Dan Kaminsky, security researcher and chief scientist at White Ops, agreed. “I don't think the NSA is doing it, because it'd very much surprise me if they needed to,” he said.
Schneier also pointed to a recent quarterly report from Verisign, the registrar for many popular top-level Internet domains, like .com and .net., which reported a 75 percent increase in attacks, year over year, with an average peak attack size of 17.37Gbps (Gigabits per second), an increase of 214 percent.
That pales in comparison with the recent record 620Gbps DDoS attack against the website of security blogger Brian Krebs, and Schneier said the Verisign report doesn’t have the level of detail he got from the anonymous industry leaders he spoke with, but he said, “the trends are the same.”
He added that since his blog post, he has heard from three other companies that support the Internet’s “backbone,” and they have also told him they are seeing same thing.
So how worried should the US be? Is this just some cyber Cold War maneuvering, or a potentially catastrophic threat?
Most experts say they think it needs attention, but see it more as maneuvering than an imminent increase in danger to the integrity of the internet.
Sam Curry, chief product officer at Cybereason, said based on his observations, “risk levels haven't changed. It's an interesting hypothesis that needs more data points, but watch out for confirmation bias going forward.”
Sam Curry, chief product officer, Cybereason
There is little disagreement, however, that a massive DDoS attack could disable portions, or even all, of the internet for some period of time.
Kaminsky called Schneier a “highly credible source,” and said he believes some hackers actually can take down the internet, in part because, “the damage from cyberattacks keeps growing and the risk perceived by attackers keeps shrinking.”
This, he said, applies especially to nation-states, which have figured out that, “while their militaries might be trivially overrun, their hackers aren't.
“Cyberwar has become like real war, except you can wage it, and possibly win it, in the sense that you can extract political concessions not to fight it at all,” he said. “And the capital investment is tiny – no tanks, no fuel, just talent, time, food, and access.”
It has also become easier to launch much larger DDoS attacks because so many internet of things (IoT) devices can be so easily compromised and used as part of a botnet. Krebs, in a post on the DDoS attack that took down his site, noted that they are, “protected with weak or hard-coded passwords. Most of these devices are available for sale on retail store shelves for less than $100, or – in the case of routers – are shipped by ISPs to their customers.”
Sign up for CIO Asia eNewsletters.