Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Taking down the internet: possible but how probable?

Taylor Armerding | Oct. 7, 2016
Unknown players – probably a nation state – are probing the defenses of the core infrastructure of the internet. How worried should we be?

The hack of the Democratic National Committee this past summer, allegedly by Russia, prompted a political firestorm, but didn’t cause even a ripple in the US economy.

But imagine the economic firestorm that would result if online attackers brought the entire internet down, even temporarily.

You may not have to imagine it, according to Bruce Schneier, CTO of Resilient Systems, cryptography guru, blogger and international authority on internet security. In a recent post titled, "Someone is Learning How to Take Down the Internet," he wrote that he had been told by multiple sources that, ““someone has been probing the defenses of … some of the major companies that provide the basic infrastructure that makes the Internet work.”

But according to some of his fellow security experts, you don’t really need to imagine it, since the chances of the internet really being taken down are remote. And even if it happens, it won’t cause catastrophic damage. Several commenters on Schneier’s post wondered why even hostile actors would want to take down the internet, since if they do, they won’t be able to use it either.

Whatever the reality, it has prompted some energetic discussion.

Schneier said the probing has been done mainly with calibrated Distributed Denial-of-Service (DDoS) attacks, which overwhelm a site with so much data that it cannot respond to legitimate traffic.

DDoS attacks are nothing new – activist and criminal hackers use them all the time. What distinguishes these is their profile.

Schneier said he had spoken with leaders of several companies – who all demanded anonymity – that operate elements of the “backbone” of the internet, and they had all told him similar stories.

Bruce Schneier, CTO of Resilient Systems

“These attacks are significantly larger than the ones they're used to seeing,” he wrote. “They last longer. They're more sophisticated. And they look like probing.”

That, he said both in his post and a later interview with CSO, is because of their “style” – over time, the volume of the attack increases, to the point of the defense system’s failure. They also employ multiple attack vectors, “so they force the companies to use all their defenses at once.”

He suggested it was the digital version of what the US did during the Cold War, when the US would fly high-altitude planes over the Soviet Union to force them to turn their air defense systems on, which would then let the US map their capabilities.

“We didn’t do it because we’re evil,” he said. “We just wanted to know – just in case.”

He said these attacks look like they’re coming from a nation-state – probably China. While some responses to his post have said it may be the US National Security Agency (NSA) doing a sort of “stress test” on the internet, Schneier doubts that. “It feels like China,” he said. “You can hide the origin of a lot of attacks, but it is harder to hide the origins of a DDoS. And this doesn’t seem like their (the NSA’s) style.”


1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.