Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Bruce Schneier: Someone is Learning How to Take Down the Internet

posted by takyon on Thursday September 15 2016, @07:07PM   Printer-friendly
from the points-of-failure dept.

An Anonymous Coward writes:

https://www.lawfareblog.com/someone-learning-how-take-down-internet

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.

Sounds like as good a reason as any to develop a more distributed internet. Fight fire with fire - When the attacks are distributed denial of service on centralized systems, the solution is decentralization and distributed delivery of service (P2P).

Original Submission

 
This discussion has been archived. No new comments can be posted.
Bruce Schneier: Someone is Learning How to Take Down the Internet | Log In/Create an Account | Top | 45 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday September 15 2016, @09:28PM

    by Anonymous Coward on Thursday September 15 2016, @09:28PM (#402483)

    > I wouldn't put China and Russia on that list, because I expect that they already know what to do to.

    Lolwut?

    The US is suspect but China and Russia aren't because "they already know" how much firepower it will take to overwhelm the servers of a bunch of US corporations?

    LOGIC!!!!

  • (Score: 2) by bob_super on Thursday September 15 2016, @09:41PM

    by bob_super (1357) on Thursday September 15 2016, @09:41PM (#402489)

    I didn't say that the US is suspect. The US is known to be able to turn off all the root servers and most of the international traffic within minutes. No need to probe the windows discreetly when everyone knows you have the door keys.

    I expect that both Russia and China have already figured out how to take the whole thing down quickly, and wouldn't need to bother probing in a significant way. Maybe at a lower level, to affect sites carrying specific damaging news, but not in a warfare context.

    • (Score: 0) by Anonymous Coward on Thursday September 15 2016, @10:39PM

      by Anonymous Coward on Thursday September 15 2016, @10:39PM (#402510)

      > I expect that both Russia and China have already figured out how to take the whole thing down quickly,

      That's what this is about figuring out.
      You've got some magic way of taking it down?

      • (Score: 4, Informative) by NotSanguine on Friday September 16 2016, @12:53AM

        by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Friday September 16 2016, @12:53AM (#402558) Homepage Journal

        > I expect that both Russia and China have already figured out how to take the whole thing down quickly,

        That's what this is about figuring out.
        You've got some magic way of taking it down?

        No magic necessary.
        Large enough sustained DNS Amplification [us-cert.gov], UDP Flood [wikipedia.org] ((and potentially, DNS hijacking [wikipedia.org]) attacks could wreak havoc for Internet users in the region(s) affected.

        That, combined with sustained DOS attacks [wikipedia.org] against other critical infrastructure (such as military/government networks, banks and other financial institutions, Tier I and II network providers, etc., etc., etc.) targets could negatively impact public and private entities for extended periods.

        In order to do something like that, you'd need a lot of resources (like a state actor might have). Even without such resources, a non-state actor could cause significant impact on a smaller subset of infrastructure resources too.

        So. No magic required. Just resources and the (fairly minimal) knowledge to obtain and use tools that already exist.

        --
        No, no, you're not thinking; you're just being logical. --Niels Bohr

        • (Score: 0) by Anonymous Coward on Friday September 16 2016, @08:40AM

          by Anonymous Coward on Friday September 16 2016, @08:40AM (#402679)

          > In order to do something like that, you'd need a lot of resources

          Are you serious?
          You just described the attacks Schneier is talking about.
          So again I ask. How do Russia and China magically know how much resources it will take without actually measuring?

          Your mod points are unearned.

          • (Score: 2) by NotSanguine on Friday September 16 2016, @09:10AM

            by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Friday September 16 2016, @09:10AM (#402683) Homepage Journal

            You asked:

            You've got some magic way of taking it down? [soylentnews.org]

            And I responded.

            I stand by what I wrote. If you don't like my answer, post your own. Or don't. Either way, it's no skin off my nose.

            I'll give you the tl;dr version, just for giggles: There's no magic. There isn't even anything very original or difficult. It's a matter of scale rather than artistry or know-how.

            As for the mod points, I have no control over what other people do, and I can't mod my own posts. If you feel strongly enough about it, you could always log in and mod me down if you like. Again, it's no skin off my nose.

            If you'd like to join the discussion, you're welcome to do so. Or you can continue to make snarky comments on a topic which you appear to be not very familiar. And that's cool too.

            Whatever blows your skirt up, honey.

            --
            No, no, you're not thinking; you're just being logical. --Niels Bohr

          • (Score: 2) by NotSanguine on Friday September 16 2016, @09:28AM

            by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Friday September 16 2016, @09:28AM (#402690) Homepage Journal

            So again I ask. How do Russia and China magically know how much resources it will take without actually measuring?

            Oops. I see what's got your knickers in a twist now. I made no claims about what China or Russia knows/has or doesn't know/doesn't have. That was another poster. I'm not the AC [soylentnews.org] or Bob_Super [soylentnews.org]. Those are the guys who made that claim.

            As such, I didn't try to support their claims, I answered a specific question you asked. Oh, and you're welcome.

            I will say that given the resources (in money, infrastructure and people) that Russia and China have available to them, it would be unsurprising if they did, in fact, have a pretty good idea what it would take to effect significant and devastating attacks against large swathes of the Internet.

            That said, I have no specific knowledge (I'm not an intelligence analyst focused on China and Russia, nor have I put much effort into investigating their capabilities) about what Russia and China capabilities may be. Which is why I didn't address that.

            However, I do know networks and network security. The tools to effect such attacks exist and are relatively easy to use and manage, even with a large-scale attack.

            I repeat my invitation to engage with the rest of us in productive discussion.

            You might also want to thumb through this [yourcoach.be]. You might find it useful in the future.

            --
            No, no, you're not thinking; you're just being logical. --Niels Bohr