Someone is learning & practicing how to take down the Internet

Bruce Schneider is an expert in cyber-security, the Chief Technology Officer of Resilient, an IBM Company, a fellow at Harvard’s Berkman Center, and a board member of Electronic Frontier Foundation — an organization defending our rights in the digital world.

In a blog post, Schneider sounds the alarm that in the past year, the websites of major companies that provide the Internet’s basic services repeatedly have been attacked, each time more sophisticated than the last, which suggests “someone” is practicing how to take down the Internet by learning from the companies’ defensive moves.

Below is Bruce Schneider’s blog post of Sept. 13, 2016, “Someone is Learning How to Take Down the Internet“:

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it’s overwhelmed. These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

BenLurkin has pointed out that: "Someone is learning & practicing how to take down the Internet" and has invoked the list, so...

For when the INTERNET goes down and quits working completely (Sorta like Congress only funner)
I've created a FRee Republic Emergency Ping list (as suggested by mitch5501 ) called:
The "The INTERNET isn't working" ping list:
IF you would like "ON' or "OFF the list FReep Mail me OR ping me in a thread with your request. This will not be a High Volume Ping list (Well at least we hope the INTERNET doesn't quit working frequently)

"So let it be written. So let it be done."
The List: mitch5501; Rocky; Pajamajan; Mad Dawgg; hoosiermama; SE Mom; null and void; BenLurkin; bigheadfred; redhead; berdie; Old Sarge; wyokostur; GeronL; TheOldLady; ducttape45; Gefn; IYellAtMyTV; Redcitizen; LonePalm; garandgal; Fiddlstix; bt_dooftlook; liberalh8ter; Mercier; Truth29; PA Engineer; citizen; bleach; Greetings_Puny_Humans; TangoLimaSierra; Chickensoup; rexiesmom; FourtySeven; RinaseaofDs; RikaStrom; ozarkgirl; Grimmy; Jet Jaguar; silverleaf; tcrlaf; Red Badger; mumblypeg; LadyBuck; Bookwoman; RinaseaofDs

And for those of you asking how the ping list works when the internet goes dark:

Yes, all those low level stock clerks and accountants who were discharged because the new Internet-based inventory management systems made their positions irrelevant would, as if by magic, become relevant again.

More seriously, some management of inventory might be possible using computers in offline mode. But the choke point would be the mail systems and public telephone system. Everything would now have to be ordered by letter or by telephone (assuming the latter still worked in degraded form). Since many of these communications systems now control internal functions using Internet-based cloud applications, they would also have to go back to the older paper and analog telephone systems. Ditto for manufacturers, etc. Mass communication would be limited to broadcast television and radio once they too had recovered in degraded form from the loss of the Internet. Assuming no EMP attack to accompany taking down the Internet (a big assumption to be sure), essentially a return to the mid-1980s but with better stand alone computing systems. A lot lost but not everything.

Crippling to be sure. Fatal in time of war? Maybe. With the dramatic reduction in forces heralded by the end of the Cold War, efficient use and support of what remains is vital. Most of that efficiency is based on the rapid communication of information. The Internet facilitates the movement of information but does not generate the information per se. Modern governments do harden their networks against interdiction and disruption. But this is generally limited to military command and control and critical infrastructure. “Disaster recovery” both electronic and physical is part of contingency planning for larger businesses. But how many medium and small businesses have made any such preparations? Probably very few.

In a short war scenario, capability is based on existing forces and their resupply from prewar stocks. The longer the fighting continues, the greater the necessity to generate new forces and refit/refresh existing ones. In short, the emphasis shifts from the adequacy of prewar preparation to sustaining logistics. During a long war, the advantage goes to the side(s) that have the most effective (not necessarily the most efficient) logistics infrastructure. The use of the Internet (or some equivalent publicly accessible wide area network) is a part of that infrastructure. But it is not ALL of what is required. Probably even more critical is manufacturing capacity and transportation infrastructure. Being able to rapidly communicate orders for goods and services that cannot be filled doesn't generate combat capability.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.