The cyberattack that disrupted a number of major websites including Amazon, PayPal, Twitter and Netflix on Oct. 21 certainly was no accident. In fact, a renowned security guru thinks someone is learning how to take down the Internet.
That expert predicted several weeks earlier that it would happen.
“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet,” Bruce Schneier wrote on September 13. “These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down.”
Internet infrastructure companies noticed a big upswing in attacks in recent months, Schneier wrote. Those attacks, in fact, were similar to the one that knocked out the company Dyn, which provides critical services to Amazon and the other companies that went down. On Oct. 21, hackers launched a massive distributed denial of service (DDOS) attack on Dyn, overwhelming the system and causing it to crash.
“If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS),” Schneier wrote on his blog and at LawFareBlog.com. “… Basically it means blasting so much data at the site that it’s overwhelmed. These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.”
Recently, “some of the major companies that provide the basic infrastructure that makes the Internet work” have seen an increase of such attacks, wrote Schneier, who is chief technology officer of IBM subsidiary Resilient Systems Inc., a fellow at Harvard Law School’s Berkman Center for Internet and Society, and a board member at the Electronic Frontier Foundation.
“These attacks are significantly larger than the ones they’re used to seeing,” Schneier wrote. “They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.”
The attacks, in fact, are so strong that the “companies have to use everything they’ve got to defend themselves.”
“They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker,” Schneier wrote.
One of those companies is Verisign, which is the registrar for many popular websites.
“If it goes down, there’s a global blackout of all websites and e-mail addresses in the most common top-level domains,” he wrote, referencing .com and net.
Verisign’s latest public report said that attacks have “continued to become more frequent, persistent, and complex.”
Who is doing the attacking? Schneier believes it is a nation.
“It feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar,” he wrote. “It reminds me of the U.S.’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities. … The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it’s possible to disguise the country of origin for these sorts of attacks.
“The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the U.S. decides to make an international incident over this, we won’t see any attribution.”
What is your reaction? Share your thoughts in the section below: