If Someone Is Testing Ways To Take Down The Internet, Perhaps It's Time To Build A Stronger Internet
from the let's-get-it-done dept
There's been a lot of buzz over respected computer security expert Bruce Schneier recently talking about how someone, or some organization, or (most likely) some state actor, is running a series of tests that appear to be probing for ways to take down the entire internet. Basically, a bunch of critical infrastructure providers have noticed some interesting attacks on their systems that look like they're probing to determine defenses.Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.This article is getting a collective "oh, shit, that's bad" kind of reaction from many online -- and that's about right. But, shouldn't it also be something of a call to action to build a better system? In many ways, it's still incredible that the internet actually works. There are still elements that feel held together by duct tape and handshake agreements. And while it's been surprisingly resilient, that doesn't mean that it needs to remain that way.
The attacks are also configured in such a way as to see what the company's total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.
Schneier notes that there's "nothing, really" that can be done about these tests -- and that's true in the short term. But it seems, to me, like it should be setting off alarm bells for people to rethink how the internet is built -- and to make things even more distributed and less subject to attacks on "critical infrastructure." People talk about how the internet was originally supposed to be designed to withstand a nuclear attack and keep working. But, the reality has always been that there are a few choke points. Seems like now would be a good time to start fixing things so that the choke points are no longer so critical.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: attack, bruce schneier, cybersecurity, internet, vulnerabilities
Reader Comments
The First Word
“Why hasn't this been done before?
I've been following the developments on rebuilding the Internet, and let's see if I can summarise why we aren't there.Most commenters on this topic are pointing out the threat of political pressure on a redesigned Internet, but there are other issues at play.
The biggest problem (whether it's for IPv6, mesh networking, or a peer-to-peer Web built on a DHT), is that before end-users see value in running the protocol it must already be popular. As such it's actually not that hard to build a stronger alternative to the Internet, the issue is navigating the catch22 in order to get it used.
Furthermore there's an issue that any purely peer-to-peer identifier (AKA a "pubkeyhash") is inherently unreadable and harder to communicate to friends then a phone number, but an open-minded UI designer should be able to help solve this problem.
In short, we have been onto this task of building a stronger, better Internet but to some extent or other we can only do so incrementally. This is due to not only political pressure, but also marketing.
Subscribe: RSS
View by: Time | Thread
NSA?
[ link to this | view in thread ]
Distribution option
I would think something like P2P would be a way to distribute some things. However, the MAFFIA's would have a conniption that would make global nuclear war seem like a mild summer shower.
[ link to this | view in thread ]
That's not necessarily a bad thing.
Demand a stronger internet and governments will build it based solely on input from corporations and intelligence agencies. You'll get a internet designed by the RIAA, MPAA and NSA. With a Great Firewall of China baked in for EVERYONE.
You'll be replacing a potentially unreliable internet with one unreliable by design.
[ link to this | view in thread ]
Of course i can't wait for the feds to identify who is doing this and charge them accordingly. It would be stunning to see some laws and and power applied to something that is actually harmful and wrong on the internet.
[ link to this | view in thread ]
Re: Distribution option
[ link to this | view in thread ]
Re: NSA?
Which Commie bastards would that be. The Soviet Bloc was finished 25 years ago - and the Chinese stopped most actual communist policies even longer ago than that - turning itself into a big version of Singapore.
Are Cuba and North Korea a serious threat?
[ link to this | view in thread ]
Re:
That makes two really big assumptions. 1) That the feds don't already know who is doing it and 2) that is isn't the feds themselves doing it.
I would say that NSA is pretty high on the list of possible suspects. The others on the list like China and Russia... Well, we are not very likely to call them on it. Even if we do call them on it, it is not like we really have the power to stop them.
[ link to this | view in thread ]
People need a communication platform that is out of the reach of governments.
[ link to this | view in thread ]
Re: Re: NSA?
Given the magical powers attributed to its hereditary rulers, it might be described as a theocracy.
[ link to this | view in thread ]
Re:
Good luck, have fun. :)
[ link to this | view in thread ]
Re:
In other words sneakernet, as demonstrated by the Cubans
[ link to this | view in thread ]
Re:
*crickets*
I'll get my coat.
[ link to this | view in thread ]
...or you know, use the one that already has that.
[ link to this | view in thread ]
Re: Demand a stronger (I)nternet
So basically Comcast.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Distribution option
For Internet-facing traffic, it's time to move from IPv4 to IPv6, and leave IPv4 for the LAN. What I mean here is that the Internet backbones have to fully drop IPv4, such that beyond BGP, everything's IPv6. If you want to continue using IPv4 over the Internet (many devices have no choice), you stick a tunnel in front and expose an IPv6 interface.
This alone will clear up many of the current issues with Internet choke points. The other issues are physical, and the only real way to route around them is to build out the infrastructure. Not having to route IPv4 packets however would enable the built out infrastructure to scale much better, and reduce saturation potential at the switches.
[ link to this | view in thread ]
Re: Re: Re: Distribution option
[ link to this | view in thread ]
Don't presume that the goal is disruption
Yes, there are people who might do this out of ideology or politics, but there are many people who would do it for profit. Like the man said, Follow the money.
[ link to this | view in thread ]
Re: Re:
USA!
[ link to this | view in thread ]
Internet philosophy
Now the part for people with attention spans:
The Internet wasn't designed for its evolution. The original founding fathers of the Internet include Jon Postel (RIP) who famously created "The Robustness Principle" which states "Be liberal in what you accept, and conservative in what you send" (RFC-1122).
The Internet was designed to do something that hadn't been done before -- get interoperability. Prior to TCP/IP (and IMPs nee routers) IBM devices talked SAN. DEC devices talked DECnet. On a lower layer there were token-ring networks, coaxial-Ethernet networks, none of which could communicate effectively with each other.
Jon's philosophy encouraged and enabled interoperability -- the original goal. As a result in "being liberal in what you accept" there were no firewall considerations, very little protocol checking (the IP packet checksum, for example, only provides a rudimentary check that the IP header has not been changed in transit... but now of course a MITM attack does exactly that). There was no crypto consideration so no hashing or signing of packets, port connect request, transmission control protocol streams, etc.
Now we are in a new era. It started somewhere in 1993 when the "commercial Internet" became a thing. The ubiquitous "coasters" sent by AOL, Netcom, and others (originally 3.5" floppies and then later CDs) allowed anyone with a MODEM to connect at incredible speeds of 9600 baud to 52Kbps (yes, baud and bps are different).
The evolutionary phases continued: everyone could get email; web 2.0; e-commerce; social media. With that came companies eager to connect the millions of worldwide businesses to the net, and also the hundreds of millions of worldwide users.
As with any society, once something is open to all that means even that bad guys have access. That had evolutionary phases too. Spam. DoS. DDoS. Malware. Then a combination of those (spam to get you to download malware and malware that put your computer in a botnet to do a DDoS). Now we have the latest which is ransomware, and this "attack vector intrusion tests."
The Internet, as designed, doesn't have the mechanisms to protect against any of this, nor can retrofitting it be done simply. The move to IPv6 (a VERY VERY incremental change) has taken over a decade and is still at less than 25% adoption.
Protecting against DDoS attack vectors requires that intermediary devices block LEGITIMATE-APPEARING-TRAFFIC. That goes against the grain of all the ISPs contracts with their customers. It also requires validation of IP addresses (to prevent spoofing) and elimination of non stream-oriented (UDP) protocols. These changes will not happen on the current Internet and they will not happen in an interoperable ("be liberal in what you accept") way with current TCP/IP.
SO philosophically, yes, we need a new communication infrastructure with signing, encryption, and elimination of Windows (malware/DDoS vector). Governments the world over do not want any of this to occur.
Ehud
[ link to this | view in thread ]
Dixie cups
[ link to this | view in thread ]
There's work going on for this
The latter, in particular, has some VERY interesting ideas, which would lead to comprehensive encryption from end-to-end, with endpoint privacy via onion routing, minimal overhead, and guarantees of traffic between two hosts in the same "ISD" (likely approx. one per nation) never leaving that ISD, solving both the "rerouted via Pakistan" and "insane regime breaks Youtube for everyone" issues.
[1] https://datatracker.ietf.org/wg/hip/documents/
[2] http://www.scion-architecture.net/
[ link to this | view in thread ]
Re: Re: Re: Distribution option
With IPv4, you don't have enough nodes...I mean, you saturated in the single-digit billions, just not enough 'phone numbers' for all those phones (that we thought we'd never use). Add in cast-off numbers (Little Jimmy was playing games online, until he posted his IP online, now when he turns his computer on, it gets hacked instantly), as a result we (the 'parents') made the cable company give us a new IP. Irresponsibility led to DHCP from provider (wasn't always like this), which led to eventual subnetting and port controls (you can't run a website from home, when your IP is 192.168.x.x from your provider).
Now, in one breath, you're going to give 'ole granny' a real IPv6 number, that's live on a 'bigger world backbone', never explain to her what this means for her in terms of world 'exposure', and expect this to 'end up ok?'.
This sounds more like a plan from the NSA to see EVERYONE's home data, more than it is to build a 'better, stronger internet', but then again, I'll bet you really liked the idea of 'cloud computing' a few years ago, too.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
This is where the average 'sheep' says, 'but why in the world would our government do such a terrible thing?'
Easy - because if they can determine exactly what it takes to bring down the internet (just like they already know and have ability to bring down the nation power grid), then they not only know what it would take for an enemy to take it down, but what they must be prepared to do if THEY have to take it down. Why do they need this knowledge? Well, they've already idealized the 'People' as the 'biggest enemy', planned for 'continuity of government', and so much more. Why not plan to cut your vocal cords, so you can't cry out, can't plot against them or share intelligence?
Tactically, it's quite an obvious choice. What were you thinking?
[ link to this | view in thread ]
Re: Re:
See, the problem with 'non-government peer-to-peer' is that the slime of society don't value a network, are challenged by crashing it, have no intent to build a network, want to infect any network they stumble on, and consider it their personal life goal to crush any who would dare lock them out of administrative rights.
Not only is your government working against you, but you have slime amongst you that says 'when it falls, it will never return'.
[ link to this | view in thread ]
Re:
The biggest problem I ever have with local network integrity is the time wasted checking tracking cookie sites constantly rolling IPs! Swear to god, if you made them illegal, you'd recover 10-percent of the IPv4 IP numbers currently used!
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Given the complexity of this problem, I'm not expecting you to come up with an extensive, protocol-level list of improvements that developers should implement. But "hey, we should make this thing better" is (a) obvious and (b) useless. At least throw out a few high-level suggestions for what you're talking about.
It's not an easy problem, and a lot of the biggest and most advanced companies have been chipping away at it in any way they can for years and years. As others have noted, the rollout of IPv6 has been a long time coming. Google's been working on web improvements in everything from transferring more data in fewer requests to automatically minifying and gzipping everything at the Apache level. While these are primarily intended as usability improvements, anything that reduces bandwidth consumption makes a DDoS harder.
There's also MS dipping its toe into P2P distribution -- specifically, Windows Update doesn't just use a client-server model anymore; by default, updates are shared among users. This, naturally, makes it a lot less likely that MS's servers will go down under heavy demand (as has happened before -- I believe when the Windows 7 preview was released).
These are all slow, incremental improvements. Because when you're trying to preserve compatibility with an existing system based on a decades-old protocol stack and used by billions of devices, slow, incremental improvements are all you're going to get. (And those are just the technical constaints; other posters have already noted some of the political ones.)
[ link to this | view in thread ]
Re: Dixie cups
What makes a government powerful is when the leaders have Internet access and the citizens don't. That's not what we're talking about here; we're talking about a situation where *nobody* has Internet access. That would throw governments into just as much disarray as the general public.
[ link to this | view in thread ]
Re: Re: Re:
It's not that there aren't bad people doing bad things on these networks; of course there are. And it's not that they're invulnerable, either; a lot of infrastructure is concentarted in a few hands, and if a single large provider leaves the network (either voluntarily or by being forced), that can have a significant impact on everybody who uses them. But the former is a problem on the plain ol' client-server Internet that most everybody uses, and the latter is a matter of scale that would become less of an issue as more devices joined the network.
[ link to this | view in thread ]
Re: Re: Re:
Our government doesn't want to stop you from getting on Facebook. Just the opposite. The Internet is the most valuable spying tool that the governments of the world have, and populations' willing participation is exactly the thing that helps them to spy on those populations.
I don't disagree with your premise that the US government may be responsible for these probes. I just disagree with your assessment of its purpose in doing so.
[ link to this | view in thread ]
Actually....
http://arstechnica.com/tech-policy/2016/09/fbi-urges-low-tech-solution-to-high-tech-webcam-h acking-tape/
[ link to this | view in thread ]
Re: Actually....
It's also, y'know, obvious. If your camera is covered, nobody can see out of it.
It doesn't protect against other forms of attack -- audio and keystroke logging, MITM attacks on your communications, van parked across the street reading the radiation coming off your monitor, etc. -- but it's an absolute defense against anybody seeing you through your laptop camera. I don't really see how that's arguable.
[ link to this | view in thread ]
Why hasn't this been done before?
Most commenters on this topic are pointing out the threat of political pressure on a redesigned Internet, but there are other issues at play.
The biggest problem (whether it's for IPv6, mesh networking, or a peer-to-peer Web built on a DHT), is that before end-users see value in running the protocol it must already be popular. As such it's actually not that hard to build a stronger alternative to the Internet, the issue is navigating the catch22 in order to get it used.
Furthermore there's an issue that any purely peer-to-peer identifier (AKA a "pubkeyhash") is inherently unreadable and harder to communicate to friends then a phone number, but an open-minded UI designer should be able to help solve this problem.
In short, we have been onto this task of building a stronger, better Internet but to some extent or other we can only do so incrementally. This is due to not only political pressure, but also marketing.
[ link to this | view in thread ]
Re: Re: Actually....
[ link to this | view in thread ]
Re: Re: NSA?
[ link to this | view in thread ]
Re: Why hasn't this been done before?
Right, and it's not just end users; it's the local plumber who just has a website up with his business address and phone number; it's publicly-traded companies whose shareholders don't see the benefits in switching to a new system that their customers don't use; it's understaffed IT departments that simply don't have the time to work on infrastructure changes like that because they're too busy dealing with regular day-to-day issues.
Yeah, that's not such a hard problem; we've already got a protocol that translates a human-readable address into an IP address. And my E-Mail address used to be SJMD68B.
And just plain lock-in. When you've got billions of people using a thing, it's not easy to get all of them to transition over to a different thing.
[ link to this | view in thread ]
Re: Re: Why hasn't this been done before?
Yeah, we have such a protocol in DNS. It's also possibly the most fragile part of the internet, bar none.
It's centrally controlled (the root nameservers), integrity of DNS records (DNSSEC) still isn't pervasive, privacy of DNS queries is laughable due to the caching architecture making it almost impossible to retrofit, DNSSEC is based on an EVEN MORE central model than DNS as a base protocol, which makes it trivial for a nation-state attacker to replace all your DNS records with the right orders, it's not distributed and so the authoritative name server for a domain can be trivially taken down...
DNS is not a solution; it's a huge part of the problem!
There have been attempts to come up with solutions, but none has yet succeeded. There's a statement of the problem, often called Zooko's Triangle: Secure, Distributed, Human-meaningful: Pick Two.
Now, that doesn't quite hold - Aaron Swartz, among other things, demonstrated a manner of "squaring" Zooko's triangle. However, that method requires every peer on the network keep a multi-gigabyte log of all names ever issued, which falls down on two properties people care about: privacy and efficiency.
The former, incidentally, is one of the things that delayed DNSSEC. DNS was never intended to keep the list of records secret, but people assumed it did, and when DNSSEC's NSEC mechanism was found to allow iterating over records, people rejected it. NSEC3 does better, but still has issues, and so forth.
The value of efficiency, of course, is obvious.
As yet, I am not aware of anybody having found a system which squares Zooko's triangle efficiently, much less without leaking such information.
[ link to this | view in thread ]
Re: Re: Why hasn't this been done before?
The most interesting of these solutions I've seen is a plan to design a peer-to-peer Web where if the client browser doesn't support it, a central server will serve them JavaScript instructing them how to access the page.
As for the issue of identifiers I've seen a couple of solutions, and introducing a semi-centralized translation service is certainly one of them. But given the mindset behind these projects I find QR codes are a more common one.
Still lock-in (thank you Thad, forgot to mention it) is a big issue I haven't seen be addressed well, and as for the political angle we just need to review the new protocols and code for security flaws.
[ link to this | view in thread ]
ALIEN PROBE
.
Please!... no emails!
[ link to this | view in thread ]
It's nothing to do with TCP/IP, or p2p, or any other SOFTWARE protocols
None of those are relevant. They are all software protocols that lie atop the physical, cabling/satellite, infrastructure. And as I understand it, we are talking about the network infrastructure, the CABLES, where they go, where they concentrate, and so on here.
Have a look at the submarine cable map. Most of the worlds data goes through a few key landing points. And a landing point is a big datacentre/routing point for massive amounts of data. And beyond that, the main trans-continental (land-based backbones) concentrate through a few key distribution points.
You 'break' half a dozen core physical cable concetration points, you can break an awful lot of the internet. And I'm not talking physical breakage. All the distribution within those conecntrations of cable termination points is done with gateway routers, core routers, and so on. It is these devices we are talking about breaking. These devices that control all the data flow can be hacked, DDoSed, lobotomised.
Sure, some of it will be worked around, but those key choke points between them provide the lions share of the available bandwidth, well in excess of 60% of the internet bandwidth throughout their regions. Most secondary backbones that bypass those core datacentres are, relatively speaking, low-bandwidth, like satellite, or links to small regional areas etc. So, break half a dozen key regional concentration points, and suddenly the internet in trying to route around the break, trying to jam 100Gb/s (or more) through links that are only 1 or 2 Gb/s. And with the atrocious way that core routers, border gateways cache too much, flow-control will be broken beyond recognition. Suddenly all these 100GB/s+ are choking, breaking the remaining backbones. It's like a traffic jam, there's so much traffic it all sits there going nowhere. And "poof", there goes the internets across very large regions, national if not continental-scale telecommunications failures.
And it doesn't matter whether you are using IPv6, IPv4, P2P like torrenting, cloud datacentres, TCP/IP, ATM, IPX, (although IPoA will still work fine unless as long as you don't need to interface with any telco's!) it's all irrelevant. All the infrastructure that carries that data will be inaccessable.
[ link to this | view in thread ]
Re: Why hasn't this been done before?
Sometimes you just need to take a one time hit that will cause major disruptions but will avoid worse problems in the future if nothing is done. Or if you duct-tape pseudo-solutions.
[ link to this | view in thread ]
[ link to this | view in thread ]
Unfortunately the public nature of the forum prevents a proper discussion of this.
But... (A big but)
There are a lot of politicians (read as: white collar pimps) that also read TD. So as much as I'd like to talk about the stuff that is REALLY going on right now, this isn't the forum to do it.
It would be irresponsible. (Pretty much like inviting NAMBLA to an elementary school.) These technologies need a chance to grow up so they can defend themselves. And that is really the bigger challenge.
Making a technological system that is monolithic, which reinforces both open communications, AND privacy while running on hardware that is controlled by malicious actors isn't just a technical challenge. It is also a political one.
What I can say, is that a great deal of effort is being made to deal with the descending spiral into fascism. But making a system free (as in freedom, not beer) is actually a much bigger technical problem than it might appear.
Jefferson wrote what _should_ be. Now the challenge is to see if there is actually a mathematical means for actually achieving what he articulated.
I believe there is. And I've seen some stuff that goes a long way in that direction. But I'll be fucked if I'm going to help some shitbag minion of Oligarchy find it before it is ready for market.
[ link to this | view in thread ]
Re: Unfortunately the public nature of the forum prevents a proper discussion of this.
.
In other words... and get this!... the W-O-R-S-T T-H-I-N-G Lucifer C-O-U-L-D E-V-E-R H-A-V-E D-O-N-E in his tactical battle plans and WAR against God, would be to have L-E-F-T C-H-R-I-S-T A-L-O-N-E!
.
Talk about the M-I-N-D-L-E-S-S F-U-T-I-L-I-T-Y of mere aggressive acts!
.
Indeed!... sometimes it's best to keep the cards close to the vest! But!... on other occassions!... it's best to leave just enough rope!
.
Please!... no emails!
[ link to this | view in thread ]
Bring it on.
[ link to this | view in thread ]