Taking down the internet

MORE ON CSO:10 tips to make sure you are ready when a disaster strikes

Schneier said the probing has been done mainly with calibrated Distributed Denial-of-Service (DDoS) attacks, which overwhelm a site with so much data that it cannot respond to legitimate traffic.

DDoS attacks are nothing new – activist and criminal hackers use them all the time. What distinguishes these is their profile.

Schneier said he had spoken with leaders of several companies – who all demanded anonymity – that operate elements of the “backbone” of the internet, and they had all told him similar stories.

It feels like China. You can hide the origin of a lot of attacks, but it is harder to hide the origins of a DDoS. And this doesn’t seem like their (the NSA’s) style.”


Bruce Schneier, CTO of Resilient Systems

“These attacks are significantly larger than the ones they're used to seeing,” he wrote. “They last longer. They're more sophisticated. And they look like probing.”

That, he said both in his post and a later interview with CSO, is because of their “style” – over time, the volume of the attack increases, to the point of the defense system’s failure. They also employ multiple attack vectors, “so they force the companies to use all their defenses at once.”


He suggested it was the digital version of what the US did during the Cold War, when the US would fly high-altitude planes over the Soviet Union to force them to turn their air defense systems on, which would then let the US map their capabilities.

“We didn’t do it because we’re evil,” he said. “We just wanted to know – just in case.”

He said these attacks look like they’re coming from a nation-state – probably China. While some responses to his post have said it may be the US National Security Agency (NSA) doing a sort of “stress test” on the internet, Schneier doubts that. “It feels like China,” he said. “You can hide the origin of a lot of attacks, but it is harder to hide the origins of a DDoS. And this doesn’t seem like their (the NSA’s) style.”

Dan Kaminsky, security researcher and chief scientist at White Ops, agreed. “I don't think the NSA is doing it, because it'd very much surprise me if they needed to,” he said.

MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers

Schneier also pointed to a recent quarterly report from Verisign, the registrar for many popular top-level Internet domains, like .com and .net., which reported a 75 percent increase in attacks, year over year, with an average peak attack size of 17.37Gbps (Gigabits per second), an increase of 214 percent.

That pales in comparison with the recent record 620Gbps DDoS attack against the website of security blogger Brian Krebs, and Schneier said the Verisign report doesn’t have the level of detail he got from the anonymous industry leaders he spoke with, but he said, “the trends are the same.”


He added that since his blog post, he has heard from three other companies that support the Internet’s “backbone,” and they have also told him they are seeing same thing.

So how worried should the US be? Is this just some cyber Cold War maneuvering, or a potentially catastrophic threat?

Most experts say they think it needs attention, but see it more as maneuvering than an imminent increase in danger to the integrity of the internet.

Sam Curry, chief product officer at Cybereason, said based on his observations, “risk levels haven't changed. It's an interesting hypothesis that needs more data points, but watch out for confirmation bias going forward.”

Risk levels haven't changed.

sam curry

Sam Curry, chief product officer, Cybereason

There is little disagreement, however, that a massive DDoS attack could disable portions, or even all, of the internet for some period of time.

Kaminsky called Schneier a “highly credible source,” and said he believes some hackers actually can take down the internet, in part because, “the damage from cyberattacks keeps growing and the risk perceived by attackers keeps shrinking.”

WANT MORE SECURITY NEWS: Sign up for CSO's security newsletters

This, he said, applies especially to nation-states, which have figured out that, “while their militaries might be trivially overrun, their hackers aren't.


<!-- DFP Creative ID: 113063037656 --><!-- wrapper header --><!-- Ad Tags for IDGInfluencerNetwork_300x250 --><!-- Base size of ad: 300x250 --><!-- Placements: 6 --><!-- Placement: IDGInfluencerNetwork_300x250_techinfluncercommunity_nww --><!-- Placement ID: 5b33d706-caff-463c-b302-a64af25cbdee --><!-- Placement Size: 300x250 --><!-- Ad Server: DFP -->