Someone -- possibly the government of China -- has launched a series of probing attacks on the internet's most critical infrastructure, using carefully titrated doses of denial-of-service to precisely calibrate a tool for shutting down the whole net.
Security expert Bruce Schneier, who consults for many of these infrastructure firms, describes in general terms the confidential information he's been privy to, describing these systematic, iterative probing attacks and speculating on the kind of end-game they'll result in. Though Schneier doesn't know who's behind these attacks, he says the data "suggests China, an assessment shared by the people I spoke with" -- but he adds it could also be another country trying to pin the blame on China.
I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."
There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.
Someone Is Learning How to Take Down the Internet
(Image: Castle Romeo, United States Department of Energy, PD)
(via Dan Hon)
Investigative tech journalist Joseph Menn's (previously) next book is a history of the Cult of the Dead Cow (previously) the legendary hacker/prankster group that is considered to be "America's oldest hacking group."
Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption.
"Letterlocking" is a term coined by MIT Libraries conservator Jana Dambrogio after she discovered a trove of letters while spelunking in the conservation lab of the Vatican Secret Archives; the letters had been ingeniously folded and sealed so that they couldn't be opened and re-closed without revealing that they had been read. Some even contained […]
Big companies want automation on a big scale. Doing that means diving into the tricky world of machine learning and data science. And no matter what platform you’ll be implementing it on, you can learn how with the Machine Learning & Data Science Certification Training Bundle. In 48 hours and through eight courses, this bundle […]
Big systems need tight security – and the experts who can implement it. Cisco Networking Systems are the go-to providers for network infrastructure, but maintaining it takes a lot of up-to-date knowledge. If you want that knowledge right from the source, there’s an online course that can get you certified painlessly: The Foundational Cisco CCNA […]
Computer slowing down? There are a ton of reasons why that might be, especially if your unit has a few years on it. Junk files and programs can accumulate over time, some even left over from otherwise uninstalled software. This virtual debris can slow your PC down dramatically, but there’s a surprisingly quick fix. Lauded […]