Access to the Internet has become, for many of us, like electricity—a necessity.
Sure, it’s harder to go without electricity for a couple of days than going without the World Wide Web. But imagining an extended Internet outage is distressing for many of us, and when you consider that governments, first responders, hospitals, and businesses rely on Internet access to operate, the idea takes on significantly more weight.
Many Internet outages are regional or local, and stem from powerful weather events or simple equipment failure. Service typically is restored within hours, sometimes a day or two, and we go about our business.
However, it appears that sinister forces causing Internet outages are now emerging, and the potential is there for longer, more widespread service interruptions.
We’ve been reading about various hacks and distributed denial-of-service (DDOS) attacks for more than a few years. The evidence mostly seemed to point to culprits with criminal intent, the chief motive being to steal identities and, ultimately, other people’s money.
Lately, however, the evidence points to state-sponsored actors, probably with cyber warfare on their minds.
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.
One of the telling things about these probes is that some of them appear to be testing the limits of the defenses that the service providers have put in place against DDOS attacks. Again in Schneier’s words:
One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.
This certainly seems like weaponization to me.
Another form of probe that these companies are seeing, according to Schneier, is testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond.
Attacks are increasing
Other attacks have been publicized lately, as well. On October 21, this DDOS attack targeted DynDNS, a service provider that performs DNS translation for a variety of web-based companies, such as PayPal, Amazon, Netflix, Twitter, AirBnB, and others.
DNS stands for Domain Name System, the tool that is used to resolve human-readable addresses (for example, netflix.com) to the appropriate IP address (for example, 192.0.2.53).
Disrupt a service provider like DynDNS, and you can effectively prevent access to a great many web services and businesses we’ve come to rely on.
DynDNS was able eventually to fight off the attack, but the damage was done. The eventual cost to businesses that rely on such services is hard to measure, but no doubt cost millions of dollars.
What do attackers have to gain in these cases? In some cases, an attack can be just to show you can do it. In the case of the DynDNS attack, subsequent analysis indicated that the disruption was the work of script kiddies, the pejorative term to describe relatively unskilled hackers who use scripts or programs developed by others to attack computer systems and networks and deface websites.
In the cases that Schneier describes, however, where seemingly very controlled and calibrated attacks are probing for weaknesses in the Internet backbone, I think the motives are quite different and likely malevolent.
An adversarial nation state that wanted to disrupt a country’s communication infrastructure and wreak psychological damage on its citizens could do so simply by bringing down the Internet for an extended period.
The result for many: no e-mail, no text messaging, no Facebook, no Netflix, no Google, no New York Times.
Effectively, our timely access to information would be drastically curtailed. We’d be cut off from the world around us.
Fortunately, the country’s communications sector has been declared by our government as critical infrastructure. It’s somewhat comforting to know that the country is focused on our communications infrastructure and putting plans in place, in cooperation with the owners and operators of the Internet backbone, to mitigate disruptions.
The question is whether it’s enough. Watch this space.