North Korea’s fledgling Internet went dark Monday, just days after U.S. President Barack Obama promised a “proportional response” to the isolated Communist country’s alleged hack of Sony Pictures Entertainment.

The question of who pulled the plug immediately became the stuff of a global cyber-mystery.

Was it a shadowy crew of guerrilla hackers, under the flag of Anonymous? A retaliatory strike from the United States? A betrayal from China, North Korea’s top ally and the gatekeeper of its Web? Or just a technical glitch or defensive manoeuvre from the Hermit Kingdom itself?

The mystery behind North Korea’s outage highlights a paradox of modern cyberwarfare: as attacks become more prominent, the combatants — and their motives — are becoming harder to identify.

“This is the standard for espionage: things are murky. It’s not like the movies, where in the last scene someone ties it all together with one long soliloquy,” said James Lewis, a senior fellow at the Strategic Technologies Program at the Center for Strategic and International Studies.

North Korea continues to deny that it was responsible for the hack that hobbled Sony, exposed intimate emails from top executives and posted online copies of unreleased films — all efforts in an apparent revenge scheme for The Interview, a comedy about two goofballs told to assassinate North Korean leader Kim Jong Un.

After Obama accused the country last week and promised retaliation, North Korean officials at first offered to hold a joint investigation with the United States to find the source of the attack.

Then it warned through its state-owned news agency that it would fight back against “against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the ‘symmetric counteraction’ declared by Obama.”

On Thursday, researchers began to notice an uptick in attacks against North Korea’s Internet infrastructure. Designed to overload servers and websites with a flood of fake traffic, such “denial-of-service” attacks can render entire networks inoperable.

The next day, a Twitter account affiliated with Anonymous — the collective behind numerous high-profile hacks — announced that a counterattack against North Korean hackers had begun.

“Operation RIP North Korea, engaged. #OpRIPNK,” tweeted the account known as @theanonmessage. (The account was suspended by Twitter on Monday.)

On Monday, a separate group, also claiming links to Anonymous, sought credit for North Korea’s outages.

The timing of the two tweets was consistent with statistics tracked by the security research firm Arbor Networks. On Thursday, the company recorded two denial-of-service attacks. The following day it saw four. The wave peaked Dec. 20 and 21 with 5.97 gigabits of data inundating North Korea’s pipes every second.

While it is unclear whether Anonymous played a role in North Korea’s downtime, at least six of the observed denial-of-service attacks originated from the United States, Arbor said.

But other security experts said hostile code can be adapted from other attacks and filtered covertly through foreign servers. Even basic cyberattacks can use decoys or distractions, including hosts of “zombie” computers or falsified location data, to shake pursuers off the trail.

“The actual work of evidence-gathering and prosecution is so much more difficult in the digital world than in the biological world,” said Alec Ross, a senior fellow at Columbia University’s School of International & Public Affairs.

“Unlike a bullet, something ‘shot’ as a cyber-weapon can be reused and repurposed. Obfuscation is much easier, and it’s much easier to distribute an attack.”

Loading... Loading... Loading... Loading... Loading... Loading...

Some security analysts noted that North Korea’s rudimentary web pipeline flows directly through the routers of a company called China Unicom, leading some experts to speculate Chinese hackers were to credit for the blackout.

China may have seen the Sony hack as an embarrassing, unauthorized mishap from their small but loud ally or felt that the friction it sparked with the economies of the U.S. and Japan could be too destabilizing to ignore.

“It is quite possible that the Chinese are reminding the North Koreans of who really controls those networks,” said Alec Ross, a senior fellow at Columbia University’s School of International & Public Affairs.

In an apparent attempt to explain away the outage, North Korea’s official news feed said on Twitter that, “Technology Minister Park Soong-Kwon announces massive breakthrough in DPRK Internet technology, to be installed over next several days.”

Doug Madory, director of Internet analysis at Dyn Research, doubted that explanation, saying the event was not consistent with a more common outage, like a cut wire or technical error, because the connections struggled for hours to come back online.

“This doesn’t look they’re taking themselves down. You’ve got hours and hours of instability, and that comes from somewhere,” Madory said. “It looks like their network is for hours just struggling to stay online, trying to come back, and eventually it’s just over, just down.”

But Madory said attributing blame for something like a DDOS attack is “notoriously difficult,” and that something as unsophisticated as a DDOS attack would be easy to replicate.

“It could be some joker out there trying to start something,” he said.

Some hackers agreed the job wasn’t necessarily a mission-impossible situation.

A group of hackers calling itself Lizard Squad, which has taken credit for knocking Sony’s PlayStation Network and several other gaming services offline over the last few months, tweeted a Web address it called the “North Korea off button.”

It also tweeted a message suggesting the blackout would be easy: “Xbox Life & other targets have way more capacity. North Korea is a piece of cake.”

Read more about: