This past weekend, North Korea expert Martyn Williams and I spotted the activation of a new internet path out of North Korea. At 09:07:51 UTC on 1 October 2017, the country’s single internet provider, Star JV (AS131279), gained a new connection to the global internet through Russian fixed-line provider Transtelecom (AS20485), often referred to as TTK. Williams published his analysis on the US-Korea Institute‘s 38 North blog, named after the dividing line between North and South Korea.
The internet of North Korea is very small (four BGP routes) and reportedly only accessible by a few elites in the country. Since the appearance of AS131279 in the global routing table almost 7 years ago, Star JV has almost exclusively relied on China Unicom for its connectivity to the global internet — the only exception was its partial usage of satellite service from Intelsat between 2012 and 2013. In light of this history, a new internet connection out of North Korea is certainly a notable development.
At 09:07:51 UTC, TTK (AS20485) appeared as a transit provider for three of the four BGP routes announced by AS131279, namely, 188.8.131.52/24, 184.108.40.206/24, and 220.127.116.11/24. But that only lasted a little longer than an hour and then TTK disappeared at 10:14:45 UTC. All four routes then became unstable between 10:47 and 12:26 UTC including four brief periods when all four networks were down (pictured below).
TTK returned to providing transit for the same three routes again at 12:21:55 UTC. 18.104.22.168/24 stopped getting TTK transit at 07:56:39 UTC on 2 October 2017, while 22.214.171.124/24 stopped getting TTK transit a little over an hour later at 09:10:29 UTC. At the time of this writing, only 126.96.36.199/24 is being transited by TTK.
Who is TTK?
Russia has two major fixed-line providers with networks spanning the entire country: former state telecom Rostelecom and Transtelecom (TTK). A subsidiary of Russian Railways, Transtelecom’s backbone is made of fiber optics laid along the rail lines that crisscross the country. It is common for telecoms to make use of existing right-of-ways to lay fiber over great distances, whether they be rail lines, highways, or pipelines. Similar to TTK, China Mobile TeiTong uses fiber optics laid along China’s rail lines.
While it is impossible to tell simply from internet measurement data how TTK’s network connects into North Korea, Williams suspects that it connects across “the Friendship Bridge, a railway crossing over the Tumen River that connects Khasan in Russia with Tumangang in North Korea” as “it’s the only connection between the two countries,” and is along Russia’s short 17km land border with the Hermit Kingdom.
Conclusion: A Shift of Power
In December 2014, Williams and I jointly reported on North Korea’s internet outage that resulted from a DDoS attack. As we saw in that incident, North Korea’s lone link out to the global internet through China served as a single point of failure, one that if disabled could take the country offline. This could happen by accident (e.g., a fiber cut or power outage), a cyber attack directed at networking equipment handling the link, or perhaps intentionally, should China Unicom disable the link.
Being single-homed behind China Unicom gave China control over North Korea’s internet access. This is important as the international community tries to persuade China to use its influence to reign in the nuclear aspirations of North Korea. However, now with an independent connection to Russia via TTK, such leverage is greatly reduced. With alternatives for international transit, the power shifts to North Korea in deciding whether or not to maintain its connectivity to the global internet.