Opinion: Why the US isn't behind the North Korean Internet outage
It's unlikely the US government was behind the recent disruption of the North Korean Internet.
First, this kind of "you-slap-me-I-slap-you" response is not the US style. Instead, the Americans are more likely to come up with some epic, uber-technological hack that cleverly inverts the North Koreans internal systems, such as Stuxnet did to the Iranians.
What's more, the US fully supports cross-border flow of information as fundamental under Article 19 the Universal Declaration of Human Rights and a distributed denial of service attack, or DDoS, violates that, limiting people's access to the Internet. Even though the North Koreans have only limited connectivity for the elite, the White House and Department of State would not give up this principle lightly.
The North Koreans have an incredibly fragile Internet, with a very high risk of being disconnected from the global Internet for any number of minor sneezes.
They only have four externally connected networks and just about a thousand Internet addresses. This means the North taking themselves offline would be easy (a la Egypt) but so would an offshore earthquake (such as what on Dec. 26 2006 to most of East Asia) or a deliberate DDoS. With DDoS attack rates starting to top 400Gb/s, there are few networks in the world that can handle a modern attack, and certainly not a nation with such sickly external connectivity.
Literally, a few kids would be able to pull this off. And most important of all, the four North Korean networks all connect through China. Even if the White House would somehow authorize an attack against the Pyongyang Internet, there's very little likelihood President Obama would approve such an assault on Chinese sovereignty for such minuscule and fleeting national security returns.
It is entirely possible this is good old American patriotic hackers, mimicking the Jester, or Anonymous looking to strike back against North Korea. If so, then the Department of Justice must do like it did at the time of Iraq invasion in 2003 and warn them that the US government "does not condone so-called 'patriot hacking' on its behalf."
It is not in the US interest to legitimize patriotic hacking, which are a Chinese and Russian specialty. They are much better at it than we will ever be (or want to be).
And whether the US did or did not conduct this attack, the government spokesman must say either way. In the face of an attack that can easily (but hopefully mistakenly) be attributed to our nation, it is not acceptable for official spokespersons to insist the US isn't "going to discuss publicly operational details about the possible response options."
Not saying we aren't doing it makes us look guilty; not saying we are makes us look as bad as the other guy. It's an admission that attribution is only a problem when concealing the unjust actions of others. If the US wants other nations to be responsible then it should start at home.
Jason Healey is the director of the Cyber Statecraft Initiative at the Atlantic Council and a former director of cybersecurity policy at the White House.
