Earlier this week, cybersecurity expert Bruce Schneier posted a blog titled ‘Someone Is Learning How to Take Down the Internet’. Of course the internet has since gone mad with talk of an ‘internet kill switch’ and the like, with Redditor ThomasJCarcetti professing war: “Taking down internet = taking down my reddit = taking down what I do all day at work = this means war”. While some are happy to sweep Schneier’s suggestion under the proverbial carpet as ‘opinion’ not ‘news’, as bd321035 says in the same thread:
So with Schneier’s expertise acknowledged, let’s take a look at what he’s saying, and why.
According to Schneier, “someone has been probing the defenses of the companies that run critical pieces of the Internet”. This has been going on for the last year or two, and suggests that someone (Schneier suggests a “large nation state”) is trying to figure out how these companies defend themselves, and exactly what would need to be done to take them down.
This isn’t new – companies have been suffering at the hands of hackers for years – but what makes this different, according to Schneier, is that they seem to be focusing on companies that “provide the basic infrastructure that makes the Internet work”, and the attacks are “significantly larger… last longer… [are] more sophisticated. And they look like probing.” He explains that these attacks are “also configured in such a way as to see what the company’s total defenses are.”
Schneier can’t share details as the companies he spoke to about the trend did so “under condition of anonymity”. However, he notes that what’s he’s been told is consistent with a report from Verisign that states “in Q2 2016, attacks continued to become more frequent, persistent, and complex.”
So why does Schneier think this is the work of a nation rather than a hacking group? The scale. The information Schneier has been given by companies he’s spoken to leads him to conclude that “Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.” And this “doesn't seem like something an activist, criminal, or researcher would do” but instead points to espionage and intelligence gathering. When you take into consideration the scale, it suggests “a nation’s military cybercommand”.
Schneier thinks, based on the data, China is a good suspect.
Of Schneier’s post, IDG Connect’s Martin Veitch says, “There are security scares, and ‘security scares’ that are more in the imaginations of the journalists and vendors who need to create them. But if Bruce Schneier says it’s for real, it’s very likely to be for real.” But what of the rest of the industry? Are they worried?
Mike Patterson, CEO and founder at security analytics company Plixer, says, “Many countries and cybercriminals have a long history of targeting the US and other countries around the world. If taking down the Internet will improve one’s position as a world power or to further a political agenda, you can bet someone is trying to do it.”
Nathan Dornbrook, CTO at ECS Security Practice, thinks it’s too early to speculate based on the information Schneier was able to share: “It is not beyond imagination that there may be other actors who may be probing the Internet's defences for good or ill, and there are well funded groups who could develop the capabilities to conduct a systematic reconnaissance of large Internet infrastructures and have motive. There are things he could not share, though, that may have been more conclusive.”
James Parry, technical director at cyber security consultancy Auriga, is less convinced, explaining that “Whoever is launching these probe attacks is either ambivalent or unaware of the fact their actions are detectable… Clearly this is the work of someone with large resources but Schneider's diagnosis is not original. What we've got here is the reconnaissance part of a massive cyber kill chain - a term coined years back by Lockheed Martin... This probing behaviour is consistent with this pattern which would indicate the aim is to compromise or control the Internet - not to take it down.”
Adrian Liviu Arsene, senior e-threat analyst at Bitdefender, is of a similar opinion, saying, “taking down the entire internet is improbable and infeasible, it’s more likely that if the probing is government-sponsored or government-related, then it’s probably focused on strategic key elements that could be of a tactical advantage to them.”
So should we be worried? Maybe.
And what can we do about it? To once again quote Schneier, “Nothing, really.”
PREVIOUS ARTICLE«Tech startups in Berlin, Part 2: The infrastructure
Phil Muncaster reports on China and beyond