Slashdot Mirror
Someone Is Learning How To Take Down the Internet, Warns Bruce Schneier (schneier.com)
Some of the major companies that provide the basic infrastructure that makes the internet work have seen an increase in DDoS attacks against them, says Bruce Schneier. He adds that these attacks are of much larger scale -- including the duration -- than the ones we have seen previously. These attacks, he adds, are also designed to test what all defense measures a company has got -- and they ensure that the company uses every they have got, leaving them with no choice but to demonstrate their defense capabilities to the attacker. He hasn't specifically shared details about the organizations that are under attack, but what little he has elaborated should give us a chill. From his blog post: [...] This all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes (PDF) a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex." There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services. Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes -- and especially their persistence -- points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.
Could be NSA/GCHQ false-flag operation to pin the attacks on Russia.
Don't worry I've already copied the internet onto a blank CD.
north korea's last dieing move after the nukes fail?
considering the number of new problems created and old problems made anew by the Internet (tm), taking it down isn't necessarily a bad thing.
ELOI, ELOI, LAMA SABACHTHANI!?
...it's called probing. Not to engage, but to evaluate.
Is Learning How To Take Down the Internet.
Unfortunately they are still learning, as the convoluted summary makes no fucking sense.
ok then
Does this mean my Internet's won't work?
How will I check my fridge when I am out of town?
I trust you are on an "unlimited" data plan?
"All your Internet Bases are belong to us!"
Awhile back I used up a couple weeks of vacation time I had accumulated. First I got the idea in my head, why don't try powering my phone off for awhile?. After a few days of withdraw I started to feel liberated. From there I abandoned email and the internet entirely. More withdraw was followed by an even greater sense of liberation. It was like breathing for the first time. After a hair over a week, I grudgingly came back to virtual reality. But damn was that disconnected time wonderful.
Brought to you by Carl's Junior.
1) Notice problem.
2) Look at logs/whatever and verify insane traffic levels.
3) Throttle/block source at router.
4) Repeat for every upstream switch that is impacted by the attack. For those which you don't control, call (yes call) up your peer and inform them of the issue so they may do the same.
1-3 can be automated fairly easily
4 can be automated with cooperation, agreements, established procedures, responsive personnel, etc. (4 isn't going to be automated.)
5) Inform zombie ISP customers they're part of a botnet / get authorities after the operators.
6) Cut customers off from the internet until they clean their shit up / throw people in jail or block their host country (Russia / Brazil / China) until the respective authorities put people in jail.
1-3 are all you need as a network operator concerned about other shit on your network.
1-4 are what you need to get the DDoS target accessible again.
5 and 6 are what the internet needs in general.
Ready to move on to the 40 Gbps backbone 100 Gbps fast Internet 3 and leave all you civilians behind to complain why we can't do better.
-- Tigger warning: This post may contain tiggers! --
Break our Internet, burn in nuclear fire.
"The data I see suggests China, an assessment shared by the people I spoke with."
Of course, that will be buried in these comments that it's a US false flag, that obviously it's the US that's responsible, etc.
It couldn't possibly be someone like China.
"What's this big red cable do? Let me just adjust the cable so I can walk by the rac "
Except, from TFA, "The data I see suggests China, an assessment shared by the people I spoke with."
But that's impossible in your mind...it has to be the US. It could never be a US adversary with principles that run decided counter to internet freedom, human rights, and so on. Clearly this is a US effort to leave itself a capability to "take down the internet", when we are the ones ceding control of ICANN and IANA.
I wonder who would stand to benefit from an Internet black out during the US presidential election?
Cwm, fjord-bank glyphs vext quiz
I'll be "that" guy, the vast majority of elint ferret missions did not overfly the Soviet Union... they would fly parallel to the border and record electronic emissions. One particular stunt they did pull was have a SAC bomber head straight at Soviet airspace to illicit a response which the elint plane would record, generally the bomber diverted right before it hit Soviet air space but there were rare incursions. And the Soviets did the same thing but it was generally with European countries and not the US because that's were any conventional war would have been executed. What a lot of people don't realize is that the Soviets did shoot some of these planes down and ~100 US airmen died on these missions (always listed as training mishaps). These activities inadvertently contributed to the Korean Airlines 007 shootdown. The most common elint plane at that time was one of the RC-135 variants, a four engine jet that vaguely has the same configuration as a 747. The Soviets thought it was a ferret mission and shot it down.
Nah, they only copied the good stuff. One blank CD is probably overkill, but who has floppies or zip drives any more?
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
You just have to love the work of Google's DeepMind projects!
Once China's great firewall is updated to RedOS 2.0. They can turn off the "Internet" and keep the good times rolling behind their borders...
But of course...
If the NSA can't OWN the Internet. It will do the next best thing, and throw a tantrum and shut it off.
"If we can't have it.. nobody can!"
At least Cuba is safe from this.
640k ought to be enough for anybody to back up the Internet.
yea...that
I hope it's US DoD trying to catch up on cyber security. Or maybe not. I'm not sure who's scarier, foreign governments or our own. Not that I like terrorists, but I'm pretty sure we all need to be more worried about all the the "official" guys we willingly bought nukes and stuff for than we do about the "alquiedas" who might like to steal one.
dying.
"I do not agree with what you say, but I will defend to the death your right to say it"
For far too long we've allowed people to buy computers, hook them up to the internet with crappy "AV" software, let the end-user allow the subscription to end, not install security updates, and do literally everything else they can do to compromise security. In effect, it's like letting a drunk driver to drive around in his car after allowing him to cut his break lines, and shove a heavy rock on the accelerator. There needs to be something that holds people accountable to do a bare minimum number of things.I realize that simple things like having a decently ranked AV, keeping it and the OS updated, keeping critical programs updated, and ensuring that home passwords are sufficiently complicated won't stop every single attack. But neither will simply telling people they should't drive drunk. That's why we have laws and cops and revokation of driver's licenses, fines, and jail time. At some point, end users need to be held accountable.
Use an SD card you clod! I mean they are twice the capacity a CD is, and require no moving parts. And an SD card fits into a small box amongst your camping gear... for secret storage. I mean you are only copying the 'good parts' right?
I really think the company should use every they have got.
"Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains."
Somebody who has no idea how anything works must have written this.
Is the moderation system disabled? That one deserved a "good question" mod, but the closest approximation here would be "insightful". Not only that post, but no "insightful" mods yet. That led me to check for "funny" mods, too, and couldn't find any. Anyway, I can't give you a mod point since I never get any. Many years now...
I still think that most of the spam and scams are motivated by profit, and most of the time the way to fix the problem is to figure out the business model and break it. Unfortunately, only one major success story I can think of: The demise of the pump-and-dump spam scams. After several research papers proved the scammers were essentially printing their own money, they changed the rules of the game to stop it, and the stock-touting spam went away.
Focusing on your narrow question about the presidential election, the answer is intuitively obvious to the most casual observer. America has real enemies and all of them benefit from the effective paralysis of the American government. That means ALL of America's enemies and wannabe enemies are looking at the problem in terms of their OWN profits. Some of them (like Russia) are playing short-term games for money to be harvested next week, but many (like China) are playing for the long-term, seeking power that will later translate into money.
Their calculus is not limited to your "Internet black out" (sic) scenario, but would include all sorts of attack scenarios. However, I think it is obvious that a large-scale Internet blackout extremely close to the election would help Trump because it would probably cripple the Democratic GOTV efforts.
I'm more concerned with why Windows 10 is so great for pwning. Hint: Microsoft has no financial liability and the ISPs don't care as long as you pay your bill.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
The latest Internet version from Vivaldi, version 1.4, wrote 1 TB to my SSD yesterday (by memory allocation and Windows swap) - thanks Vivaldi!
You're kinda sensitive, aren't ya? Sure it could be the Chinese, or the Romanians controlling Chinese machines, or all those Chinese routers. Don't hold out on us man. Tell us what you replaced DNS with.
“He’s not deformed, he’s just drunk!”
Just save it to the cloud! That way, when the internet goes down, you can still run your sites through your smartphone!
and they ensure that the company uses every [sic] they have got, leaving them with no choice but to demonstrate their defense capabilities to the attacker.
This doesn't make sense. To require them to use every defense they have would require the attacker to be precisely calibrated with the defenses the company has.
It's much more likely that the attacker has more offenses that the company doesn't have defenses for or that the attacker has fewer attacks and that the company has defenses that are not employed.
Even more likely is a disjoint match - the attacker has attacks the company is not prepared for and the company is prepared for some attacks the attacker is not employing.
The only way the statement could make sense as written is if the attacker has a priori inside knowledge of the companies' defenses. That would be a much bigger story. More likely is that at least some of the claims in the article are not well-founded and/or outright propaganda.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Wait, the Internet is up to version 1.4 already?
When did it move out of beta?
My computer often freezes with the beachball of death or disappearing cursor. Some runaway application, interacting with OS memory managment or UI services and devices, has managed to DOS my computer. Often a reboot is the only solution.
But what was the real problem? The fact that someone designed an OS that allows runaway processes and memory managers and what not to completely dominate all other processes, or to completely hijack key devices.
Why would an OS not have a more effective segmentation; a hierarchy, which enforces rules like:
- Never dominate the pointer movement and rendering, ever, for any reason
- Give the process kill user interface (red button, X), and the process termination procedure, absolute highest priority as well.
- Have a high-priority command shell process.
- Don't let background processing and user-process memory use ever dominate and freeze user interface rendering. Probably requires a separate CPU core just for talking to the graphics subsystem.
Seems like an off-topic aside maybe?
But the same principle should be applied to Internet design.
- A backchannel allowing sys-admin commands (at low data rates only) to get through the network should have highest priority and not be affected at all by overcapacity on other "channels".
- A low data rate channel permitting only low-frequency-of-send email / messaging protocol to get through should be next in line. By design it should not permit flooding. Its functioning should be entirely independent of any DDOSable level.
- A level which supports general web-ish and messaging protocols but for trusted authenticated communicators only.
- Finally, separated from the other levels at every switch, router, and network card, something akin to the current DDOS-ABLE level where anything goes.
Where are we going and why are we in a handbasket?
Bill, you're back!
While funny, you do bring up a good point though.
I've been slowly backing up a lot of important stuff for offline use.
Good wikipedia articles, any linked pages to said articles, on a range of useful topics. (especially survival, science, industry and society)
Useful software, algorithms, techniques and such.
As it stands right now, being realistic, there is going to be a massive shitstorm of epic proportions coming in the next decade.
Even though society generally tends towards stability, I feel these efforts are slowly failing.
The internet is where one of these shitstorms are going to happen initially, as it already is now. (and accelerating at that, as Bruce stated)
Cyber warfare has exploded over the past 5 years, more than it has the rest of the time the internet has been around.
We've been hardening software more and more, but we can't change the fundamentals of how the internet works, and that opens it to basic attacks that can cripple systems due to sheer numbers. It is trivial to buy some servers off a site and DDoS another site without the owner ever being the wiser until it happens. Trickle DDoSes can do it and never be noticed, whereby sheer numbers using low-bandwidth all attack a server and overload it, and any sysadmin looking at it would never really question it because it could be anything from a web crawler, malware scanner, or an archiver.
Something big will happen. Likely sooner rather than later. It is only a matter of time before something big is fucked over and it causes all kinds of ass-mad.
So having a backup of useful things so you can continue to consume them even if the internet ends up going brown-out on us because of regular attacks, it can't hurt.
You can fit wikipedia on a memory stick no larger than a micro-penis.
640k ought to be enough for anybody to back up the Internet.
Bill Gates is that you?
Whoever is doing it could easily be using AI. They're doing much more complicated things with AI.. meanwhile the internet is a graph with a fully open api. I'm no expert but it seems to me this would be absolutely trivial once you've probed the defenses. Heck, you gather information on the defenses of so many companies you can train the ai to know what the best attack is .... they could drop every company connected to the internet in seconds.
Or hold it for ransom.
Admittedly its been a while since my network theory classes (and some minor hands on, Cisco router setup) in college but is it even possible to "take down the internet"? Sure you can disrupt areas of it for a while, maybe even take down certain parts for a short time if you have especially vulnerable hardware (cant be reloaded from backups after compromise) but taking down the whole internet? That's a little like trying to take down the road network, sure you can bomb a few key bridges/roads and cause some nasty traffic jams but bombing every bridge and road would be a monumental undertaking. In reality society reroutes around the trouble until the assailants are caught/killed and reconstruction is completed. The only way I can see it really happening if some idiots at the CIA/NSA got backdoors put in a lot of internet backbone hardware and someone exploited it.
Seriously, We need to create more virtual networks at the backbone level, and fully separate utilities, military, stock brokers, etc from the main arena. After all, while a nuclear plant needs to communicate with others, what need does it have to actually talk to the business office? none. The same is true of other Areas.
I prefer the "u" in honour as it seems to be missing these days.
Wait, the Internet is up to version 1.4 already?
When did it move out of beta?
Don't worry about beta versus 1.4; Google will cancel the project shortly and the World Wide Web will be history.
no, I am pretty sure he means they are literally pouring molten iron into the internet.
badselfeater.com (the federal beast...) Maybe we will find out in a few hours!? @ 7PM EST their countdown timer hits 0...
Walk with Music;
The solution to DDoS Attacke is peer-to-peer. Thank goodness DNS already works that way. If Verisign goes down, the information is still available in a DNS server near you. Mail will still work. WhatsApp may be not, but hey we can still use SMS.
nice use of "what all". feels down-home.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
n/t
Have gnu, will travel.
I do remember hearing Wikipedia maintains an offline variant people can grab, like 16GB.
First off all, ISP's ought to automatically detect abnormal traffic patterns to their clients and start blocking it in a temporary access control list that would expire after some time. There should be a protocol to share this temporary ACL upstream (how far upstream TBD depending on the size of the ACL vs how much routers can fit in RAM). If a source address is continually on the ACL then the ISP owning the address should be automatically notified so that they can take action against the client. If an ISP doesn't take action to cut off these users until they clean any infections / stop being malicious then other ISP's should cut off that ISP.
Yes it would be painful at first but the more that ISP's police each other and their clients then the more botnets would shrink.
This doesn't seem too far-fetched given China's traditional hostility to freely-available information versus the U.S.'s scary degree of dependence on the Internet.
Is it possible to roll back to an earlier version? Even though it is rather old, the pre-AOL one wouldn't be too bad. Maybe the one before Canter & Seigel? Heck, I'd take the one before Eternal September.
only they have so many ways into remote computers, and a pool of so many compromised machines to use for malicious attacks like this. My connection basically drops to under 10% capacity several dozen times a day, since a month or so back. The world needs to stand up and force the U.S to come in line and stop attacking us like this, before they do something really bad.
Some of the major companies that provide the basic infrastructure that makes the internet work have seen an increase in DDoS attacks against them, says Bruce Schneier.
This all is consistent with what Verisign is reporting.
Is it? The way I understand it, verisign reports that their customers (verisign sells DDoS migitation services it turns out) have seen more and larger DDoS attacks in 2016, not attacks against verisign's infrastructure.
The article sells this as nation states preparing for war.
Didn't "they" take down an Israeli couple that is allegedly responsible for "a majority" of DDoS attacks in the last few years? (http://gizmodo.com/israeli-teens-arrested-in-connection-with-majority-of-1786495231) Don't they know have the couples records including roads toward finding and prosecuting customers?
Verisign stuff is about encryption, not basic TCP/IP.
The fundamental design of ARPANET aka the Internet paradigm is robustness against single-point attacks. It was built for a nuclear war. That decreases with "cloud" because there are fewer amazon data-centers than homes in the US.
I think TOR is about secure protocols. The Onion Router - layers and all. I don't know it, but I'm just thinking. If I wanted a "sonar" to do large scale digging in there then live network traffic monitoring plus the ability to perform scaled throttle on a centralized CA might be good for such a thing. Certificate delays might allow me to "tag" certain packets.
Banks love secure protocols. Perhaps someone is staging for an attack there.
It could, but they don't have a record of attacking and subverting other countries, such as the U.S record. And it's clear they don't have remotely so many exploits and compromised computers on the Internet available to them, as the U.S has - what's happening now is clearly the U.S' doing.
"Versign report summarizing Q2 2016 DDOS Attacks: there is a map on page 12, showing that the vast majority of attacks came through from the USA, Germany, and Great Brittain. China, Russia, Brazil, and N.Korea hardly have any presence."
Did you get it demagnetized by The Hawk, himself, first?
No really, let it burn to the ground and not come back.
2 things will happen:
1 - The next 'net will be more resilient to attack.
2 - People might actually go outside for a change.
but thy countenanced of Bruce Schneir, perish thus wilt I tgou mightest ^H9000 f*ck you Bruces, all of yeah.
Maybe considerations should have been made beforehand, especially when considering Cloud Services, to the possibility of what happens to your shit and your business plans when the inevitable blowups happen?
Nah..... Just throw some more bandwidths and redundancies at the attackers, or something.
Nah, it's probably just C'thulhu looking around.
rm -rf http://./
There has been talk recently about the US ceding control of the internet. Maybe they want to be certain they can break it if they have to.
I am glad to see some attention being put to our exponentially growing FRAGILITY, as we race to replace all "dumb" infrastructure with really stupid plans for "smart" IOT everywhere. So thanks for the post. But I don't have a lot of hope. All the SF books and stories in the world haven't prevented our mad race to surrender all our privacy and create all the trappings required for totalitarianism way beyond anything imaginable in Brave New World. So, why should I hope that we will pull back from this race to make computers and buggy software the ultimate arbiters of all our cars, planes, stoves, heating systems, refrigerators, washing machines, toilets, door knobs, etc. etc. etc. I used to think humans were too smart to fall for anything so transparent. But here we are -- and racing headlong toward nightmare. Yeah, IOT. Humans haven't evolved their common sense and self control in thousands of years so we might as well go for AI and IOT in everything.
He is in the FUD business now. No longer to be trusted.
The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it's possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the US decides to make an international incident over this, we won't see any attribution.
Sounds like asking for action. Plus, disguised praise for their control over the world.
Who would do this? It doesn't seem like something an activist, criminal, or researcher would do.
Corporate criminal hackers and activists don't do this kind of thing? DDoS is classic hacktivism but doesn't make sense if it doesn't work. There are groups that sell DDoS attacks, wouldn't they be interested in doing this kind of test? Some were arrested a few days ago.
I don't know why or how, but that just made my day so much brighter. /hat tip
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
I always uses every they have got each time I log onto the Internet.
Yeah. That makes complete sense. Thanks for making it all so clear for me.
So BS spoke to Mandiant/Fireeye then? Cause their magic 8-ball always says china...
Maybe we'll start reading books again at the library instead of just using it for a Pokemon stop.
While Verisign might handle registrations and is a widely trusted certificate authority, they only operate 2 of the 13 root DNS servers. Numerous attempts to DDoS the root servers have happened before, yet they all failed. They're spreading FUD. Shame on them, Schneier should know better.
You seem to be advocating the user is responsible for their actions, a la the car model.
Oddly, you seem to an OS recommendation. Surely you recommend OpenBSD, correct?
You also realize anti-virus software is garbage, right?
I beat you to it. I already have it on a floppy.
Um, moderators:
Note that the GP is *the artist formerly known as 'naval information warfare officer'*. And he just sank your battleship with the incessant whining about "anti-Americanism" on Slashdot. Are we just going to join in the call for war again based on possibly "mistaken" information, like with Afghanistan and Iraq? Let's get some confirmed evidence first this time.
For sure the military don't use DNS from a public cache, and maybe not even TCP/IP anymore. I doubt very much they will suffer any denial of service attacks from the public internet. I hope they're not that dumb.
*New name: cryptologic warfare officer.
Was it blank before or after you copied it?
I do not block ads. I do block third party scripts.
The "Vivaldi Internet" is.
(My post was a reply to "got the Internet on CD-ROM" you have to read it in context.)
("Google Internet" is at version 52!! (It bombs? Maybe that explain the Vivaldi behavior since it's based on Chrome))
Why not just use them a a weapon by giving them exclusively to the Internet 2 backend. Who will be the last one standing?
Computers dont need the internet to work.
Theres really not anything interesting or vital enough to fill that 640k though. Might be some left iver space for you to store a few bitcoins ..oh wait they would be the first thing to be worthless without internet (if they arent already)
HELP! I accidentally the whole internet!
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
CRTL+P
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
or CTRL, whatever.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
Combined SCP-355 into one handy source?
http://www.scp-wiki.net/scp-335
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
new domains would be limited or stopped, existing domains would work just fine. bruce should crawl back in his hole.
nothing to see here - move along
I geoblock entire nations for this reason. Most of the shit stain DDOS botnet traffic and hacking attempts are coming from China or Russia but I tossed in places like Syria, Iran, North Korea, etc in as well. Essentially, anyone investing in rogue hacking teams. And, my iptables are set up for whitelisting, in other words instead of leaving everything open and trying to pin down particular services to block I simply block all ports by default and only open the ones I absolutely need. I also try to keep the number of daemons required down to a bare minimum, e.g. if the server doesn't need a web presence there is no web daemon, don't allow NTPd, bind or smtp connections, etc. If you need one of those services, be prepared to secure them and keep a closer eye on your server, i.e. tripwire, logcheck, logwatch, tiger, rkrun, chkrootkit -> shoot all of those emails to a third party email services like gmail w/ 2fa so if you do get compromised they can't falsify your logs and hide what they've done.
If you want a vision of the future, imagine a September that never ended - forever.
- For the complete works of Shakespeare: cat
Twice the capacity?
http://www.newegg.com/Product/...
http://www.newegg.com/Product/...
or even
http://www.newegg.com/Product/...
SD card (200GB) is so much more than twice a CD (700MB) or even a Blu-Ray disk (50GB) as to be laughable.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
That is what all this cloud stuff is, they just want to bring back the mainframe days.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
fall.
North Korea.
I doubt they would make it past the nukes falling though as the US has easily enough to hit the whole of North Korea.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
This is why we can't have nice Internets.
Also, while I'm reasonably certain multiple state actors are involved, how much do you want to bet the US TLAs are in there too? The escalation logic of Risk comes to mind.
"If a potential enemy is characterizing the defenses on the internet, then we must characterize the internet defenses too. We cannot have an internet knowledge gap!"