Who would have thought that James Franco and Seth Rogen (and of course the wonderful Lizzy Caplan) would become symbols for freedom of speech?
Well as you ALL are aware, this holiday season Sony Pictures was supposed to release a movie titled “The Interview” where lovable fools James Franco and Seth Rogen were going to interview (duh) the one and only Kim Jong-Un! Then Lizzy Caplan and the CIA come around and ask them to assassinate Dear Leader. The movie offered a ridiculous premise, a fun cast, and some laughs at the expense of the Democratic People’s Republic of Korea (DPRK). Now let’s be honest, we’ve all made a joke here and there about DPRK. Everyone likes to pick on them, their not-so-secret tunnels, their nuclear program that goes boom (for the most part), and their many shenanigans. Unfortunately, it seems that “The Interview” was one step too far for Kim Jong and the Gang as they did not seem to find it as humorous as we find it or their ICBMs.
Soon enough, cyberattacks on Sony that led to massive leaks of confidential emails, coupled with the threats to anyone who goes to see the movie, ultimately led to the movie being pulled from theaters…put on the internet…put back in theaters…put back on the internet…and end up with more free promotion than any movie ever. (Maybe. Probably. Just a hyperbole.) Now if you ask the good ol’ US of A who dun hacked Sony they’ll tell you it was the DPRK and so the media since then has been having a field day with this, talking about IP addresses, internets, intranets, and all kinds of nets from “cybersecurity experts” who talk for hours without actually telling us what an IP address even is.
So in order to solve that pickle I say let’s talk about some of those terms with words we all understand all while we learn about the DPRK’s computer network and it’s corresponding cybersecurity!
Let’s start by looking at some of the DPRK’s networks. Say you’re a happy citizen of the DPRK that today has had enough to eat thanks to Dear Leader’s beach party that’s going on all the time (bonus points for 30 Rock reference); you go home and you boot up your computer and you have internet! Isn’t it great? Well, as it turns out most of the “internet” in North Korea is just an intranet that is heavily monitored, regulated, and censored by the government (and here I am complaining about Comcast).
What is an “intranet” vs an “internet” you ask?
In simple terms an intranet is like a private version of the internet. Its a network that uses all of the internet protocols, hypertext transfer protocol (HTTP) for websites, simple mail transfer protocol (SMTP) for e-mail, and file transfer protocol (FTP) for file transfer between computers. These protocols are essentially the standards on how computers communicate with each other on the internet to do all of these wonderful things, and in the case of the intranet these systems are used to carry out all of that in an isolated network. Imagine all of your favorite North Korean websites, email services, message boards, and lolcats about capitalism shared on a network that is only hardwired to be accessed by people within that network. Sites like Google, WordPress, and Sony.com are not accessible through these machines as they can only connect to machines within their own network. A more visual way of seeing this is to imagine 100 people with walkie talkies, of those 100 walkie talkies, 90 of them can access channels 1-7, that is our internet and the channels are our websites/email/etc., the remaining 10 walkie talkies on the other hand can only access channels 8-9 because the owner of the walkie talkies, my boy KJ (seriously, 30 Rock references everywhere), said you can only access those two channels since they are run by the state. Even though all walkie talkies use the same technology to communicate with the channels and each other, the intranet walkie talkies can’t access the internet (channels 1-7) just like the internet walkie talkies can’t access the intranet channels 8-9.
Pretty crafty huh?
I know you readers are a smart bunch of cookies so I’m positive you’re giving me a weird look right now like:
“yo, NuclearFarmboy, pump yo brakes kid. If North Korea has an intranet how can they do cyber attacks since they need to access the internet?”
Well, that’s a good eye you’ve got there! And that’s where we move on to the DPRK’s actual internet structure!
First things first, what is an IP address? If you think it is the address of a bathroom where you can go #1 then you are wrong (Haha, get it? I Pee?! I swear I’m an adult). If you think an IP address is an “internet protocol address” then you my friend are on the right track! But what does this nifty address do? Can you ask Siri to take you there?
Turns out you just confuse her.
Sticking to simple words (What can I say? I’m a man of simple tastes) an IP address is a numerical label to all machines, computers, printers, etc. that are connected to the internet. The IP address serves two major functions: it tells you who the machine is (Kim Jong-Un’s MacBook Pro) and where it is in cyberspace (Starbucks: Pyongyang). Now these addresses are the standard internet protocol and transcend international barriers (just ask The Pirate Bay), and they are divided into several global regions that are responsible for assigning these addresses with the help of Internet Service Providers (Comcast!) and making sure the internet stays an organized and well addressed series of tubes (Al Gore would be proud). These IP addresses can be divided into subnetworks of even more machines with routers and the such using a host IP address (that way Kim Jong-Un’s iPad, Macbook, and Commodore 64 can all share the same WiFi). This “network prefix” says “hey internet, we are all using the same IP address but are all different machines.”
Why are IP addresses important you wonder? Well these addresses essentially tell you how many points of access there are into the World Wide Web. If you have an internet connection (which you must if you are reading this) then you have an IP address. So does your neighbor, and your neighbor’s neighbor, and even the mean lady from two doors down who never cleans up after her dog in the park. That IP address wielding jerk. If you count all those addresses in the United States, we find that there are 1,590,740,449 IP addresses. That’s a lot of computers, let’s hope Skynet isn’t one of them. In comparison the DPRK has upwards of 1,024 IP addresses or about a million and a half times less number of IP addresses. What’s even crazier is that all of those IP addresses are all provided by a single Internet Service Provider (not Comcast!).
These few IP addresses are obviously heavily regulated, censored, and limited to a very small group of North Koreans for government purposes. While many suspect that the actual number of IP addresses may be higher (or lower, depending who you ask) the truth is that it is a shockingly low number all being routed through the same service provider. This is where the cybersecurity of such a small network becomes an issue. You would think that with such few machines trying to access the internet (to release propaganda, malicious code, or maybe Kim Jong-Un just wants to play a quick match of Call of Duty) the North Koreans would have a pretty easy time ensuring their network doesn’t fall.
Pictured above: main DPRK Firewall and Nuclear Weapon component
Turns out it’s the opposite, it is SURPRISINGLY EASY to knock off the North Koreans from the World Wide Web thanks to a technique used by some uh…”cyberenthusiasts” called Distributed Denial of Service (DDoS) attack.
First things first, a DDoS attack is about on par with “hacking” with leaving your Facebook account open on your computer and having your friend post an embarrassing status on your page. A DDoS attack in general terms is a way to “overwhelm” (Zerg rush! #stracraftjokes) a network. Imagine you have 10 channels open that can each handle 1 connection to a computer, during normal traffic hours, you are using 7 channels every second on and off to send and receive information. They can be any of your 10 channels as computers usually check to see which one is open first. When someone decides to pull a DDoS on you , they send you 20 requests per second to your network. Have you ever tried running Firefox, Chrome, Microsoft Word, Powerpoint, iTunes, Skype, minesweeper, Outlook, Twitter, and Facebook on your laptop at full throttle while attempting to sync your iPhone? Even if you’ve done half of that you notice your computer slows down and in general just has a bad time because you’ve basically overloaded it with so many tasks to do all at once that it can’t do any one task in a reasonable amount of time since it allocates processing power to all the tasks. That’s what the DDoS attack does to your network. It overwhelms and bottlenecks it so that no information can get in and none can get out because the traffic is way too much. This forces you to shut down your network, reboot, and attempt to start over again by letting all that traffic stop.
What happens though when your attacker is sending you 20 requests per second and you have 100 channels with which to respond? Answer: nothing at all, your network runs at a reasonable speed and all the legitimate traffic is free to move about in the remaining 80 channels. Now what happens if I send several thousand requests per second to connect to specific IP addresses? Well, if I have about 1.5 billion addresses, my network won’t be affected. A few websites may get knocked down if the attack is targeted at them, but overall my internet will be a-ok! But what if I only have 1,024 addresses all routed by the same Internet Service Provider?
Well you get knocked out of the internet for hours at a time. And if you don’t believe me just ask Kim Jong-Un why he wasn’t able to log onto his Spotify account these past few days or why he couldn’t update his Twitter.
So what does this all come down to? Cybersecurity.
Cybersecurity is a field that everyone likes talking about but no one really knows exactly what it means. Does it mean protection from outside attacks? Inside attacks? Distributed Denial of Service attacks? Email leaks? Well, it turns out it means all of the above and how to prevent these things. North Korea has a cyberwarfare division that sends out malicious code and propaganda out to the world, and how can we protect ourselves from that? Firewalls? Censorship?
There is no single, all-encompassing, solution to cybersecurity. North Korea has learned over the past few days that they have to rethink their strategy of how to connect to the internet and to the world, while on the other hand Sony and the PlayStation Network have had to figure out how to keep the identity, email, and credit card information of their customers safe and out of reach from malicious actors. Policies that help protect us from the dangers of the internet, strong security measures, and being educated on how to avoid having our information compromised is the best way we can all protect ourselves.
The world is becoming more and more digital, and cyberwarfare/security is becoming a critical and integral part of our daily lives as the internet becomes a more and more dangerous place (turns out it’s not only for sharing funny cats or selfies). Cybersecurity is important not only to protect ourselves, but also our most valuable asset: our information.
-Cervando Banuelos is a Graduate Research Assistant at the Monterey Institute of International Studies where he is currently pursuing a master’s of arts in nonproliferation and terrorism studies and holds a bachelor’s of science degree in nuclear engineering, with a minor in radiological health engineering, from Texas A&M University. His interests include passive cooling systems in boiling water reactors, nuclear forensics, arms control treaties, treaty verification, and puppies. He hopes to some day work for the IAEA, a national laboratory, or the CTBTO.
Follow: @nuclearfarmboy @strategicswag
nuclearfarmboy.com 