According to a recent report by Bruce Schneier, hackers may be planning a takedown of the internet. While China and Russia are the likely suspects, it is unknown who is launching the attacks, and if the US government knows they have decided to stay quiet. Schneier has done a very nice job of describing the attacks:
These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.
The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.
According to VeriSign’s (the registrar for .com and .net domains) quarterly report, the most common vector they experienced was, “UDP floods (including Domain Name System (DNS), Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and Chargen).” The next most common vectors were TCP Layer attacks, IP Fragment attacks, and Application Layer attacks.
Schneier says he doesn’t see a motive in the attacks. However, he says “it feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar.”
Martin McKeay, security advocate at Akamai, says a complete internet takedown is impossible because, “it’s a whole bunch of networks, and you’re not going to take it down unless you take down all the circuits. You can take down a company, an organization, or part of a government — but you can’t really take down the Internet as a whole.” He cites the fact that the transoceanic cables have terabit switches, which can handle far more data than the 500Gbps record for the largest attack. Tim Mathews, vice president of the Incapsula product line at Imperva, concurs saying that the attacks “are an order of magnitude smaller than the bandwidth capacity the largest transit providers and ISPs manage.”
In the event the attacks do manage to take down a registrar, such as VeriSign, it would cause a mass blackout affecting many sites and emails. VeriSign manages 143.2 million domain names, including domains for banks, the stock market, and insurance companies. In addition, the attacks could target emergency services, such as 911 and hospitals.
In the end Schneier admits that we can’t really do anything about it, “but this is happening. And people should know.”
Author: Christian Martin