67 comments

[ 2.8 ms ] story [ 128 ms ] thread
I thought the internet would route around failures. Why does that not apply to North Korea?
I’m not so sure this applies with centralized tracking/filtering.
North Korea is poorly connected to the rest of the internet, by their own design. I know that a few years ago, there was only one link to the outside; not sure if that's changed, but I have no reason to think that it would have.
https://bgpview.io/asn/131279#upstreams-v4

https://bgp.he.net/AS131279#_graph4

They have two peers, AS134544 in CN and AS20485 in RU.

Am I seeing that right in that .nk only has four /24s?
Yes.

If I recall correctly from when I used to follow NK related news, there’s enough coverage from a subset of Chinese satellites from satellite ISPs that there could be viable connections made there. No way to say if they are being used for this or not, though.

It routes around failures, the timelines for delivery are not promised though.
The ability to route around failures is predicated on having a sufficiently high degree of interconnectedness. Even your home network won't magic up a new connection if someone decides to cut your cable line. NK's network is poorly connected to the rest of the Internet, and so there is limited ability to "route around failure".
> Even your home network won't magic up a new connection if someone decides to cut your cable line.

Well then wtf am I paying for this LTE backup connection for?

(joking, of course)

Has it ever actually done that?
Literally all day, every day.
(comment deleted)
Pretty much constantly [edit: for those who take the time to implement], a common approach is called anycast.

You essentially announce your address at two (or more) geographically distinct places, and BGP routing 'magic' can get you to the closest (or sometimes only responsive) one

The Internet is "failure-resistant" in the senses that (1) individual networks going down don't take down the entire Internet, and (2) networks that peer with other networks can still be routed to so long as at least one route is still online.

North Korea's failure demonstrates both of these properties: the Internet is still online, and the routing failure has manifested because all of their peering routes are down.

and the aws/Facebook recent cases demonstrate that the Internet is slowly loosing that property. People called me up and asked me why the Internet was broken. they normally use apps to communicate, but they thought the Internet was entirely down...
This is pedantic of me, but: the Internet isn't losing that property. Social groups on the Internet are consolidating their behavior onto individual networks/ASes, which then go down.

It's a social and political problem, one that people can solve by changing their behavior.

If you are the failure, no, it does not.

[EDIT] I immediately saw that that could be read as a swipe at NK, which wasn't how it was intended. Just that if you're on the wrong side of a failure, you're not gonna be able to "route around the failure".

why is the assumption a ddos (external?) as opposed to some internal cause such as incompetence or power loss
This is answered in the last sentence of the post:

>During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet, Ali said. "This indicates to me that this is the result of some form of network stress rather than something like a power cut."

That doesn't rule out internal incompetence and/or just dealing with network infrastructure complexity.

Remember not too long ago when AWS and Facebook were down for a fairly significant time period? I'd hardly call either org technically incompetent, and it's probably safe to say that either org has as much (if not significantly more) technical staff and capability onboard than a small nation state like North Korea (especially North Korea).

While it's certainly possible external nation state cyber attacks are going on (who knows with the confusing Russia/Ukraine shenanigans going on), I wouldn't be quick to rule out simple technical issues and/or incompetence without a bit more evidence.

it's actually safe to say that aws or Facebook has more competency on-board than all small nation states together, and probably more than the sum of the top nation states.

btw internet is also down right now in other places such as small nation States in Africa. i guess there is no meaningful geopolitics into play so it doesn't make the news.

Network stress can easily be unintentional. This seems to be a common factor in major outages at FAANGs. Something gets overloaded, fails over to another system that’s then overloaded, leading to cascading failures.

There’s a big chance this is an attack, but it’s good to have an open mind.

Heck, one can stress a network by plugging a cable into the very same switch it comes from!

Or... a bad BGP announcement leading to misrouting, the possibilities are endless. Guessing from the outside is exactly that

the answer is always in the article unless explicitly stated otherwise
Given NK's propensity to launch state-supported cyber attacks, this looks to me like a case of "play stupid games, win stupid prizes".
Extremely dangerous to attack North Korea's civilian communications, which are largely the same as their military's. Depending on the impact, it could confuse leadership into thinking a decapitation strike is underway.

edit: A specific example I was thinking of is the DPRK's civilian cell phone network, Koryolink (particularly this subsection under "Nuclear Crisis Communications"):

>"If North Korean leaders rely on the country’s cellular network for crisis communications, there is a real chance of interruptions in network service during a crisis, and they might be misinterpreted as a cyberattack against North Korea’s nuclear forces. While North Korean “special users” have their own dedicated channel, it appears to operate on the same network infrastructure, using the same towers and the same base stations."

https://www.nti.org/analysis/articles/does-kim-jong-uns-phon...

But how is the state of communication infrastructure of NK? I had impression that they have not transitioned to the model that every individuals can be addressed by a personal phone number.
Hard to say, but you'd think there are landlines to the nukes.
Not an expert, but I have a gut feeling NK doesn't lean too heavily into an internet-dependent infrastructure.
> An illustration picture shows a projection of binary code on a man holding a laptop computer, in an office in Warsaw June 24, 2013

That's not at all what I imagined Warsaw looking like.

You get used to it. I don't even see the code. All I see is blonde, brunette, redhead.
“I know this kielbasa doesn't exist. I know that when I put it in my mouth, the Matryca is telling my brain that it is juicy and delicious. After nine years, you know what I realize? Ignorance is bliss.”
It's because the Warsaw you know is on the other side of the screen.
That’s why so many esports tournaments are held there
I wonder what the context of the image is.
> Junade Ali, a cybersecurity researcher in Britain who monitors a range of different North Korean web and email servers

How would a researcher keep tabs on NK infrastructure like this? Would it be pinging known IPs for uptime?

How would you do it for non NK infrastructure? The answer is the same well except scanning NK IP ranges doesn't take that long.
Totally wild speculation: NK is assisting Russia with cyber warfare leading up to the imminent Ukraine invasion, and someone in "the west" is taking them offline to reduce the effectiveness.
> websites on North Korean web domains were largely unreachable because North Korea’s Domain Name System (DNS) stopped communicating the routes that data packets should take.

BGP, not DNS, communicates routes. If Reuters is getting basic IT factchecking wrong, I wonder how many errors are in articles about topics I know nothing about.

Most journalism gets these things wrong - not just tech. Old trucks, bread, farming. Any subject you are educated on you'll notice that the "news" is fundamentally broken. Think about that the next time you're getting some news. That same reporter banged up the BGP/DNS on this one, that truck is from before posi-traction, the Model-B was the big deal tractor...flaws of communication about complex systems
What kind of things does journalism consistently get right, then?

This is as sloppy as writing “the DNA is the powerhouse of the cell” and no one noticing.

Journalism is basically a dead profession. People writing celebrity gossip bring in more ad revenue than journalists.

Society is not setup to reward educated professionals who report on complex topics.

it was setup to reward them not so long ago in those media outlets. journalism has moved elsewhere, it still exists, made by people who do it for the reward and others for alternative reasons, simply not in those kind of outlets which have mostly become ads pipes.
> What kind of things does journalism consistently get right, then?

Generally speaking, journalists quote their sources accurately, even when the identity of the source is concealed (eg. "A senior administration official", "sources familiar with the matter", etc.). That doesn't save the reader from the sources being wrong, having an axe to grind, or straight up lying, but journalists try to mitigate those issues with multiple sources and a healthy amount of skepticism.

Keep in mind that the criticism here mostly applies to general-purpose journalists, rather than ones with a specific "beat" they have experience (and even expertise) with. "Science and technology" and "health & medicine" reporters aren't really on a beat, the categories are far too broad, but general interest publications simply can't employ all the people they would need to specialize in every fractal branch on the tree of human knowledge.

So reporters maybe specialize a little, and rely on a roster of experts they can call up for a quote or maybe some background explanation. Except they are always on a deadline, and if an expert doesn't get back to them in fast enough, they just do the best they can, file the story and move on to the next one.

The flip side of this is that "experts" who are super reliable in terms of getting back to reporters with a hot take get quoted a lot even when they don't know what they are talking about. Reporters know this, but they have to quote somebody before their deadline.

Congratulations you have realized that most of the new is bs and most of the people that read it don't even realize it.

Achievement unlocked

I do DNS routing in my closed/fixed network. I don't assume NK is that different. You can see the BGP statistics here:

https://stat.ripe.net/app/launchpad/S1_KP_C32C23C5C26C8

and

https://bgp.he.net/AS131279

Not a lot of BGP happening here if we're trusting the data. It's also worth noting that they're paraphrasing another outlet (Seoul-based NK Pro, a news site that monitors North Korea).

Also: https://github.com/mandatoryprogrammer/NorthKoreaDNSLeak

Based on limited data I think the report could very well be accurate.

> In a speech in 2002, Crichton coined the term Gell-Mann amnesia effect, after physicist Murray Gell-Mann. He used this term to describe the phenomenon of experts believing news articles on topics outside of their fields of expertise, even after acknowledging that articles written in the same publication that are within the experts' fields of expertise are error-ridden and full of misunderstanding

https://theportal.wiki/wiki/The_Gell-Mann_Amnesia_Effect

I think they're attempting to paraphrase (or it's how they were told) DNS converts a hostname to an IP so the packets can reach it. In doing so, they lost people who know what all the terms mean.
None of that matters to a layperson, they just need to know N Korean internet was shut down for a bit. It's a trivial bit of infomration that maybe 1 in 1000 reporters actually knows there is a difference between BGP and DNS. It's unimportant and not worth acting like all mainstream media is falling apart like the people who watch Fox News want to think.
which mainstream media isn't falling apart?
If you've ever been the subject of a Krebs article, you'll be more disappointed to learn how wrong even the experts can be.
Stop it with the paywalled articles.
Not extactly paywalled. There is a soft article limit when not logged in, delete local storage to renew that limit.
how convenient.
Well you have the option of making a free account on reuters and then not having to worry about it while logged in. For me personally, as I rarely visit reuters apart from when its linked to here on HN I just delete the localstorage for the site when I hit the limit.