Security Expert claims hackers are looking to "shut down the internet"

[Master Disaster]

Security Expert Bruce Schneier has analysed recent attacks and he claims the hackers, likely Russian or Chinese, are probing Internet defence to find its breaking point and identify the point at which the entire Internet will fail. 

Quote

In a blogpost, security guru Bruce Schneier said "precisely calibrated" attacks on key net firms had been seen for over a year.

The attacks sought weaknesses in the defences of organisations that oversaw critical parts of the net, he said.

He said his "first guess" was that either China or Russia was behind the series of attacks.

Responding to his comments, one security firm said the range of attacks he described was "the new normal" for many organisations.

The hackers used well-known distributed denial of service (DDoS) attacks to probe defences, wrote Mr Schneier.

He claims he has identified patterns to the attacks which points to them being organised probes rather than malicious attacks. 

Quote

These attacks typically seek to knock a site offline by overwhelming it with data. They are often used by extortionists who threaten to cripple a site via DDoS unless its owners pay a fee.

Mr Schneier said the DDoS attacks observed against core net firms had a different character. To begin with they were "significantly larger" and lasted longer than most such attacks.

They were also more sophisticated because the amount of data being directed at victims was slowly turned up. Often, he said, the peak data rate of one series of attacks would be the starting point for the next wave.

The attackers also sought to find out what digital defences firms could muster by employing several different types of DDoS attack.

"It's as if the attacker were looking for the exact point of failure," he said.

Other attacks on the net's addressing system had also been seen that, together with the DDoS probes, revealed a worrying pattern, he said.

"Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services," he wrote.

Of course he is unwilling to reveal exactly which attacks he analysed, which is understandable but a separate report by Verisign seems to "lend weight" to his conclusion. 

Quote

Mr Schneier did not reveal which firms had been hit in the attacks as the victims had shared information with him under a guarantee of anonymity.

 

Information gathered on DDoS attacks by net giant Verisign lent weight to Mr Schneier's conclusions. In the latest edition of a regularly issued report, it said it had seen DDoS attacks become "more frequent, persistent and complex".

http://www.bbc.co.uk/news/technology-37360814

 

Interesting stuff but I'm not sure I believe his conclusion. TBH I'm wondering if his tinfoil hat is a little too tight. 

 

Thoughts? 

Edited September 14, 2016 by Master Disaster
Updated title to reflect change in source article title

[JCBiggs]

yeah... i don't think that people who think they can crash the entire internet, really understand how the internet actually works.  its designed to survive nuclear war in every major city in the world..  and in the unlikely even the "net" does fail... some basic re-configs can build city wide intranets with basically the same function. Then there is the mesh networks......yeah.. im not worried. 

 

 

 

not to mention.. the ai is already selfaware and working in the background to keep itself viable.

[Bittenfleax]

2 minutes ago, JCBiggs said:

yeah... i don't think that people who think they can crash the entire internet, really understand how the internet actually works.  its designed to survive nuclear war in every major city in the world..  and in the unlikely even the "net" does fail... some basic re-configs can build city wide intranets with basically the same function. Then there is the mesh networks......yeah.. im not worried. 

 

 

 

not to mention.. the ai is already selfaware and working in the background to keep itself viable.

I guess it is for more countries. Not the "whole" internet.

 

If they are good enough which I think they probably are, they could hit the right places and take down exchanges etc crippling countries or large areas. And for the ai, that's great, but there is always vulnerabilities. Or even back doors for government use which the hackers can exploit. It is not like they will create a closed system of which they have no control over - especially if it is self adapting.

 

[Railgun]

4 minutes ago, JCBiggs said:

not to mention.. the ai is already selfaware and working in the background to keep itself viable.

Illuminati confirmed

 

 

Anyways, one does not simply turn off the internet so gg security expert theory

 

[JCBiggs]

agreed that attackers could seek vulbnerbilities to crash exchanges, markets, induvidual power companies...etc..... but the essence of the post was cutting off the entire internet...which outside of a complete and utter breakdown of physics, is practically impossible. 

[Master Disaster]

1 minute ago, Railgun said:

Illuminati confirmed

 

 

Anyways, one does not simply turn off the internet so gg security expert theory

 

I don't know. I mean if you simultaneously hit enough data centers at the same time I'm sure you could create pretty big problems for a very large number of people around the globe. 

 

I just doubt that's their intention and even if it was that they have access to enough bandwidth to pull it off. 

[JCBiggs]

i think you misunderstand... you cant "turn it off"   the best you could do is knock out all the major links between cities.  maybe you could implant some virus that maunally configured every ip address to something that wouldnt connect... but at the end of the day, it would be fixed and right back on.  the internet is like the hydra. you cut off its head and 2 more pop up... its simply impossible. 

[Master Disaster]

Just now, JCBiggs said:

i think you misunderstand... you cant "turn it off"   the best you could do is not out all the major links between cities.  maybe you could implant some virus that maunally configured every ip address to something that wouldnt connect... but at the end of the day, it would be fixed and right back on.  the internet is like the hydra. you cut off its head and 2 more pop up... its simply impossible. 

Yeah, agreed. Its more of an inconvenience than disabling it fully. 

[KuJoe]

Is it just me or does this "security expert" not understand how BGP works? One peer goes down it has no impact on the rest of the internet and there are no "key" routers that are required for BGP to work.

[LabRat]

I'm not worried about that. I think at this point any Government anywhere* can "disconnect" if they want to in the name of " National Security". What worries me most is censorship. The net is here for people around the world to communicate openly and freely without any government/corporate intervention and that's the way it should be. Unfortunately it's not the case and it's constantly under attack, even as you read this, even in the United States. What do you think worries the power structure?

 

[Master Disaster]

6 minutes ago, KuJoe said:

Is it just me or does this "security expert" not understand how BGP works? One peer goes down it has no impact on the rest of the internet and there are no "key" routers that are required for BGP to work.

I get the impression he thinks the plan is to simultaneously hit many key points of access with just enough data to stop them working causing a snowball effect. Basically everyone on the planet is being forced through 25% of normal operating capacity causing everything to cease up. 

 

That could theoretically work, assuming they had enough bandwidth to pull it off but as has already been pointed out, at most it would be a temporary inconvenience, nothing more. 

[KuJoe]

Just now, Master Disaster said:

I get the impression he thinks the plan is to simultaneously hit many key points of access with just enough data to stop them working causing a snowball effect. Basically everyone on the planet is being forced through 25% of normal operating capacity causing everything to cease up. 

 

That could theoretically work, assuming they had enough bandwidth to pull it off but as gas already been pointed out, at most it would he a temporary inconvenience, nothing more. 

We're already writing a better article than he did.

[System Error Message]

Have you seen the routers used in these exchanges? They're cisco blade server routers with so much CPU and memory. I dont think you could crash them with DDoS or hacking with the amount of hardware resource that they have, the best you can do is just saturate a few links which wouldnt make them crawl to a halt. The only way would be launching missiles at this facility.

 

DDoS is a brute force type of attack, its not a hack. Hacking would mean exploiting like sending a packet that causes a buffer overflow eventually causing it to crash. So we can say the chinese and russians arent hackers, just script kiddies.

[JCBiggs]

21 minutes ago, System Error Message said:

Have you seen the routers used in these exchanges? They're cisco blade server routers with so much CPU and memory. I dont think you could crash them with DDoS or hacking with the amount of hardware resource that they have, the best you can do is just saturate a few links which wouldnt make them crawl to a halt. The only way would be launching missiles at this facility.

 

DDoS is a brute force type of attack, its not a hack. Hacking would mean exploiting like sending a packet that causes a buffer overflow eventually causing it to crash. So we can say the chinese and russians arent hackers, just script kiddies.

They are 3L1tE  yo!

[Master Disaster]

15 minutes ago, System Error Message said:

Have you seen the routers used in these exchanges? They're cisco blade server routers with so much CPU and memory. I dont think you could crash them with DDoS or hacking with the amount of hardware resource that they have, the best you can do is just saturate a few links which wouldnt make them crawl to a halt. The only way would be launching missiles at this facility.

 

DDoS is a brute force type of attack, its not a hack. Hacking would mean exploiting like sending a packet that causes a buffer overflow eventually causing it to crash. So we can say the chinese and russians arent hackers, just script kiddies.

And even if they did exploit a vulnerability to cause a crash we're still back to temporary inconvenience. 

[VerticalDiscussions]

Quick my fellow cybersecurity habitants of planet earth, let us begin Operation Sentinel Shadow to overcome the Russians and Chinese with our bits power!

 

[Master Disaster]

You know what, I've just thought of a huge issue with this plan. 

 

Assuming they had the bandwidth (let's say they had a botnet of 1 billion PCs) to take down enough data centers to crash the internet. Well as soon as they crash it they lose their DDOS attack and the problem almost instantly goes away. 

[Thaldor]

Shutting down the internet, LoL, good luck with that. Only way to make some great damage would be to target the DNS servers, but then again it's too easy to reroute incoming connections to other DNS servers and it's very unlikely someone would have enough computing power and bandwidth to start crashing every single DNS server out there (every ISP has at least 1 DNS server, Google has at least 2 public and few private DNS servers, Cisco has it's own DNS servers, probably Microsoft and Amazon has few DNS servers, but any way there's a lot of them and probably many are even hidden from public as backups). They would be probably more succeful to try to hack to Googles core and change "request.password" to "return true" and making every single Google account litterally password free (also he damage would be far greater and effect far worse).

 

And really, a DDoS attack? Probably the oldest network attack there is and which can be prevented on so many levels. Only one kind of servers can be crashed now days with DDoS attacks, outdated firmwares and OSs and unattended or poorly attended. And even if they got some server to it's knees and it would be somehow some knot in the internet, it would just go offline and everything else would just find a route around it. You can also think about The PIrate Bay, one internet service that just refuses to die, they try to block it, take down the servers, physically confescate the servers and all they are able to do is to get it off the net for few minutes or few hours the best and it pops up somewhere else. If that kind of technology is available to "consumers" what might someone like Google have in their hands.

 

Also, if against every odd they managed to shut down the internet, it would come back in few minutes. Also the internet is only one "hyper network", darknet would be untouched by closing of the internet, freeweb couldn't care less about closing down the internet not to mention all P2P-networks and private networks and pretty much a lot of other stuff that would be like "oh, the internet closed, well who cares we just can't use Google for few minutes".

[Master Disaster]

8 minutes ago, Thaldor said:

Shutting down the internet, LoL, good luck with that. Only way to make some great damage would be to target the DNS servers, but then again it's too easy to reroute incoming connections to other DNS servers and it's very unlikely someone would have enough computing power and bandwidth to start crashing every single DNS server out there (every ISP has at least 1 DNS server, Google has at least 2 public and few private DNS servers, Cisco has it's own DNS servers, probably Microsoft and Amazon has few DNS servers, but any way there's a lot of them and probably many are even hidden from public as backups). They would be probably more succeful to try to hack to Googles core and change "request.password" to "return true" and making every single Google account litterally password free (also he damage would be far greater and effect far worse).

 

And really, a DDoS attack? Probably the oldest network attack there is and which can be prevented on so many levels. Only one kind of servers can be crashed now days with DDoS attacks, outdated firmwares and OSs and unattended or poorly attended. And even if they got some server to it's knees and it would be somehow some knot in the internet, it would just go offline and everything else would just find a route around it. You can also think about The PIrate Bay, one internet service that just refuses to die, they try to block it, take down the servers, physically confescate the servers and all they are able to do is to get it off the net for few minutes or few hours the best and it pops up somewhere else. If that kind of technology is available to "consumers" what might someone like Google have in their hands.

 

Also, if against every odd they managed to shut down the internet, it would come back in few minutes. Also the internet is only one "hyper network", darknet would be untouched by closing of the internet, freeweb couldn't care less about closing down the internet not to mention all P2P-networks and private networks and pretty much a lot of other stuff that would be like "oh, the internet closed, well who cares we just can't use Google for few minutes".

AFAIK there's hundreds of datacenters around the globe that have DNS servers outside of those you mentioned. I know for a fact there's at least 2 in England (London & Birmingham), plus don't universities also have public DNS servers too? (I know Kent University has a public DNS and mirroring server)  

 

Just pinging (well traceroute) Google returns like 3 or 4 DNS nodes along the route. 

[Thaldor]

1 minute ago, Master Disaster said:

AFAIK there's hundreds of datacenters around the globe that have DNS servers outside of those you mentioned. I know for a fact there's at least 2 in England (London & Birmingham), plus don't universities also have public DNS servers too? 

 

Just pinging (well traceroute) Google returns like 3 or 4 DNS nodes along the route. 

Those that I listed are the big DNS servers. Probably every datacenter and even smaller server clusters have some kind of DNS server to handle some static routes, but they differ from the big servers by that they don't act as consumer DNS servers. Like Google probably has thousands of smaller DNS servers to handle the internal routing, but Google also has 8.8.8.8 and 8.8.4.4 DNS servers that anyone can use to handle their routing to the internet. You don't make a flys shit to attack against some random datacenter DNS server, but if you attack and you're successful to crahs and burn 8.8.8.8 AND 8.8.4.4 you gonna make some serious damage for few seconds to few hours until Google reroutes those IPs to some backup servers (that they probably have). This is because 8.8.8.8 and 8.8.4.4 work as huge start points, many users use them as the start point for internet (when you type down www.google.com you acctually send question to the DNS server "where is www.google.com?" and it aswers with some IP-address and provides you a path to that IP-address, in reality this is somewhat more complicated with hops and stuff, but this is fast basic) and if that goes down, everybody who uses that point looses connection to the internet (except if they have static routes made to some services and sites). Also if you succefully crash and burn both of those you also destroy probably trillions of static and ready made routes and make the internet somewhat slower to everybody since every other DNS server must find out where some sites and services are that were known to be found from 8.8.8.8 and 8.8.4.4.

[Misanthrope]

1 hour ago, System Error Message said:

Have you seen the routers used in these exchanges? They're cisco blade server routers with so much CPU and memory. I dont think you could crash them with DDoS or hacking with the amount of hardware resource that they have, the best you can do is just saturate a few links which wouldnt make them crawl to a halt. The only way would be launching missiles at this facility.

 

DDoS is a brute force type of attack, its not a hack. Hacking would mean exploiting like sending a packet that causes a buffer overflow eventually causing it to crash. So we can say the chinese and russians arent hackers, just script kiddies.

That does sound impressive and from what I've seen as a layman of course, it is.

 

What they're looking for is more akin of the lines of "What's this...CISCO Certified NSA Secret Backdoor do not use!" to gain control not so much DDoS

[Master Disaster]

2 minutes ago, Thaldor said:

Snip

Oh, I meant there's hundreds of public dns servers outside of those you mentioned. 

 

I used to rent a dedicated server which I used to run some game servers. It used to go down quite regularly and they would always blame the London Internet Exchange or the Manchester Internet Exchange for the outages (LINX) which I assumed would be the national DNS servers for the UK. Googling LINX shows they have peering servers in London, Manchester, Edinburgh & Cardiff. I'd always assumed my packets would go from me to my ISP to LINX then onto which ever countries exchange... 

[ScratchCat]

Solution to DNS attack : buy a book with the Ip of every website(Update it every second to make sure it is correct)

[Fetzie]

32 minutes ago, ScratchCat said:

Solution to DNS attack : buy a book with the Ip of every website(Update it every second to make sure it is correct)

So basically set up your own dns server

[spartaman64]

so hackers dont really know how the internet works and are also trying to put themselves out of work?