This has all been very fun to monitor but looks like it’s coming to an end with the Wired article from yesterday. One last interesting thing that I wanted to point out is that I own a domain that is very similar to a popular North Korean domain, minus the .kp tld. It didn’t hit me until a few days later but there are some interesting coincidences in the traffic that I’ve seen on that server and comparing it to the outages on the DPRK websites.
If I can re-use my graph that I created the other day right around the final outage my website that is similar to the DPRK website received over 41,000 requests in the span of a minute and a half. Specifically right around the end of the 2.5 hour gap is when I saw things spin up.
Again, attribution is incredibly difficult and not something that I want to get into at all. But it was a pretty strange coincidence that my very similar domain saw a major spike in traffic at the exact same time that the DDoS against North Korea was occurring. I don’t want to share all of the details publicly but if you are interested, and have a decent use for the data, feel free to send me an email.