Unknown attackers have been testing the defenses of companies that run critical parts of the Internet, possibly to figure out how to take them down, cybersecurity expert Bruce Schneier warned Tuesday.
Large nation states — perhaps China or Russia — are the likely culprits, he suggested.
“Nation state actors are going to probe to find weaknesses in all of our technologies,” said Travis Smith, senior security research engineer at Tripwire.
They “want to know what can be done not only in the event of a cyberwar but a kinetic war as well,” he said.
The Growing DDoS Threat
The easiest way to take a network off the Internet is with a distributed denial of service attack, Schneier said, and some of the targeted companies recently have been hit with DDoS attacks that are significantly larger, longer lasting, and more sophisticated than before.
The attacks typically ramp up to a particular level then stop. They resume at that higher level and then continue ramping up, as if the attackers are looking for the network’s exact point of failure, Schneier speculated. The attacks use multiple vectors, forcing targets to deploy all of their defenses, thus disclosing their capabilities.
Because the attackers’ whereabouts are unknown, potential targets can do nothing to ward them off, Schneier said. The data seems to indicate China is behind them, but it’s possible to disguise the country of origin.
DDoS and other attacks hit record heights in the second quarter of this year, Akamai reported. DDoS attacks rose 23 percent over the number recorded in Q4, 2015, and Web application attacks increased 26 percent.
Targets suffered a greater number of repeat DDoS attacks — 29 on average. Multivectored attacks increased, as did mega-attacks of more than 100 Gbps using simple attack vectors.
Possible or Not?
State actors “are probably looking at a number of different ways to disable parts or all of the Internet,” commented Paul Mockapetris, coinventor of the domain name system, currently chief scientist at ThreatStop.
DDoS is one of the ways to do that, and “I would imagine state actors would attack routing systems as well,” he said.
The attacks would be most effective against shared commons — the public resources on the Web — but “people could go back to the system of partitioning the Internet,” Mockapetris suggested. “Those who have their own protected network will continue to have Internet access.”
A takedown of the entire Internet is not going to happen, contended Martin McKeay, security advocate at Akamai, because “it’s a whole bunch of networks, and you’re not going to take it down unless you take down all the circuits. You can take down a company, an organization, or part of a government — but you can’t really take down the Internet as a whole.”
Communications links are too widespread for a global attack to succeed, he explained. There are “a couple dozen terabit circuits from San Francisco alone, to Hong Kong and Tokyo and other places.”
The largest network layer attacks seen so far, approaching 500 Gbps, “are an order of magnitude smaller than the bandwidth capacity the largest transit providers and ISPs manage,” noted Tim Mathews, vice president of the Incapsula product line at Imperva.
“With proper DDoS protections in place, most attacks would be stopped in their tracks,” he said.
The loss of utilities and emergency services resulting from an Internet takedown could “promote the establishment of militia groups” and, possibly, a breakdown of society, warned Michael Patterson, CEO of Plixer. “Imagine your neighbors excluding you from protection because you have no resources to share.”
The responsibility to safeguard the Internet from attacks “has fallen largely on service providers,” he said.
In the short run, banks and other businesses could sustain considerable economic losses if the Internet went down and they lost ephemeral transactional data, Akamai’s McKeay suggested, but “long-term outages aren’t a problem.”
892 total views, 1 views today