Junade Ali, a cybersecurity researcher in Britain who monitors a range of different North Korean web and email servers, said that at the height of the apparent attack, all traffic to and from North Korea was taken down. “When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country,” he told Reuters. Hours later, servers that handle email were accessible, but some individual web servers of institutions such as the Air Koryo airline, North Korea’s ministry of foreign affairs, and Naenara, which is the official portal for the North Korean government, continued to experience stress and downtime. “It’s common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently,” said Ali. “It isn’t common to see their entire internet dropped offline.”
During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet, Ali said. “This indicates to me that this is the result of some form of network stress rather than something like a power cut.”
Read more of this story at Slashdot.