Research

Probing the Internet's Backbone

Written by Reflare Research Team | Sep 21, 2016 11:50:00 AM

To understand how disruption could lead to a failure of internet services, one only needs to understand the concept of DNS (Domain Name System), which is the plumbing behind the internet that translates human-readable domain names with IP addresses.

First Published 21st September 2016

Break the back, break the internet.

4 min read  |  Reflare Research Team

Security veteran and cryptographer Bruce Schneier has released a statement warning that unknown actors are probing the defensive capabilities of some of the internet's core infrastructure.

While the published text does not cite sources or hard data and should thus be treated with due scepticism, Mr. Schneier’s excellent reputation, influence and insight into internet infrastructure make the claims worth investigating further.

According to the blog post, unknown actors have continuously launched Distributed Denial of Service (DDoS) attacks against parts of the infrastructure the internet depends on such as the central DNS servers.

DDoS attacks aim to overwhelm their victim with large amounts of traffic. They require a lot of bandwidth but are otherwise trivial to execute. If the victim has less available bandwidth than the attacker, there is very little that can be done to keep the service online. This makes DDoS attacks the preferred tools of those with lots of spare bandwidth and unspecified technical skills - namely botnet operators and government actors.

Mr. Schneier guesses that the Russian or Chinese government may be behind the ongoing tests but we estimate that virtually any government actor could be behind this pattern of attack. The attacks are unusually principled - slowly increasing the amount of traffic until it becomes hard to mitigate yet stopping short of actually taking down the system in question. It appears that whoever is behind the tests is trying to find out how much traffic it would take to bring down the target systems and what lines of defence exist.

In case of a major confrontation in cyber-space - the much invoked “cyber war” - knowing the exact breaking point of an enemy’s infrastructure is crucial to preparing attacks and efficiently allocating offensive capabilities. An attack that can take out top-level DNS servers or central routing points could effectively shut down the internet for a given region.

Since such intelligence is valuable to any state actor, it is quite likely that the actor discussed in Mr. Schneier’s post is not the only one trying to figure out where exactly the internet’s breaking points are. It is quite possible that several actors are independently behind the attacks.

The internet grew out of university research projects for sharing academic papers and is thus to this day a somewhat centralized system. While various proposals for more decentralized infrastructure exist, there is currently no political will to adopt them. Once a confrontation in cyber-space leads to major outages of significant parts of the internet, we believe that decentralization is likely to happen quite quickly.

In the meantime, organizations are advised to develop contingency plans for everyday operations in case of a major internet outage.