A Dire Warning – ‘Someone Is Learning How to Take Down the Internet’

screen-shot-2016-09-15-at-4-48-19-pm

When Bruce Schneier writes a post titled, Someone Is Learning How to Take Down the Internet, you better listen.

Read his post below and share widely:

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it’s overwhelmed. These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attack. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.

I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there’s a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn’t have the level of detail I heard from the companies I spoke with, the trends are the same: “in Q2 2016, attacks continued to become more frequent, persistent, and complex.”

There’s more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.

Who would do this? It doesn’t seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It’s not normal for companies to do that. Furthermore, the size and scale of these probes — and especially their persistence — points to state actors. It feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

What can we do about this? Nothing, really. We don’t know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it’s possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the US decides to make an international incident over this, we won’t see any attribution.

But this is happening. And people should know.

As an aside, the observations noted above are consistent with some of what we have seen here at Liberty Blitzkrieg over the past year or so.

For prior articles by Schneier highlighted here, see:

Bruce Schneier: “The Internet is a Surveillance State”

“This is No Longer Fiction” – The Era of Automatic Facial Recognition and Surveillance Is Here

Top Computer Security Expert Warns – David Cameron’s Plan to Ban Encryption Would “Destroy the Internet”

In Liberty,
Michael Krieger

Like this post?
Donate bitcoins: 35DBUbbAQHTqbDaAc5mAaN6BqwA2AxuE7G


Follow me on Twitter.

13 thoughts on “A Dire Warning – ‘Someone Is Learning How to Take Down the Internet’”

  1. So questions::

    If Verisign’s .com and .net capabilities were digitally whacked off, as it were, ¿ would .gov and .mil still work ?

    I am heard few mentions of Web 2.0 that is available to “those in the know.” ¿True? ¿ Would it be affected ?

    “It’s tough being a Cynic these days because it is SO MUCH WORK to keep up!” ––Lily Tomlin

    Reply
    • Web 2.0
      web to͞o point ˈō/
      noun
      the second stage of development of the World Wide Web, characterized especially by the change from static web pages to dynamic or user-generated content and the growth of social media.

      We’re in web 2.0 now.

  2. “We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.”

    My first guess would be another false flag is on the horizon…our “owners” already want total control of the internet…no better way to get it than create a major internet attack/hack/disruption then blame it on someone else (as usual) then offer that the only way for them to keep it “safe” and operating without another major attack/hack/disruption is for us to allow them to have complete control of it.

    Of course it won’t be called “complete control”…and you won’t be able to read the fine print after it’s been passed into law…but at least it will have a really cute-sounding acronym as it’s title that the propagandists will spew about endlessly. Hopefully there will be some sort of honestly involved and they can call it what it is: BOHICA

    Reply
    • Scott, I’m thinking along the same lines. But my thoughts are a little different. America has declared that a cyberattack by a foreign government would be considered an act of war. They then concluded that this would justify use of conventional weapons in retaliation, and warned that they would follow through on this threat. It’s obvious that our current administration and military complex are desperately seeking war with Russia and China. What if the NSA is attacking our own internet system and framing China as the culprit, so as to create a false flag event – which then justifies starting a conventional war? Why else would they have come out with this declaration of intent, but to set the stage? The clues are in the article: “The data I see suggests China…On the other hand, it’s possible to disguise the country of origin for these sorts of attacks.” I bet the NSA has more information on who is doing this! Especially if they’re the ones doing this! This country is being attacked over and over by it’s own government, and the people have no idea. Given the fact, that since Pearl Harbor the pattern of attacks on this country has pointed directly toward US government involvement, instigation or faking of attacks, it makes more sense to me that they are behind this as well.

  3. My first thought is that this is a false flag being prepared for when they cannot keep the system together and it collapses. They could shut down the internet, blame it on China/Russia, escape blame for 100 years of corruption AND start a nice fresh war to boot. A great day for the Deep State.
    Hopefully, just the misguided cynic in me – but it feels like their playbook these days.

    Reply
    • “While a pro group might use something obvious like that occasionally, it’d be for something like misdirection – to disguise the “real” probing being done covertly. ”

      Precisely. While everyone is focusing on the thousands and millions of hits “over there”, the real probe of 3 or 4 packets is taking place “over here” and gets lost in all the noise, unless you know what to look for. And a network CAN be successfully probed with just a few packets.

  4. Sorry but this is pure FUD. It’s China, that’s no secret to anyone who’s been paying attention for the past 6-7 years or so, and there’s probably not a whole lot to worry about. Chinese engineers/hackers think they’re the cat’s meow, but they’re frankly dumbasses with little or no creativity or skill. Also, while Schneier is intimating that this is a concerted attempt to “take down the internet” (probably impossible using DDOS), no one I’ve spoken to – which includes high level FBI experts – has any idea what they’re actually up to. They seem to just be exploring; they will “attack” things using very unsophisticated methods like brute force password attempts and DDOS attacks from 3-4 sources (a really sophisticated DDOS attack uses thousands of sources), but that’s all. These methods are open, obvious, and really easy to spot and block. They also don’t change up their methods often; I’ve seen these guys attempt to hack the same firewall using the same brute force “dictionary” password set for weeks from exactly the same IP. Block them, turn it back on in 4 days, they’re still there banging away (as if they never figured out that everything they sent was bouncing).

    That’s not how the real pros operate. Look at the serious “takedown” ops over the past 15 years (stuxnet etc) and you’ll see what I mean. While a pro group might use something obvious like that occasionally, it’d be for something like misdirection – to disguise the “real” probing being done covertly.

    Also, regarding his NSA comment – the NSA loves this shit. No way in hell would they stop it; it’s like throwing straight level fastballs at a cleanup hitter. They’ll set up “honeypot” networks to invite attack, allow the breach, and then just sit back and observe these guys for awhile (possibly installing some quiet monitoring/listening routines on the attacking systems as well). Because China will suck up any information they find (they love americans’ health records for some reason), NSA will load up these honeypots with bullshit data for them to vacuum up and then watch for it to reappear – or just to corrupt whatever information database was being built from it.

    The reason there hasn’t been a declared incident is because they’re just not really causing any damage, and likely the benefits NSA/CIA/etc gets from it far outweigh the drawbacks. It’s annoying, maybe, but that’s about all. And, sorry Schneier, but the idea that they’re going to “take down the internet” is pretty ridiculous. That’s like expecting a kid with a pop gun to take out an armored cav division.

    Reply
  5. We wont need the net soon anyway, as soon no-one will have any money for paying, as the banks will steal it, those with stock and shares will lose it, plus those with crypto-currencies, only those with Precious Metals will manage. The Internet is NOT needed, it will create work!

    Reply
  6. It doesn’t make sense for it to be China or Russia- both are heavily criticised by the propaganda of the Western MSM. They get better publicity via the Internet and China controls its internal internet quite well.

    The motive for taking down the Internet is with the Western shadow government- the big banks and what is widely known as the Cabal. They are losing control of the narrative. Taking the Internet offline returns control of narrative to their controlled MSM.

    The pieces are in place to put the Western world under martial law. If the BRICS, led by China and Russia continue to develop a non-US$ system, then the $US will lose reserve currency at some point. The massive debts can no longer be kicked down the road. To avoid this – either WW-III or less likely to kill us all – a massive economic collapse that they can control that takes down the whole world.

    Reply
  7. Mike, Thanks for writing this. I’m aware through work of exactly this rising threat.

    Please tell your readers to prepare themselves simply by keeping the FireChat app on their phones. (I have no affiliation). You don’t need to use it now. But if the Internet goes dark, you will need it more than you know — as has already been proven in multiple international scenarios where foreign governments pulled the plug.

    Reply

Leave a Reply