Someone -- possibly the government of China -- has launched a series of probing attacks on the internet's most critical infrastructure, using carefully titrated doses of denial-of-service to precisely calibrate a tool for shutting down the whole net.
Security expert Bruce Schneier, who consults for many of these infrastructure firms, describes in general terms the confidential information he's been privy to, describing these systematic, iterative probing attacks and speculating on the kind of end-game they'll result in. Though Schneier doesn't know who's behind these attacks, he says the data "suggests China, an assessment shared by the people I spoke with" -- but he adds it could also be another country trying to pin the blame on China.
I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."
There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.
Someone Is Learning How to Take Down the Internet
(Image: Castle Romeo, United States Department of Energy, PD)
(via Dan Hon)
University of Tulsa security researchers Jason Staggs and his colleagues will present Adventures in Attacking Wind Farm Control Networks at this year’s Black Hat conference, detailing the work they did penetration-testing windfarms.
Researchers from Politecnico di Milano and Trend Micro conducted an audit of the information security design of commonly used industrial robots and found that these devices are extremely insecure: robots could be easily reprogrammed to violate their safety parameters, both by distorting the robots’ ability to move accurately and by changing the movements the robots […]
Yesterday’s massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware’s author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account.
Aside from specific apps needed for work, the most casual Mac users can probably survive without anything more than the bundled software. iLife is a surprisingly capable office suite (Apple even promotes Keynote as a tool for interface design), and recent versions of Safari are more energy efficient than any other macOS-compatible browser. But if […]
Despite the upfront cost, electric toothbrushes are much better at removing plaque than those freebies from the dentist’s office. For those who struggle to fill the American Dental Association’s recommended two minutes of brushing time, or anyone with limited dexterity, a sonic toothbrush can give your oral care routine a boost.To keep your chops healthy […]
Learning a new language will give your resume an upgrade, sure, but it will also provide a huge cognitive boost for mental tasks outside of translation and conversation. Bilingual brains have been shown to be better at handling multiple concurrent tasks, and gaining fluency in a new tongue is an amazing way to improve memory, […]