Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Internet Censorship Government Technology IT

Cyber Commander Says It's 'Not Realistic' To Shut Down Internet (washingtonexaminer.com) 123

An anonymous reader links to a report on Washington Examiner: It simply would not be possible to shut down areas of the Internet that terrorists use to conduct malicious activity, the head of U.S. Cyber Command told a Senate panel on Tuesday. "In a very simplistic way, people ask why can't we shut down that part of the Internet. ... Why are we not able to infiltrate that more?" Sen. Joe Manchin, D-W.Va., asked Cyber Command leader Adm. Mike Rogers during a hearing on the agency's budget for fiscal 2017. Manchin maintained it was a common question from his constituents. "I've had people ask me, can't you just stop it from that area of the world where all the problems are coming, be it Syria or in parts of Iraq or Iran," he said. "I'm not just trying to find an answer, because that question is asked like shut her down, like you do your telephone, but it doesn't work that way," Manchin concluded.
This discussion has been archived. No new comments can be posted.

Cyber Commander Says It's 'Not Realistic' To Shut Down Internet

Comments Filter:
  • by Anonymous Coward
    If Kim K can do it!!
  • Resilient by design (Score:5, Informative)

    by FrankHaynes ( 467244 ) on Tuesday April 05, 2016 @01:23PM (#51847533)

    Knuckleheads. ARPAnet and MilNet were designed to be resilient against centralized attack and outages.

    "THE INTERNET IS DOWN!! THE INTERNET IS DOWN!!"

    • centralized attack and outages.

      On network infrastructure. I'm not sure they envisioned such wildly insecure and widespread endpoints, even within government (and military!) walls. They envisioned bombs taking out data-centers. They clearly didn't envision the low orbit ion cannon.

      • by Gr8Apes ( 679165 )

        On network infrastructure. I'm not sure they envisioned such wildly insecure and widespread endpoints, even within government (and military!) walls.

        Considering that the original version of the internet had your computer hooked directly to the backbone or pretty close to it with no security features at all as firewalls etc hadn't been developed yet, I'd say they couldn't have envisioned anything else. LAN/MAN/WAN etc were just descriptions of how degraded your connectivity became (across a LAN it was OK, WAN could be a 12Kbps link)

    • That's not the same thing as denying CountryA from accessing the internet. The internet, because of routing, can continue on just fine, but we totally have the power to block or restrict regions from this network, without destroying the network.
      • by guruevi ( 827432 ) on Tuesday April 05, 2016 @02:00PM (#51847853)

        No we don't. The Internet considers censoring as damage and routes around it. Each country has telephone lines and satellite communications. If you shut down the "Internet" from routing through it's common carriers (fiber etc) someone can hang a few thousand 56k modems on their phone systems and call in to their neighbors or even through the censoring country and connect all their traffic that way. Same goes for satellite, just bounce it around a few times and it can come from anywhere.

        That's how Syrians and Iranians were still able to connect after their countries shut down their internets.

        • ... someone can hang a few thousand 56k modems on their phone systems and call in to their neighbors ...Same goes for satellite, just bounce it around a few times and it can come from anywhere.

          WiFi is good for a LONG way, and a lot of bandwidth, too, especially if you use an old big-ugly-dish satellite antenna reflector at one or both ends.

          (Then there's OpenBTS and the like for bringing up cellphones - and bridging them to VoIP - when the government has spiked that network...)

          • by lgw ( 121541 )

            You can still "turn off the internet" for a country you don't like, but it will require bombs to be thorough. Or for an island nation, there will be few enough cables to cut.

            Obviously, TFA was distinguishing between a routing-only solution and military action, but I'm, not sure how legitimate that is. At some point (as dependence on the internet increases) taking a nation off the internet becomes just as much an act of war as sending your navy to blockade trade, at which point you might as well include so

            • How would that effect the sat connections, or even wifi connection that could be setup to route around the damaged undersea cables? I have worked with people doing 25 mile 802.11 hops using a pizza box antenna, it is quite doable. So, unless the country is Australia, I think it won't be an issue getting linkups through your blockade.

        • The Internet considers censoring as damage and routes around it.

          Nice one. Never heard that before.

          routing through it's common carriers

          One, that should be "its". Two, "common carrier" doesn't mean what you think it does.

          Same goes for satellite, just bounce it around a few times and it can come from anywhere.

          That's how Syrians and Iranians were still able to connect after their countries shut down their internets.

          Right. Personal satellite ownership is almost universal in those countries.

          • by guruevi ( 827432 )

            Actually personal satellite dishes and even 2 way transponders for satellites are quite common in the Middle East. That's the primary way that people there get TV and the more rich also get data and phone communication that way. Al Jazeera for example is primarily satellite based broadcasting.

        • by vux984 ( 928602 )

          No we don't. The Internet considers censoring as damage and routes around it

          Not so much anymore.

          Even I had a 100Mbp connections and my neighbor across the border had the same, and we decided to connect them, we'd be able to cross browse, but the internet at large would still be pretty much down because we can't advertise the route.

          And even if we could, the amount of traffic that might try to come through might overwhelm and render the link so saturated as to be useless for all but the simplest tasks. (e.g. anything that needed a tcp connection would suffer too much packet loss to w

          • No we don't. The Internet considers censoring as damage and routes around it

            Not so much anymore.

            Even I had a 100Mbp connections and my neighbor across the border had the same, and we decided to connect them, we'd be able to cross browse, but the internet at large would still be pretty much down because we can't advertise the route.

            So Country A blocks Country B; Country B then gets to Country A via Country C, or via C-D-E-F.

            The option is basically to block everything outside your borders - in which case the Internet becomes an Intranet - or allow everything because if even one Allowed external entity has a route to someone you don't want to have access then that someone can get access to your network.

            And that's not taking into account hopping via Sat-Com or Modems, etc as mentioned in the thread, which is yet another way to dial

            • by vux984 ( 928602 )

              So Country A blocks Country B; Country B then gets to Country A via Country C, or via C-D-E-F.

              You are attacking the wrong problem. Country A doesn't want to block traffic from country B reaching country A. Country A wants to take country B off the internet entirely; and country A is already engaged militarily with B so it has options that include doing stuff IN country B.

              So country A physically destroys the big fiber optic bundles at the borders and disables the satellite uplinks of country B by military force.

              Country B is now pretty effectively cut off from A, C, D, E, F...

              • So Country A blocks Country B; Country B then gets to Country A via Country C, or via C-D-E-F.

                You are attacking the wrong problem. Country A doesn't want to block traffic from country B reaching country A. Country A wants to take country B off the internet entirely; and country A is already engaged militarily with B so it has options that include doing stuff IN country B.

                So country A physically destroys the big fiber optic bundles at the borders and disables the satellite uplinks of country B by military force.

                Country B is now pretty effectively cut off from A, C, D, E, F...

                Except Country A cannot necessarily or even practically prevent Country B from having connections with any other Country (C, D, E, F). Country A can sever connections between Country A and Country B, but that will not prevent connections between Country B and Country C, D, E, or F. Country A can realistically only isolate itself.

                A good example of how this really plays out and how difficult it is to really maintain such an enforcement is the Great Firewall of China. Now they're 99% of the example in that

                • by vux984 ( 928602 )

                  Except Country A cannot necessarily or even practically prevent Country B from having connections with any other Country (C, D, E, F).

                  We simply aren't talking about the same thing.

                  You are trying to deny internet access to individuals in country B. And yes, that is extremely difficult to do.

                  I am talking about denying internet access to the country at large. And that is relatively easy to do. Because those few individuals near the border with satellites that didn't get bombed, or within cellular coverage range (perhaps via custom antenna configurations) they are JUST getting access for themselves and an extremely small local group. They are

                  • Except Country A cannot necessarily or even practically prevent Country B from having connections with any other Country (C, D, E, F).

                    We simply aren't talking about the same thing.

                    You are trying to deny internet access to individuals in country B. And yes, that is extremely difficult to do.

                    I am talking about denying internet access to the country at large. And that is relatively easy to do. Because those few individuals near the border with satellites that didn't get bombed, or within cellular coverage range (perhaps via custom antenna configurations) they are JUST getting access for themselves and an extremely small local group. They aren't restoring the "internet" to that country.

                    Says who? They could set that up and have a connection running to be a provider for the country at large. Heck, the government could do it and provide internet to everyone. I didn't say a thing about *who* did it, just that it could be done - meaning *anyone* could do it, and thus restore connectivity.

                    Or take Mesh Networking into account (802.11s), and again it's accessible to anyone within range of the mesh network - hence the country at large, even if the country at large is routing through a couple Me

                    • by vux984 ( 928602 )

                      I didn't say a thing about *who* did it, just that it could be done - meaning *anyone* could do it

                      That's a really weird definition of 'anyone' can do it. Most people CANNOT do it, and the people who can do it all belong to very specific organizations. That is pretty much the opposite of 'anyone'.

                      Further, even if they've got the ability to advertise new routes locally, good luck being able to get whatever entity they are connected to wirelessly to advertise the route. Best case, the small number of people who might be able to get the domestic internet to route packets along adhoc routes still aren't goin

                    • I didn't say a thing about *who* did it, just that it could be done - meaning *anyone* could do it

                      That's a really weird definition of 'anyone' can do it. Most people CANNOT do it, and the people who can do it all belong to very specific organizations. That is pretty much the opposite of 'anyone'.

                      Further, even if they've got the ability to advertise new routes locally, good luck being able to get whatever entity they are connected to wirelessly to advertise the route. Best case, the small number of people who might be able to get the domestic internet to route packets along adhoc routes still aren't going to be able to get their foreign counterparts to advertise those ad hoc routs, so no packets are coming back.

                      If you want to go there, then you obviously missed the headlines last year that a lot of the Internet infrastructure is open to attack simply because it's extremely trusting that when someone advertises a route they actually own that route. Don't recall if that was fixed or not, but it was actually used to subvert some routes IIRC.

                      Again, it's just a matter of *who* is doing it. If the Country wanted to provide the service, they'll find a way to provide the service, even if it's just for government use

                      Providing individuals internet service really has nothing to do with the internet's ability to route around damage though.

                      Actually it does because the routes that allow one to from A to B to C may be able to be comprised of A->D->C or A->B->D->E->C. The route may not be the most ef

                    • by vux984 ( 928602 )

                      Actually it does because the routes that allow one to from A to B to C may be able to be comprised of A->D->C or A->B->D->E->C

                      I can't tell if I'm not explaining it well, or if you are just being dense. Lets try again, with a specific example.

                      Lets say your home is on Comcast cable for internet.
                      Lets say ALL of comcasts perring links get cut. Everyone on comcast loses their internet. You're internet goes down. Your still getting an ip address from comcast, you can ping other comcast users, but you can't reach anything outside the comcast network. With me so far?

                      Lets say *I* happen to have both comcast cable and verizon wireless inter

                    • Actually it does because the routes that allow one to from A to B to C may be able to be comprised of A->D->C or A->B->D->E->C

                      I can't tell if I'm not explaining it well, or if you are just being dense. Lets try again, with a specific example.

                      Lets say your home is on Comcast cable for internet. Lets say ALL of comcasts perring links get cut. Everyone on comcast loses their internet. You're internet goes down. Your still getting an ip address from comcast, you can ping other comcast users, but you can't reach anything outside the comcast network. With me so far?

                      Lets say *I* happen to have both comcast cable and verizon wireless internet. So I still have internet.

                      There is absolutely nothing I can do to share that link back to comcast and give all those comcast users internet. I simply cannot configure my gear to automagically let comcast know that hey I've still got internet, feel free to route some packets through me; so that suddenly you and all comcasts customers have some internet access again.

                      If comcast has a million customers, and 100,000 of them have random other connections, dialup, sateliite,ceullar, whatever, they all can get internet access, their really is no practical way for them bring *comcast* back 'online' by somehow 'sharing' those links.

                      Well, depends on the policies - namely around whether you have a public IP or and ability to run as a server; most ISPs allow people to run as servers primarily to please gamers. It's actually easier now to get a public IP and server allowance for consumers than it has generally been in the past. And so technically yes you can. That doesn't mean Comcast would be happy about it, but then for your scenario - they'll probably be wanting to talk to improve things because they won't be happy about not being ab

        • by rtb61 ( 674572 )

          So it simply needs a core change in internet protocols, a design changed from all allowed and only some blocked to all blocked and only some allowed. Pretty much what it needs to be to be considered as suitable as an internet for minors, this versus an internet for adults. Basically with an all blocked and only some allowed network, unless it is verified, checked and audited, it's traffic is blocked by default at routers, this means you can not route around that block because you only can route to other blo

          • You're talking about creating a trusted network, and that will never work. Never, ever, ever. It will never work because all you have to do to compromise it is exploit a trusted host, and that is guaranteed to happen.

    • "THE INTERNET IS DOWN!! THE INTERNET IS DOWN!!"

      Yeah, well, with three strikes, it will be in your house. Service provision is conveniently accomplished through a small number of big corporations that will be more than happy to flip the switch and turn off your internet.

    • "The Net interprets censorship as damage and routes around it" -- John Gilmore
    • by Anonymous Coward

      This is pretty much off topic.

      "THE INTERNET IS DOWN!! THE INTERNET IS DOWN!!"

      Helpdesk: "Have you tried going to google.com?"

      Customer: "Oh, that's coming up fine."

    • by Ungrounded Lightning ( 62228 ) on Tuesday April 05, 2016 @03:07PM (#51848307) Journal

      ARPAnet and MilNet were designed to be resilient against centralized attack and outages

      During the evolution from those networks to the current, commercialized, information utility, much of that design was abandoned. We have migrated from an everything-is-redundantly-multiconnected, route around failures, survive a nuclear exchange system to a hierarchy, with a distinction between core and edge, where loss of certain boxes can shut down 10,000 to 100,000 end user sites.

      (That's why those boxes are designed with internal reduncancy, like a telephone exchange. And I know them intimately, having spent over a decade designing parts of them.)

      The core/backbone does retain some of the features of the Internet's cold-war-survival origin (though the transition to fiber and physical ring layouts made that more vulnerable to multipoint failures, as well.) So some of it still has part of the old robustness.

      Then there are new services which added new dependencies (and sometimes new surprises when something goes down or goes away and a lot of stuff breaks).

      And to top it off, the discussion is not about government actors managing to taking the net down, but identifying and surgically cutting off a designated portion of it.

      So arguing from the characteristics of the robust-against-nukes network design we once had - and haven't had for decades - isn't particularly germaine.

      • ARPAnet and MilNet were designed to be resilient against centralized attack and outages

        During the evolution from those networks to the current, commercialized, information utility, much of that design was abandoned. We have migrated from an everything-is-redundantly-multiconnected, route around failures, survive a nuclear exchange system to a hierarchy, with a distinction between core and edge, where loss of certain boxes can shut down 10,000 to 100,000 end user sites.

        (That's why those boxes are designed with internal reduncancy, like a telephone exchange. And I know them intimately, having spent over a decade designing parts of them.)

        The core/backbone does retain some of the features of the Internet's cold-war-survival origin (though the transition to fiber and physical ring layouts made that more vulnerable to multipoint failures, as well.) So some of it still has part of the old robustness.

        Then there are new services which added new dependencies (and sometimes new surprises when something goes down or goes away and a lot of stuff breaks).

        And to top it off, the discussion is not about government actors managing to taking the net down, but identifying and surgically cutting off a designated portion of it.

        So arguing from the characteristics of the robust-against-nukes network design we once had - and haven't had for decades - isn't particularly germaine.

        You seem to have missed the resiliency of the Internet on 9/11 and how even though several major core backbone connections running under Twin Towers were completely severed almost no one noticed.

  • by xxxJonBoyxxx ( 565205 ) on Tuesday April 05, 2016 @01:24PM (#51847557)
    >> It's 'Not Realistic' To Shut Down Internet
    >> not be possible to shut down areas of the Internet that terrorists use

    Big difference. Unfortunately, I see these kind of inquiries leading to a "why don't we have a great big 'murican firewall" train of thought in a year or two.
  • Yes, you can knock countries and regions off the internet. But you really can't do it without collateral damage. It depends 100% on the infrastructure supporting their access. You want to knock europe off? Cut the link cables. You want to knock Iran off? Take out their links. It will never be 100% effective but you can do it to some extent. the internet isn't some magical fog, it requires hardware, be that radio towers, access points, or plain old cables. That infrastructure can be taken out. The
    • by mrbester ( 200927 ) on Tuesday April 05, 2016 @01:50PM (#51847781) Homepage

      If you cut the link cables to Europe are you cutting off Europe from you or are you really cutting yourself off from Europe?

    • Yes, you can knock countries and regions off the internet. But you really can't do it without collateral damage.

      I agree *completely* that doing this would be less effective than letting things stand.

      But I have to ask, in a technical sense why *couldn't* we cut off conflict areas from the rest of the internet?

      Taking Syria as an example, we could
      1) Disable their top level domain.
      2) Identify the .com and .edu websites hosted in Syria and route them to nowhere
      3) Identify source connections from within Syria and automatically route *them* nowhere

      On #3 above, Syria has only a handful [wikipedia.org] of service providers, and the source ad

    • While countries can be largely knocked off the internet by severing their physical connections, that isn't really the question at issue. The panel was asking about eliminating the ability for terrorists to organize and recruit over the internet, especially through the dark web. The reason this goal isn't the same as cutting off a country's access is that extremists aren't neatly limited to national boundaries and they certainly don't mind those borders when establishing websites for recruitment. It's the sa

    • You want to knock europe off? Cut the link cables.

      That's not as easy as it looks. Europe has connections to the US across the Atlantic, to Africa across the Mediterranean and to Asia through Turkey, the Ukraine and Russia. And that's ignoring any satellite links.
  • God these self-aggrandizing titles are annoying.

    He's not the "Cyber Commander", he's in charge of an entity whose purview is things related to the interwebs.

    But let's stop treating him like he's the fucking Field Marshall of the internet.

    • All hail Web Marshall Mike Rogers, defender of the internets!
    • Re:Cyber Command? (Score:5, Informative)

      by tnk1 ( 899206 ) on Tuesday April 05, 2016 @01:58PM (#51847845)

      His title is Commander, US Cyber Command (USCYBERCOM), which is a unified sub-command of the US Military. Calling him "Cyber Commander" is a stupid journalistic oversimplification, it's not his actual title.

      Of course, you can always tell government drones when they refer to "cyber" anything, but that is just the way it goes.

      • "Calling him "Cyber Commander" is a stupid journalistic oversimplification"

        As if calling him "Commander, USCYBERCOM" didn't sound stupid enough (isn't it something coming from Mattel?).

        Those big boys and their expensive toys...

      • His title is Commander, US Cyber Command (USCYBERCOM), which is a unified sub-command of the US Military. Calling him "Cyber Commander" is a stupid journalistic oversimplification, it's not his actual title.

        Of course, you can always tell government drones when they refer to "cyber" anything, but that is just the way it goes.

        Nonsense - his complete profile is right here and his title is definitely Cyber Commander: http://yugioh.wikia.com/wiki/C... [wikia.com]

    • I want to see him fight the Aquabat Commander
  • by Etherwalk ( 681268 ) on Tuesday April 05, 2016 @01:47PM (#51847759)

    It's not easy, but it's certainly possible to mostly do that. It's just that it hurts more than it helps in most cases, because it hurts the legit stuff going on. You want to change this, you have to actually incentivize the leaders in those countries to crack down in an effective way.

    • by AHuxley ( 892839 )
      It also depends on how the US mil would do it in the USA. A legal sounding secret letter and all cell towers in a region of a state, city stop working except for emergency and select secure calls from a pre set list of allowed users.
      All the talk of dark optical, dot com built redundancy is often just talk in many parts of the USA. A lot of physical optical might have been built out at some time but only a few active monopolies, cartels, duopolies really control all networks to keep the backhaul working i
  • by wardrich86 ( 4092007 ) on Tuesday April 05, 2016 @01:48PM (#51847763)
    I mean, who else makes threats to "shut down the internet"?
  • If they say it isn't...you can bet they already have a plan that does.
    Of course, it may not quite work.

  • by RJFerret ( 1279530 ) on Tuesday April 05, 2016 @01:58PM (#51847843)

    ...the atmosphere, that's where the bad weather is.
    ...the oceans, that's where the garbage patches are.
    ...bacteria, that's where infections derive.
    ...brains, that's where ignorance thrives.

  • Route-poison traffic to and from location X. People forget that valid Internet communication is 2way. Sure they might be able to broadcast out but not being able to receive in effectively cuts them off. Their internet will get awfully quiet.

    The thing is that "head of U.S. Cyber Command" is not saying is that cutting off the internet also cuts off easy common communication for any intelligence resources the US has in that area.

    In this instance a communications blackout works against both parties.

    • by hey! ( 33014 )

      This is a very good point; however by "area" they don't necessarily mean "geographic area". Let's say you cut off Syria and northern Iraq from the Internet; that doesn't stop ISIS operatives in Europe from using the Internet. It doesn't even really stop Syrians from getting data from to those sites using some kind of gateway (e.g. POTS or packet radio). It just means they won't be streaming Netflix.

  • You don't say, cyber-commander!
  • When the Federal Government MADE ME post my taxes monthly on a website, and said I could no longer go physically to my bank, and pay a teller, I knew that the internet was here to stay. If the internet was "shut down", then most of your small businesses could not pay their withholding taxes, as the Govts have pulled banks back from that job.
  • Nope, not going to buy into it. Just like there was no domestic spying. The government has no off switch, until the use it.

  • just cut one of the tubes ;)

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...