SoylentNews is people
SoylentNews
https://www.lawfareblog.com/someone-learning-how-take-down-internet
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.
Sounds like as good a reason as any to develop a more distributed internet. Fight fire with fire - When the attacks are distributed denial of service on centralized systems, the solution is decentralization and distributed delivery of service (P2P).
This discussion has been archived.
No new comments can be posted.
Bruce Schneier: Someone is Learning How to Take Down the Internet
|
Log In/Create an Account
| Top
| 45 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
I'm mentally OVERDRAWN! What's that SIGNPOST up ahead? Where's ROD
STERLING when you really need him?
(Score: 4, Informative) by NotSanguine on Friday September 16 2016, @12:53AM
> I expect that both Russia and China have already figured out how to take the whole thing down quickly,
That's what this is about figuring out.
You've got some magic way of taking it down?
No magic necessary.
Large enough sustained DNS Amplification [us-cert.gov], UDP Flood [wikipedia.org] ((and potentially, DNS hijacking [wikipedia.org]) attacks could wreak havoc for Internet users in the region(s) affected.
That, combined with sustained DOS attacks [wikipedia.org] against other critical infrastructure (such as military/government networks, banks and other financial institutions, Tier I and II network providers, etc., etc., etc.) targets could negatively impact public and private entities for extended periods.
In order to do something like that, you'd need a lot of resources (like a state actor might have). Even without such resources, a non-state actor could cause significant impact on a smaller subset of infrastructure resources too.
So. No magic required. Just resources and the (fairly minimal) knowledge to obtain and use tools that already exist.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Friday September 16 2016, @08:40AM
> In order to do something like that, you'd need a lot of resources
Are you serious?
You just described the attacks Schneier is talking about.
So again I ask. How do Russia and China magically know how much resources it will take without actually measuring?
Your mod points are unearned.
(Score: 2) by NotSanguine on Friday September 16 2016, @09:10AM
You asked:
You've got some magic way of taking it down? [soylentnews.org]
And I responded.
I stand by what I wrote. If you don't like my answer, post your own. Or don't. Either way, it's no skin off my nose.
I'll give you the tl;dr version, just for giggles: There's no magic. There isn't even anything very original or difficult. It's a matter of scale rather than artistry or know-how.
As for the mod points, I have no control over what other people do, and I can't mod my own posts. If you feel strongly enough about it, you could always log in and mod me down if you like. Again, it's no skin off my nose.
If you'd like to join the discussion, you're welcome to do so. Or you can continue to make snarky comments on a topic which you appear to be not very familiar. And that's cool too.
Whatever blows your skirt up, honey.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by NotSanguine on Friday September 16 2016, @09:28AM
So again I ask. How do Russia and China magically know how much resources it will take without actually measuring?
Oops. I see what's got your knickers in a twist now. I made no claims about what China or Russia knows/has or doesn't know/doesn't have. That was another poster. I'm not the AC [soylentnews.org] or Bob_Super [soylentnews.org]. Those are the guys who made that claim.
As such, I didn't try to support their claims, I answered a specific question you asked. Oh, and you're welcome.
I will say that given the resources (in money, infrastructure and people) that Russia and China have available to them, it would be unsurprising if they did, in fact, have a pretty good idea what it would take to effect significant and devastating attacks against large swathes of the Internet.
That said, I have no specific knowledge (I'm not an intelligence analyst focused on China and Russia, nor have I put much effort into investigating their capabilities) about what Russia and China capabilities may be. Which is why I didn't address that.
However, I do know networks and network security. The tools to effect such attacks exist and are relatively easy to use and manage, even with a large-scale attack.
I repeat my invitation to engage with the rest of us in productive discussion.
You might also want to thumb through this [yourcoach.be]. You might find it useful in the future.
No, no, you're not thinking; you're just being logical. --Niels Bohr