Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security The Internet

Someone Is Learning How To Take Down the Internet, Warns Bruce Schneier (schneier.com) 237

Some of the major companies that provide the basic infrastructure that makes the internet work have seen an increase in DDoS attacks against them, says Bruce Schneier. He adds that these attacks are of much larger scale -- including the duration -- than the ones we have seen previously. These attacks, he adds, are also designed to test what all defense measures a company has got -- and they ensure that the company uses every they have got, leaving them with no choice but to demonstrate their defense capabilities to the attacker. He hasn't specifically shared details about the organizations that are under attack, but what little he has elaborated should give us a chill. From his blog post: [...] This all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes (PDF) a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex." There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services. Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes -- and especially their persistence -- points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.
This discussion has been archived. No new comments can be posted.

Someone Is Learning How To Take Down the Internet, Warns Bruce Schneier

Comments Filter:
  • by Anonymous Coward on Wednesday September 14, 2016 @02:53PM (#52887739)

    Could be NSA/GCHQ false-flag operation to pin the attacks on Russia.

  • by JustNiz ( 692889 ) on Wednesday September 14, 2016 @02:56PM (#52887745)

    Don't worry I've already copied the internet onto a blank CD.

  • north korea's last dieing move after the nukes fail?

  • ...it's called probing. [youtu.be] Not to engage, but to evaluate.
    • "Probing" you say?

      I'd say it's them dern aliens! Back in '67 I was driving in my good old '57 Chevy when I saw a bright light above me...

      Never could sit on the Jon the same way after that.

  • Is Learning How To Take Down the Internet.

  • Does this mean my Internet's won't work?

    How will I check my fridge when I am out of town?

  • by wjcofkc ( 964165 ) on Wednesday September 14, 2016 @03:08PM (#52887847)
    Awhile back I used up a couple weeks of vacation time I had accumulated. First I got the idea in my head, why don't try powering my phone off for awhile?. After a few days of withdraw I started to feel liberated. From there I abandoned email and the internet entirely. More withdraw was followed by an even greater sense of liberation. It was like breathing for the first time. After a hair over a week, I grudgingly came back to virtual reality. But damn was that disconnected time wonderful.
    • What is real life Like?

      I'm to scared to go upstairs or turn off my phone.

      • by wjcofkc ( 964165 )
        It's kind of like The Walking Dead, minus the zombies. It's really very pleasant. By day, there is this giant yellowish orange thing in the sky. Sometimes it is obscured by what I can only describe as cotton candy. It is very comforting though. By night, there is this big piece of cheese in the sky that I can never quite reach. Cotton candy applies here to on occasion. The only creepy thing about it is all the people around you are constantly staring down. It's unsettling at first. There are strange animate
        • by Falos ( 2905315 )
          I once traveled to the Outside. Turns out the Normals are actually fairly friendly. They were very worried when the Daystar began cooking me red and offered me water.

          3/5, would not spelunk again.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Don't be an idiot.
      Really

      This isn't about being personally liberated from the internet. This is about attacking critical infrastructure. This is like the paving of every interstate in the country disintegrating overnight.

      Sure, there would be lots of time for people to sit at home and enjoy the flowers. Meanwhile 99% of the population would immediately begin to run out of food and within a week chaos would reign - most people would have no job to work and no food to eat. The economy would take a massive

  • DDoS Defense (Score:2, Interesting)

    by sexconker ( 1179573 )

    1) Notice problem.
    2) Look at logs/whatever and verify insane traffic levels.
    3) Throttle/block source at router.
    4) Repeat for every upstream switch that is impacted by the attack. For those which you don't control, call (yes call) up your peer and inform them of the issue so they may do the same.

    1-3 can be automated fairly easily
    4 can be automated with cooperation, agreements, established procedures, responsive personnel, etc. (4 isn't going to be automated.)

    5) Inform zombie ISP customers they're part

    • Unless the attack is the type that uses perfectly normal HTTP GETs (or other expected traffic)... just from 10,000,000 sources at once... Like an old fashioned /.ing, only bigger. There is no defense against something like that other than to throttle all HTTP (or whatever) connections... but that ends up achieving the goal of the attacker anyway.

      This has been demonstrated already by the Chinese government by altering unencrypted HTTP traffic to add a bit of javascript to sessions inbound to the country so t

      • Re:DDoS Defense (Score:5, Interesting)

        by cfalcon ( 779563 ) on Wednesday September 14, 2016 @03:31PM (#52888077)

        The problem is that DDOS is a core vulnerability based on how the internet is built. If you get packets that should go somewhere, you try to push them there. You don't know that the guy who handed them to the guy that handed them to the guy that handed them to you is a botnet node: you just know packets go a place. You forward them.

        Eventually, you hit a point where someone in that link COULD figure out that packets are part of a DDOS, but in the current model, that's just too damned far along.

        • Re:DDoS Defense (Score:5, Interesting)

          by sexconker ( 1179573 ) on Wednesday September 14, 2016 @03:52PM (#52888275)

          DDoS patterns are pretty obvious, and you don't need fancy DPI either.

          Happy-go-lucky packet forwarding works when everyone plays by the rules. That's not the case. You have to respond, and the ONLY response is to throttle/block the traffic. The further upstream you do this the more effective it is, but the wider impact it has for legitimate traffic. That's why step 4 is critical for the target.

          It's a very simple solution to a very simple problem. DDoS is just the normal internet at an abnormal scale. All effective responses go against the general design of the internet because they involve removing a host from the internet or portions of it. So you want to limit responses to be as close to the source as possible to avoid impacting all the good actors.

        • you just know packets go a place. You forward them.

          If nodes would quit forwarding packets that say they came from a place that they couldn't possibly have come from, it would cut down on some of this crap.

      • The defense is to block the bad traffic as close to the source as possible, whether it be 100 Amazon VMs in a botnet or 10,000,000 home machines infected with shit or the entirety of China.

        The internet only works if each network plays nice. DDoS has been a problem for so long because no one has the balls to cut home users or a country off, and certain governments don't give a fuck about going after botnet operators.

    • You should tweet that to @verisign so they know what to do when the state sponsored DDoS to take down the internet comes. As you pointed out the answer is to stop the bad traffic which should fit nicely into 140 characters and thus, save the day!

      • Maybe they should also turn on DNSSEC for verisign.com, since they are crucial and into security and all.

    • Re:DDoS Defense (Score:5, Insightful)

      by Alomex ( 148003 ) on Wednesday September 14, 2016 @03:54PM (#52888293) Homepage

      This is why slashdot sucks so much. I started reading /. back when the UIDs where in the 10k range, and only people who really knew about the subject would comment. It took me many months before I saw a topic I could contribute to with enough insight, hence my 100K UID.

      Now, we have captain obvious noob giving a trivial "shut down" solution, which only works when the botnet is concentrated in an arrogant tone to the security experts in Verisign and Bruce Schneier. To top it off it gets ranked +4 Insightful.

      p.s. Can we add a moderation score of -1 Rolls eyes?

      • I started reading /. back when the UIDs where in the 10k range

        Yeah, I think it was always crap. Remember Signal 11? Jon Katz? The ignorant are drawn to comment sections.

        • by Alomex ( 148003 )

          Yeah, there have always been some idiots around, but there used to be a lot less. Also with the increased number of know-nothings moderation has degraded. Over the years I've gone from reading at 0, to 1, to 2, to 3, and now at 4 or higher.

          • If ever there was a "get off my lawn" post...
            I simply lost my first account. I don't even remember the username (if I did I *might* remember the pwd).

      • by BuGless ( 31232 )

        This is why slashdot sucks so much. I started reading /. back when the UIDs where in the 10k range, and only people who really knew about the subject would comment.

        And even Slashdot back then was ten times worse than the golden age 1988-1994 USENET already.

    • by mjwx ( 966435 )

      6) Cut customers off from the internet until they clean their shit up

      Will never happen because Profit.

      ISP's will never willingly cut off their own customers and will fight tooth and nail to prevent from being forced.

      This is why US ISP's happily hand over customer identities to the *IAA for lawsuits rather than have something like a three strikes law.

      • You are correct, they won't willingly cut the cash flow. Something real interesting where everyone will have to work has to happen.
        so wait for the lawsuits

  • by daveschroeder ( 516195 ) * on Wednesday September 14, 2016 @03:12PM (#52887895)

    "The data I see suggests China, an assessment shared by the people I spoke with."

    Of course, that will be buried in these comments that it's a US false flag, that obviously it's the US that's responsible, etc.

    It couldn't possibly be someone like China.

    • But of course...

      If the NSA can't OWN the Internet. It will do the next best thing, and throw a tantrum and shut it off.

      "If we can't have it.. nobody can!"

    • This doesn't seem too far-fetched given China's traditional hostility to freely-available information versus the U.S.'s scary degree of dependence on the Internet.
  • Interesting timing (Score:5, Insightful)

    by CODiNE ( 27417 ) on Wednesday September 14, 2016 @03:16PM (#52887927) Homepage

    I wonder who would stand to benefit from an Internet black out during the US presidential election?

    • by cfalcon ( 779563 )

      A good point. A less partisan point is, what happens if you have "online voting", or any goddamned thing that requires a net to function, and it doesn't?

      We have an infrastructure problem- plenty of systems assume that the internet will either always be up, or be up at least, for instance, daily.

      • by swb ( 14022 )

        We have an infrastructure problem- plenty of systems assume that the internet will either always be up, or be up at least, for instance, daily.

        And it's getting worse, because the infrastructure that keeps the Internet up is starting to require the Internet actually be up.

        A cow-orker installed some Meraki switches this past weekend and they are "cloud" managed. I didn't work on it, but he said you basically needed an active Internet connection to do anything with them because there was no local management at all. And of course the switches themselves had problems, cutting off Internet access until physically rebooted at least once.

        Off the top of

    • Is the moderation system disabled? That one deserved a "good question" mod, but the closest approximation here would be "insightful". Not only that post, but no "insightful" mods yet. That led me to check for "funny" mods, too, and couldn't find any. Anyway, I can't give you a mod point since I never get any. Many years now...

      I still think that most of the spam and scams are motivated by profit, and most of the time the way to fix the problem is to figure out the business model and break it. Unfortunately,

    • badselfeater.com [badselfeater.com] (the federal beast...) Maybe we will find out in a few hours!? @ 7PM EST their countdown timer hits 0...
  • You just have to love the work of Google's DeepMind projects!
  • I hope it's US DoD trying to catch up on cyber security. Or maybe not. I'm not sure who's scarier, foreign governments or our own. Not that I like terrorists, but I'm pretty sure we all need to be more worried about all the the "official" guys we willingly bought nukes and stuff for than we do about the "alquiedas" who might like to steal one.

  • by mlw4428 ( 1029576 ) on Wednesday September 14, 2016 @03:32PM (#52888081)
    For far too long we've allowed people to buy computers, hook them up to the internet with crappy "AV" software, let the end-user allow the subscription to end, not install security updates, and do literally everything else they can do to compromise security. In effect, it's like letting a drunk driver to drive around in his car after allowing him to cut his break lines, and shove a heavy rock on the accelerator. There needs to be something that holds people accountable to do a bare minimum number of things.I realize that simple things like having a decently ranked AV, keeping it and the OS updated, keeping critical programs updated, and ensuring that home passwords are sufficiently complicated won't stop every single attack. But neither will simply telling people they should't drive drunk. That's why we have laws and cops and revokation of driver's licenses, fines, and jail time. At some point, end users need to be held accountable.
  • by Anonymous Coward

    "Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains."

    Somebody who has no idea how anything works must have written this.

  • and they ensure that the company uses every [sic] they have got, leaving them with no choice but to demonstrate their defense capabilities to the attacker.

    This doesn't make sense. To require them to use every defense they have would require the attacker to be precisely calibrated with the defenses the company has.

    It's much more likely that the attacker has more offenses that the company doesn't have defenses for or that the attacker has fewer attacks and that the company has defenses that are not employed

    • I read it differently and made a different, but similar, assumption. I read it as: the attackers didn't have inside info on their defenses, but that they were big enough, and lasted long enough, and possibly had various attacks going on, that it was causing Verisign to "reveal their hand" so to speak with their defenses... whether it was all of their defense strategies, or just more than would have liked to reveal is up for interpretation for the story I guess.
  • by presidenteloco ( 659168 ) on Wednesday September 14, 2016 @04:30PM (#52888595)

    My computer often freezes with the beachball of death or disappearing cursor. Some runaway application, interacting with OS memory managment or UI services and devices, has managed to DOS my computer. Often a reboot is the only solution.
    But what was the real problem? The fact that someone designed an OS that allows runaway processes and memory managers and what not to completely dominate all other processes, or to completely hijack key devices.
    Why would an OS not have a more effective segmentation; a hierarchy, which enforces rules like:
    - Never dominate the pointer movement and rendering, ever, for any reason
    - Give the process kill user interface (red button, X), and the process termination procedure, absolute highest priority as well.
    - Have a high-priority command shell process.
    - Don't let background processing and user-process memory use ever dominate and freeze user interface rendering. Probably requires a separate CPU core just for talking to the graphics subsystem.

    Seems like an off-topic aside maybe?
    But the same principle should be applied to Internet design.
    - A backchannel allowing sys-admin commands (at low data rates only) to get through the network should have highest priority and not be affected at all by overcapacity on other "channels".
    - A low data rate channel permitting only low-frequency-of-send email / messaging protocol to get through should be next in line. By design it should not permit flooding. Its functioning should be entirely independent of any DDOSable level.
    - A level which supports general web-ish and messaging protocols but for trusted authenticated communicators only.
    - Finally, separated from the other levels at every switch, router, and network card, something akin to the current DDOS-ABLE level where anything goes.

  • Seriously, We need to create more virtual networks at the backbone level, and fully separate utilities, military, stock brokers, etc from the main arena. After all, while a nuclear plant needs to communicate with others, what need does it have to actually talk to the business office? none. The same is true of other Areas.
  • The solution to DDoS Attacke is peer-to-peer. Thank goodness DNS already works that way. If Verisign goes down, the information is still available in a DNS server near you. Mail will still work. WhatsApp may be not, but hey we can still use SMS.

  • by eyenot ( 102141 )

    nice use of "what all". feels down-home.

  • First off all, ISP's ought to automatically detect abnormal traffic patterns to their clients and start blocking it in a temporary access control list that would expire after some time. There should be a protocol to share this temporary ACL upstream (how far upstream TBD depending on the size of the ACL vs how much routers can fit in RAM). If a source address is continually on the ACL then the ISP owning the address should be automatically notified so that they can take action against the client. If an ISP

  • Nah, it's probably just C'thulhu looking around.

You have a tendency to feel you are superior to most computers.

Working...