Workers remove a banner poster for The Interview from a Hollywood billboard. Credit:AFP "I guess accidents can happen," one said in a very brief telephone conversation. A US State Department spokeswoman, Marie Harf, told reporters on Monday, "We aren't going to discuss, you know, publicly operational details about the possible response options", adding that "as we implement our responses, some will be seen, some may not be seen". There was no definitive way, at least in the short term, to determine whether the connection had been cut, overloaded, or attacked. And security experts cautioned that there could be many reasons for Monday's failure. North Korea could be pre-emptively taking its systems offline to prepare for an attack, some said. Chris Nicholson, a spokesman for Akamai, an internet content delivery company, said it was difficult to pinpoint the origin of the failure, given that the company typically sees only a trickle of internet connectivity from North Korea. The country has only 1024 official Internet Protocol (IP) addresses, though the actual number may be a little higher. That is fewer than many city blocks in New York have. The United States, by comparison, has billions of addresses.

But as the sun rose in North Korea on Tuesday morning, the few connections to the outside world - available only to the elite, the military, and North Korea's prodigious propaganda machine - were still out. Those connections to the outside world are managed by Star Joint Ventures, the country's state-run internet provider, and almost all of them run through China Unicom, China's state-owned telecommunications company. They were not operative on Monday, but the causes could include a cyber attack by the United States - something US officials have said they would be hesitant to do if it meant infringing on Chinese sovereignty. It is also possible China Unicom simply unplugged its neighbour. Internet monitors said a maintenance issue was unlikely to have caused such a prolonged failure. CloudFlare, an internet company based in San Francisco, confirmed on Monday that North Korea's internet access was "toast". A large number of connections had been withdrawn, "showing that the North Korean network has gone away", Matthew Prince, CloudFlare's founder, wrote in an email. Doug Madory, the director of internet analysis at Dyn Research, an internet performance management company, said that North Korean internet access first became unstable late on Friday. The situation worsened over the weekend, and by Monday, North Korea's internet was completely offline.

"Their networks are under duress," Madory said. "This is consistent with a DDoS attack on their routers," he said, referring to a distributed-denial-of-service attack, in which attackers flood a network with traffic until it collapses under the load. If the attack was American in origin - something the United States would probably never acknowledge - it would be a rare effort by the United States to attack a nation's internet connections. Certainly the United States is positioned to cause failures in many places in the internet: Among the most interesting documents released by Edward Snowden, the former National Security Agency contractor now in Moscow, was a map of "implants" that the United States has put in strategic places, from network connections to individual computers, around the world. Those are most useful in cyber espionage, and the United States does a lot of that in China. Other Snowden documents showed that a major Chinese maker of network switching equipment, Huawei, was among US targets. So were leadership compounds and military locations. But there is no evidence that US cyber activities in China have moved from surveillance to what experts call "computer network exploitation" or, the next step, actual attacks. And the Chinese themselves have been coy.

China's foreign ministry spokeswoman, Hua Chunying, said it was too early to know if Obama's accusation against the North concerning the Sony attacks was true, Reuters reported on Monday. "China will handle it in accordance with relevant international and Chinese laws according to the facts," she said. But she also said that China's foreign minister, Wang Yi, "reaffirmed China's relevant position, emphasising China opposes all forms of cyber attacks and cyber terrorism" during a call on Sunday with Secretary of State John Kerry. While rare, disruption of computers and networks is certainly part of the US offensive playbook. During the Iraq War, there were periodic efforts to send fake messages to mobile phones or computers to lure al-Qaida suspects or other adversaries into traps. "Olympic Games", the cyber attack on Iran's nuclear enrichment facility, was an extremely sophisticated destructive attack that destroyed centrifuges, the machines that enrich uranium. It was intended to slow Iran's progress toward a nuclear weapons capability.

The United States has never acknowledged the attacks, and the central role played by Obama did not become clear until 2012, more than two years after the events. But a denial-of-service attack is far easier to arrange on short notice than a destructive attack. And it may be more akin to the "cyber-vandalism" that Obama spoke of against Sony. It is temporary, and while it imposes some costs, it would be limited in the case of North Korea because of the scarce availability of internet services in the country. "Proportional would mean that we would hack a North Korean movie company," said Victor Cha of Georgetown University, who handled North Korean issues in the George W. Bush White House. "But that would not get you very far." Obama spoke on Friday, during an interview with CNN, of the possibility of restoring the North to the list of state sponsors of terrorism. That, too, would have limited impact: The country is already among the most isolated on earth. But it is also not clear that cutting off internet service, if that is what happened in this case, would slow North Korean hackers. Many are believed to be based in China. Sony's attackers used servers in Bolivia, Singapore and Thailand to launch their attacks. So any cut-off of internet services would be mostly symbolic, a warning shot that two can play the game of disruption.

New York Times