A powerful attacker is systematically calibrating an internet-killing tool

Someone — possibly the government of China — has launched a series of probing attacks on the internet's most critical infrastructure, using carefully titrated doses of denial-of-service to precisely calibrate a tool for shutting down the whole net.

Security expert Bruce Schneier, who consults for many of these infrastructure firms, describes in general terms the confidential information he's been privy to, describing these systematic, iterative probing attacks and speculating on the kind of end-game they'll result in. Though Schneier doesn't know who's behind these attacks, he says the data "suggests China, an assessment shared by the people I spoke with" — but he adds it could also be another country trying to pin the blame on China.

I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."

There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.

Someone Is Learning How to Take Down the Internet

[Bruce Schneier/Lawfare]

(Image: Castle Romeo, United States Department of Energy, PD)

(via Dan Hon)