denial-of-service attacks aimed at North Korea's infrastructure [56266]. The incident involved deliberate actions by external entities rather than poor decisions made by the North Korean government.
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident in North Korea, where the country experienced internet outages, could potentially be linked to development incompetence. The article mentions that North Korea has limited connectivity and lacks internet sophistication, making it relatively simple for hacktivists to shut down online access. Dan Holden, the director of security research at Arbor Networks, stated that anyone upset because they couldn't watch a movie could potentially disrupt North Korea's internet, indicating a lack of robustness in their internet infrastructure [56266]. (b) The software failure incident could also be accidental in nature. Doug Madory, the director of internet analysis at Dyn, mentioned that one benign explanation for the problem could be a router suffering a software glitch. He also highlighted that routing instabilities were not uncommon, but this particular outage was prolonged and worsened over time, indicating an unexpected and accidental nature of the incident [56266].
Duration temporary The software failure incident reported in the articles was temporary. The internet outages experienced by North Korea were described as progressively worse, with the country's online access going "totally down" at one stage [56266]. The incident involved denial-of-service attacks aimed at North Korea's infrastructure, which tie up a target's internet equipment until the attacks stop or the spurious traffic can be filtered and discarded to allow normal connections to resume [56266]. Additionally, the problems were discovered over the weekend and grew progressively worse until North Korea went "totally down" [56266]. This indicates that the software failure incident was temporary and not permanent.
Behaviour crash (a) crash: The software failure incident in North Korea was described as the country's online access going "totally down" [56266]. This indicates a crash where the system lost its state and was not performing any of its intended functions.

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay, non-human, theoretical_consequence, other (a) death: People lost their lives due to the software failure - No information in the provided article about any deaths resulting from the software failure incident [56266]. (b) harm: People were physically harmed due to the software failure - No information in the provided article about physical harm to people due to the software failure incident [56266]. (c) basic: People's access to food or shelter was impacted because of the software failure - No information in the provided article about people's access to food or shelter being impacted due to the software failure incident [56266]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident in North Korea resulted in internet outages that affected the country's online access, potentially impacting communication, information exchange, and online activities [56266]. (e) delay: People had to postpone an activity due to the software failure - The software failure incident in North Korea led to internet outages, which could have caused delays in online activities and communications for individuals and organizations in the country [56266]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident in North Korea affected the country's internet infrastructure, leading to denial-of-service attacks aimed at North Korea's infrastructure [56266]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident in North Korea resulted in significant internet outages and disruptions, indicating real consequences of the incident [56266]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article mentions the potential consequences of the software failure incident, such as the US government's expected response to the hacking of Sony Pictures and the uncertainty surrounding North Korea's internet connectivity problems [56266]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The software failure incident in North Korea raised concerns about cyber vulnerabilities, potential cyber-attacks, and the sophistication of North Korea's internet infrastructure [56266].
Domain information, government (a) The failed system in this incident was related to the information industry, specifically the internet connectivity of North Korea. The country experienced sweeping internet outages, with one computer expert mentioning that the online access went "totally down" at one stage [Article 56266]. (l) The incident also has implications for the government industry as it involves tensions between North Korea and the US government. The US government was being questioned about its involvement in the internet outages, especially in the context of the hacking of Sony Pictures and the cancellation of The Interview movie [Article 56266].

Sources

Back to List