Someone Is Learning How To Take Down the Internet, Warns Bruce Schneier

Some of the major companies that provide the basic infrastructure that makes the internet work have seen an increase in DDoS attacks against them, says Bruce Schneier. He adds that these attacks are of much larger scale -- including the duration -- than the ones we have seen previously. These attacks, he adds, are also designed to test what all defense measures a company has got -- and they ensure that the company uses every they have got, leaving them with no choice but to demonstrate their defense capabilities to the attacker. He hasn't specifically shared details about the organizations that are under attack, but what little he has elaborated should give us a chill. From his blog post: [...] This all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes (PDF) a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex." There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services. Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes -- and especially their persistence -- points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

Someone Is Learning How To Take Down the Internet

[JustNiz]

Don't worry I've already copied the internet onto a blank CD.

Re:False flag operation?

[fustakrakich]

Or it could be Russia trying to make us think it is an NSA/GCHQ false-flag operation to pin the attacks on Russia.

But we know that they know that we know....

Re:not necessarily a bad thing

[npslider]

Work place productivity would skyrocket... ... Until the Internet withdrawal symptoms kick in.

TFS leaves out most important piece ignoring info

[daveschroeder]

"The data I see suggests China, an assessment shared by the people I spoke with."

Of course, that will be buried in these comments that it's a US false flag, that obviously it's the US that's responsible, etc.

It couldn't possibly be someone like China.

Interesting timing

[CODiNE]

I wonder who would stand to benefit from an Internet black out during the US presidential election?

Re:DDoS Defense

[cfalcon]

The problem is that DDOS is a core vulnerability based on how the internet is built. If you get packets that should go somewhere, you try to push them there. You don't know that the guy who handed them to the guy that handed them to the guy that handed them to you is a botnet node: you just know packets go a place. You forward them.

Eventually, you hit a point where someone in that link COULD figure out that packets are part of a DDOS, but in the current model, that's just too damned far along.

Re:False flag operation?

Or it could just be a windows 10 update.

Re:not necessarily a bad thing

[waTeim]

This viewpoint is almost the opposite of reality. Losing the Internet is among the worst things that could happen.

Re:DDoS Defense

[sexconker]

DDoS patterns are pretty obvious, and you don't need fancy DPI either.

Happy-go-lucky packet forwarding works when everyone plays by the rules. That's not the case. You have to respond, and the ONLY response is to throttle/block the traffic. The further upstream you do this the more effective it is, but the wider impact it has for legitimate traffic. That's why step 4 is critical for the target.

It's a very simple solution to a very simple problem. DDoS is just the normal internet at an abnormal scale. All effective responses go against the general design of the internet because they involve removing a host from the internet or portions of it. So you want to limit responses to be as close to the source as possible to avoid impacting all the good actors.

Re:DDoS Defense

[Alomex]

This is why slashdot sucks so much. I started reading /. back when the UIDs where in the 10k range, and only people who really knew about the subject would comment. It took me many months before I saw a topic I could contribute to with enough insight, hence my 100K UID.

Now, we have captain obvious noob giving a trivial "shut down" solution, which only works when the botnet is concentrated in an arrogant tone to the security experts in Verisign and Bruce Schneier. To top it off it gets ranked +4 Insightful.

p.s. Can we add a moderation score of -1 Rolls eyes?

Re:At what point do end-users become responsible

[codeButcher]

I hear your cry about antivirus software.

A website the other day detected 432 viruses on my computer. Thankfully, it also provided a link to download some high quality antivirus software that resolved the problem.

I'm glad to say I'm now part of the solution and not of the problem any more.