Slashdot Mirror

← Back to Stories (view on slashdot.org)

Someone Is Learning How To Take Down the Internet, Warns Bruce Schneier (schneier.com)

Posted by msmash on from the storm-is-coming dept.

Some of the major companies that provide the basic infrastructure that makes the internet work have seen an increase in DDoS attacks against them, says Bruce Schneier. He adds that these attacks are of much larger scale -- including the duration -- than the ones we have seen previously. These attacks, he adds, are also designed to test what all defense measures a company has got -- and they ensure that the company uses every they have got, leaving them with no choice but to demonstrate their defense capabilities to the attacker. He hasn't specifically shared details about the organizations that are under attack, but what little he has elaborated should give us a chill. From his blog post: [...] This all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes (PDF) a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex." There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services. Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes -- and especially their persistence -- points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

48 of 237 comments (clear)

  1. False flag operation? by Anonymous Coward · · Score: 3, Interesting

    Could be NSA/GCHQ false-flag operation to pin the attacks on Russia.

    1. Re:False flag operation? by fustakrakich · · Score: 5, Funny

      Or it could be Russia trying to make us think it is an NSA/GCHQ false-flag operation to pin the attacks on Russia.

      But we know that they know that we know....

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:False flag operation? by npslider · · Score: 2

      But if they know that we know that they know, we knew...who are they again?

    3. Re:False flag operation? by Anonymous Coward · · Score: 5, Funny

      Or it could just be a windows 10 update.

    4. Re:False flag operation? by ndogg · · Score: 2

      Or it could be NSA/GCHQ spies working for the Russians trying to make us think that it's a NSA/GCHQ false-flag operation to pin the attacks on Russia.

      --
      // file: mice.h
      #include "frickin_lasers.h"
  2. Someone Is Learning How To Take Down the Internet by JustNiz · · Score: 5, Funny

    Don't worry I've already copied the internet onto a blank CD.

  3. not necessarily a bad thing by Lead+Butthead · · Score: 2, Insightful

    considering the number of new problems created and old problems made anew by the Internet (tm), taking it down isn't necessarily a bad thing.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
    1. Re:not necessarily a bad thing by npslider · · Score: 4, Funny

      Work place productivity would skyrocket... ... Until the Internet withdrawal symptoms kick in.

    2. Re:not necessarily a bad thing by npslider · · Score: 2

      I have a simple fix:

      Tell the workers that whoever gets their TPS reports in first gets "First Post".

    3. Re:not necessarily a bad thing by waTeim · · Score: 5, Insightful

      This viewpoint is almost the opposite of reality. Losing the Internet is among the worst things that could happen.

    4. Re:not necessarily a bad thing by The-Ixian · · Score: 2

      Who said anything about going to pen and paper? Just unplug the WAN port...

      Oh wait... the cloud... I forgot...

      --
      My eyes reflect the stars and a smile lights up my face.
    5. Re:not necessarily a bad thing by drinkypoo · · Score: 3, Insightful

      This viewpoint is almost the opposite of reality. Losing the Internet is among the worst things that could happen.

      It's basically identical to the situation with the two-party system in American politics. Until it actually crashes, nobody is going to bother to build a better system, because that's hard. It's better if the internet goes down now than in fifty years when we're really dependent on it for everything. We must build a better internet by then (meshed? entirely cooperative?) or someone surely will take it down and it will be the worst thing that could happen.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    6. Re:not necessarily a bad thing by execthis · · Score: 2

      I have a simpler one: Cut China, Russia, Ukraine & Nigeria the fuck off the Internet

    7. Re:not necessarily a bad thing by fintux · · Score: 2

      Maybe you don't realize how much people are indirectly dependent on the internet. If internet is taken down, a lot of other services will go down as well. For example, without internet banking, the banks will not be able to handle the inflow of customers anymore. I don't know how much grocery stores depend on the internet for things like ordering food etc., but I would assume they do that. Public transport may use the internet, and with hindered public transport, the streets will get more clogged. Lots of work gets almost impossible due to multi-site collaboration no longer working properly. The internet is also used more and more in health care.

      All in all, the internet is so much more than just the web pages. I sure hope things like the power grid or the telephone network are still managed on a completely separate channel, but I don't really have facts on that.

  4. Re:north korea's last dieing move after the nukes by npslider · · Score: 3, Funny

    "All your Internet Bases are belong to us!"

  5. Good. Go smell the flowers. by wjcofkc · · Score: 2, Interesting

    Awhile back I used up a couple weeks of vacation time I had accumulated. First I got the idea in my head, why don't try powering my phone off for awhile?. After a few days of withdraw I started to feel liberated. From there I abandoned email and the internet entirely. More withdraw was followed by an even greater sense of liberation. It was like breathing for the first time. After a hair over a week, I grudgingly came back to virtual reality. But damn was that disconnected time wonderful.

    --
    Brought to you by Carl's Junior.
    1. Re:Good. Go smell the flowers. by Anonymous Coward · · Score: 3, Insightful

      Don't be an idiot.
      Really

      This isn't about being personally liberated from the internet. This is about attacking critical infrastructure. This is like the paving of every interstate in the country disintegrating overnight.

      Sure, there would be lots of time for people to sit at home and enjoy the flowers. Meanwhile 99% of the population would immediately begin to run out of food and within a week chaos would reign - most people would have no job to work and no food to eat. The economy would take a massive pounding.

      Captcha: pounding

    2. Re:Good. Go smell the flowers. by Falos · · Score: 2

      I once traveled to the Outside. Turns out the Normals are actually fairly friendly. They were very worried when the Daystar began cooking me red and offered me water.

      3/5, would not spelunk again.

  6. Re:I've got it figured... by npslider · · Score: 2

    "Probing" you say?

    I'd say it's them dern aliens! Back in '67 I was driving in my good old '57 Chevy when I saw a bright light above me...

    Never could sit on the Jon the same way after that.

  7. Re:Someone - or - Something... by npslider · · Score: 2

    As long as my Badger Badger Badger Mushroom song keeps playing... I be happy.

  8. DDoS Defense by sexconker · · Score: 2, Interesting

    1) Notice problem.
    2) Look at logs/whatever and verify insane traffic levels.
    3) Throttle/block source at router.
    4) Repeat for every upstream switch that is impacted by the attack. For those which you don't control, call (yes call) up your peer and inform them of the issue so they may do the same.

    1-3 can be automated fairly easily
    4 can be automated with cooperation, agreements, established procedures, responsive personnel, etc. (4 isn't going to be automated.)

    5) Inform zombie ISP customers they're part of a botnet / get authorities after the operators.
    6) Cut customers off from the internet until they clean their shit up / throw people in jail or block their host country (Russia / Brazil / China) until the respective authorities put people in jail.

    1-3 are all you need as a network operator concerned about other shit on your network.
    1-4 are what you need to get the DDoS target accessible again.
    5 and 6 are what the internet needs in general.

    1. Re:DDoS Defense by The-Ixian · · Score: 2

      Unless the attack is the type that uses perfectly normal HTTP GETs (or other expected traffic)... just from 10,000,000 sources at once... Like an old fashioned /.ing, only bigger. There is no defense against something like that other than to throttle all HTTP (or whatever) connections... but that ends up achieving the goal of the attacker anyway.

      This has been demonstrated already by the Chinese government by altering unencrypted HTTP traffic to add a bit of javascript to sessions inbound to the country so that regular browsers would make a connection to the target site.

      --
      My eyes reflect the stars and a smile lights up my face.
    2. Re:DDoS Defense by cfalcon · · Score: 4, Interesting

      The problem is that DDOS is a core vulnerability based on how the internet is built. If you get packets that should go somewhere, you try to push them there. You don't know that the guy who handed them to the guy that handed them to the guy that handed them to you is a botnet node: you just know packets go a place. You forward them.

      Eventually, you hit a point where someone in that link COULD figure out that packets are part of a DDOS, but in the current model, that's just too damned far along.

    3. Re:DDoS Defense by sexconker · · Score: 2

      The defense is to block the bad traffic as close to the source as possible, whether it be 100 Amazon VMs in a botnet or 10,000,000 home machines infected with shit or the entirety of China.

      The internet only works if each network plays nice. DDoS has been a problem for so long because no one has the balls to cut home users or a country off, and certain governments don't give a fuck about going after botnet operators.

    4. Re:DDoS Defense by sexconker · · Score: 4, Interesting

      DDoS patterns are pretty obvious, and you don't need fancy DPI either.

      Happy-go-lucky packet forwarding works when everyone plays by the rules. That's not the case. You have to respond, and the ONLY response is to throttle/block the traffic. The further upstream you do this the more effective it is, but the wider impact it has for legitimate traffic. That's why step 4 is critical for the target.

      It's a very simple solution to a very simple problem. DDoS is just the normal internet at an abnormal scale. All effective responses go against the general design of the internet because they involve removing a host from the internet or portions of it. So you want to limit responses to be as close to the source as possible to avoid impacting all the good actors.

    5. Re:DDoS Defense by sexconker · · Score: 2

      Shut down the internet for bad actors, yes. You can't let bad hosts play on your network and then expect your network to be invited to the party all the other networks are throwing.

    6. Re:DDoS Defense by Alomex · · Score: 4, Insightful

      This is why slashdot sucks so much. I started reading /. back when the UIDs where in the 10k range, and only people who really knew about the subject would comment. It took me many months before I saw a topic I could contribute to with enough insight, hence my 100K UID.

      Now, we have captain obvious noob giving a trivial "shut down" solution, which only works when the botnet is concentrated in an arrogant tone to the security experts in Verisign and Bruce Schneier. To top it off it gets ranked +4 Insightful.

      p.s. Can we add a moderation score of -1 Rolls eyes?

    7. Re:DDoS Defense by A+Big+Gnu+Thrush · · Score: 2

      I started reading /. back when the UIDs where in the 10k range

      Yeah, I think it was always crap. Remember Signal 11? Jon Katz? The ignorant are drawn to comment sections.

    8. Re:DDoS Defense by postbigbang · · Score: 3, Informative

      There's wisdom in what you say, but the ACL black hole list could be miles long. My own iptables list is pages long, and grows every day.

      I don't think that ISPs give a shit, and there's nothing and nobody to flip the blackhole switch. Even DNS tweaking isn't going to do the job. Every day my syslogs fill up with nmappers and logon failures from ugly long lists of IPv4/6 addresses.

      --
      ---- Teach Peace. It's Cheaper Than War.
    9. Re:DDoS Defense by BuGless · · Score: 2

      This is why slashdot sucks so much. I started reading /. back when the UIDs where in the 10k range, and only people who really knew about the subject would comment.

      And even Slashdot back then was ten times worse than the golden age 1988-1994 USENET already.

  9. TFS leaves out most important piece ignoring info by daveschroeder · · Score: 5, Insightful

    "The data I see suggests China, an assessment shared by the people I spoke with."

    Of course, that will be buried in these comments that it's a US false flag, that obviously it's the US that's responsible, etc.

    It couldn't possibly be someone like China.

  10. Re: As the US surrenders control of DNS by daveschroeder · · Score: 2

    Except, from TFA, "The data I see suggests China, an assessment shared by the people I spoke with."

    But that's impossible in your mind...it has to be the US. It could never be a US adversary with principles that run decided counter to internet freedom, human rights, and so on. Clearly this is a US effort to leave itself a capability to "take down the internet", when we are the ones ceding control of ICANN and IANA.

  11. Interesting timing by CODiNE · · Score: 4, Insightful

    I wonder who would stand to benefit from an Internet black out during the US presidential election?

    --
    Cwm, fjord-bank glyphs vext quiz
    1. Re:Interesting timing by swb · · Score: 2

      We have an infrastructure problem- plenty of systems assume that the internet will either always be up, or be up at least, for instance, daily.

      And it's getting worse, because the infrastructure that keeps the Internet up is starting to require the Internet actually be up.

      A cow-orker installed some Meraki switches this past weekend and they are "cloud" managed. I didn't work on it, but he said you basically needed an active Internet connection to do anything with them because there was no local management at all. And of course the switches themselves had problems, cutting off Internet access until physically rebooted at least once.

      Off the top of my head, I can only really see this being even sane if you had a dedicated management network with Internet access not dependent on the switching you needed to manage, but this mostly runs counter to much of the idea behind a management network (ie, a closed network with access limited to protect management interfaces).

      But there seems to be an increasing number of things that just don't work without Internet access, and often not because the manufacturer cheaped out and pushed intelligence to the cloud and cut the system specs, but because of licensing, DRM or because some asshat in marketing wanted to guaran-damn-tee that they got phone home data, so the device just doesn't work unless it can phone home.

  12. Re: As the US surrenders control of DNS by npslider · · Score: 2

    Once China's great firewall is updated to RedOS 2.0. They can turn off the "Internet" and keep the good times rolling behind their borders...

  13. Re:TFS leaves out most important piece ignoring in by npslider · · Score: 2

    But of course...

    If the NSA can't OWN the Internet. It will do the next best thing, and throw a tantrum and shut it off.

    "If we can't have it.. nobody can!"

  14. Re:Someone Is Learning How To Take Down the Intern by npslider · · Score: 3, Funny

    640k ought to be enough for anybody to back up the Internet.

  15. At what point do end-users become responsible by mlw4428 · · Score: 3, Interesting

    For far too long we've allowed people to buy computers, hook them up to the internet with crappy "AV" software, let the end-user allow the subscription to end, not install security updates, and do literally everything else they can do to compromise security. In effect, it's like letting a drunk driver to drive around in his car after allowing him to cut his break lines, and shove a heavy rock on the accelerator. There needs to be something that holds people accountable to do a bare minimum number of things.I realize that simple things like having a decently ranked AV, keeping it and the OS updated, keeping critical programs updated, and ensuring that home passwords are sufficiently complicated won't stop every single attack. But neither will simply telling people they should't drive drunk. That's why we have laws and cops and revokation of driver's licenses, fines, and jail time. At some point, end users need to be held accountable.

    1. Re:At what point do end-users become responsible by nuckfuts · · Score: 2

      "AV" software is practically useless.

      How about an Internet that refuses to route packets with a forged source address?

    2. Re:At what point do end-users become responsible by codeButcher · · Score: 5, Funny

      I hear your cry about antivirus software.

      A website the other day detected 432 viruses on my computer. Thankfully, it also provided a link to download some high quality antivirus software that resolved the problem.

      I'm glad to say I'm now part of the solution and not of the problem any more.

      --
      Free, as in your money being freed from the confines of your account.
    3. Re:At what point do end-users become responsible by bheerssen · · Score: 3, Funny

      I am happy to hear that you take internet security seriously. Since you seem like a kind and generous person, I would like to share with you an opportunity to make money on the internet. You could earn up to $50,000 (FIFTY THOUSAND DOLLARS!) just by following a few easy steps. If you'll kindly send me your email address, I'd be happy to provide you with details.

      --
      (Score: -1, Stupid)
    4. Re:At what point do end-users become responsible by DRJlaw · · Score: 3, Insightful

      Woooossshhhhhhh....

  16. What is this gibberish? by Anonymous Coward · · Score: 2, Insightful

    "Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains."

    Somebody who has no idea how anything works must have written this.

  17. Even the commies follow the money! by shanen · · Score: 2

    Is the moderation system disabled? That one deserved a "good question" mod, but the closest approximation here would be "insightful". Not only that post, but no "insightful" mods yet. That led me to check for "funny" mods, too, and couldn't find any. Anyway, I can't give you a mod point since I never get any. Many years now...

    I still think that most of the spam and scams are motivated by profit, and most of the time the way to fix the problem is to figure out the business model and break it. Unfortunately, only one major success story I can think of: The demise of the pump-and-dump spam scams. After several research papers proved the scammers were essentially printing their own money, they changed the rules of the game to stop it, and the stock-touting spam went away.

    Focusing on your narrow question about the presidential election, the answer is intuitively obvious to the most casual observer. America has real enemies and all of them benefit from the effective paralysis of the American government. That means ALL of America's enemies and wannabe enemies are looking at the problem in terms of their OWN profits. Some of them (like Russia) are playing short-term games for money to be harvested next week, but many (like China) are playing for the long-term, seeking power that will later translate into money.

    Their calculus is not limited to your "Internet black out" (sic) scenario, but would include all sorts of attack scenarios. However, I think it is obvious that a large-scale Internet blackout extremely close to the election would help Trump because it would probably cripple the Democratic GOTV efforts.

    I'm more concerned with why Windows 10 is so great for pwning. Hint: Microsoft has no financial liability and the ISPs don't care as long as you pay your bill.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  18. Re:Someone Is Learning How To Take Down the Intern by Alypius · · Score: 3, Funny

    Just save it to the cloud! That way, when the internet goes down, you can still run your sites through your smartphone!

  19. Re:Someone Is Learning How To Take Down the Intern by JustNiz · · Score: 2

    Wait, the Internet is up to version 1.4 already?
    When did it move out of beta?

  20. Redesign internet with a backchannel by presidenteloco · · Score: 3, Interesting

    My computer often freezes with the beachball of death or disappearing cursor. Some runaway application, interacting with OS memory managment or UI services and devices, has managed to DOS my computer. Often a reboot is the only solution.
    But what was the real problem? The fact that someone designed an OS that allows runaway processes and memory managers and what not to completely dominate all other processes, or to completely hijack key devices.
    Why would an OS not have a more effective segmentation; a hierarchy, which enforces rules like:
    - Never dominate the pointer movement and rendering, ever, for any reason
    - Give the process kill user interface (red button, X), and the process termination procedure, absolute highest priority as well.
    - Have a high-priority command shell process.
    - Don't let background processing and user-process memory use ever dominate and freeze user interface rendering. Probably requires a separate CPU core just for talking to the graphics subsystem.

    Seems like an off-topic aside maybe?
    But the same principle should be applied to Internet design.
    - A backchannel allowing sys-admin commands (at low data rates only) to get through the network should have highest priority and not be affected at all by overcapacity on other "channels".
    - A low data rate channel permitting only low-frequency-of-send email / messaging protocol to get through should be next in line. By design it should not permit flooding. Its functioning should be entirely independent of any DDOSable level.
    - A level which supports general web-ish and messaging protocols but for trusted authenticated communicators only.
    - Finally, separated from the other levels at every switch, router, and network card, something akin to the current DDOS-ABLE level where anything goes.

    --

    Where are we going and why are we in a handbasket?
  21. Re:north korea's last dieing move after the nukes by netsavior · · Score: 2

    no, I am pretty sure he means they are literally pouring molten iron into the internet.