Slashdot Mirror

← Back to Stories (view on slashdot.org)

Someone Is Learning How To Take Down the Internet, Warns Bruce Schneier (schneier.com)

Posted by msmash on from the storm-is-coming dept.

Some of the major companies that provide the basic infrastructure that makes the internet work have seen an increase in DDoS attacks against them, says Bruce Schneier. He adds that these attacks are of much larger scale -- including the duration -- than the ones we have seen previously. These attacks, he adds, are also designed to test what all defense measures a company has got -- and they ensure that the company uses every they have got, leaving them with no choice but to demonstrate their defense capabilities to the attacker. He hasn't specifically shared details about the organizations that are under attack, but what little he has elaborated should give us a chill. From his blog post: [...] This all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes (PDF) a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex." There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services. Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes -- and especially their persistence -- points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

9 of 237 comments (clear)

  1. not necessarily a bad thing by Lead+Butthead · · Score: 2, Insightful

    considering the number of new problems created and old problems made anew by the Internet (tm), taking it down isn't necessarily a bad thing.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
    1. Re:not necessarily a bad thing by waTeim · · Score: 5, Insightful

      This viewpoint is almost the opposite of reality. Losing the Internet is among the worst things that could happen.

    2. Re:not necessarily a bad thing by drinkypoo · · Score: 3, Insightful

      This viewpoint is almost the opposite of reality. Losing the Internet is among the worst things that could happen.

      It's basically identical to the situation with the two-party system in American politics. Until it actually crashes, nobody is going to bother to build a better system, because that's hard. It's better if the internet goes down now than in fifty years when we're really dependent on it for everything. We must build a better internet by then (meshed? entirely cooperative?) or someone surely will take it down and it will be the worst thing that could happen.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. TFS leaves out most important piece ignoring info by daveschroeder · · Score: 5, Insightful

    "The data I see suggests China, an assessment shared by the people I spoke with."

    Of course, that will be buried in these comments that it's a US false flag, that obviously it's the US that's responsible, etc.

    It couldn't possibly be someone like China.

  3. Interesting timing by CODiNE · · Score: 4, Insightful

    I wonder who would stand to benefit from an Internet black out during the US presidential election?

    --
    Cwm, fjord-bank glyphs vext quiz
  4. What is this gibberish? by Anonymous Coward · · Score: 2, Insightful

    "Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains."

    Somebody who has no idea how anything works must have written this.

  5. Re:DDoS Defense by Alomex · · Score: 4, Insightful

    This is why slashdot sucks so much. I started reading /. back when the UIDs where in the 10k range, and only people who really knew about the subject would comment. It took me many months before I saw a topic I could contribute to with enough insight, hence my 100K UID.

    Now, we have captain obvious noob giving a trivial "shut down" solution, which only works when the botnet is concentrated in an arrogant tone to the security experts in Verisign and Bruce Schneier. To top it off it gets ranked +4 Insightful.

    p.s. Can we add a moderation score of -1 Rolls eyes?

  6. Re:Good. Go smell the flowers. by Anonymous Coward · · Score: 3, Insightful

    Don't be an idiot.
    Really

    This isn't about being personally liberated from the internet. This is about attacking critical infrastructure. This is like the paving of every interstate in the country disintegrating overnight.

    Sure, there would be lots of time for people to sit at home and enjoy the flowers. Meanwhile 99% of the population would immediately begin to run out of food and within a week chaos would reign - most people would have no job to work and no food to eat. The economy would take a massive pounding.

    Captcha: pounding

  7. Re:At what point do end-users become responsible by DRJlaw · · Score: 3, Insightful

    Woooossshhhhhhh....