The internet is potentially at risk from being brought down by malicious parties according to a fresh warning from a security researcher.
Bruce Schneier, security and cryptography expert, and CTO at Resilient, has written a blog post about how he has observed various probing attempts against the defences of the cornerstones of the net – namely the big firms that provide the basic infrastructure which makes the internet work (he didn't state any actual names, as the organisations in question only talked with him on the condition they remain anonymous).
Apparently these outfits have recently witnessed an uptick in DDoS attacks, and according to Schneier, these attacks are significantly bigger and longer than normal, with an unusual level of sophistication.
In fact, these volleys look very much as if they're designed to test the limits of said organisations' defences, and they use different attack vectors to feel out exactly what defensive countermeasures are in place.
Schneier wrote of the attacks: "And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure."
Nation state action?
All this, then, could be leading up to some kind of major campaign to deliver a knockout blow to the internet, and he further theorises that this feels like something a nation state is organising – guessing at China or Russia as his most likely candidates.
Schneier states: "Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that.
"Furthermore, the size and scale of these probes – and especially their persistence – points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar."
Schneier further notes that his observations tie in with Verisign's latest report on DDoS trends which shows a rise in 'persistent' and 'complex' attacks in Q2 of this year.
Of course, this is all speculation, and as some folks replying to Schneier's post observed, it's quite a noisy and unsubtle way of gathering intelligence for such a cyber-espionage operation, if indeed it's underway. There are other ways to work, the most fruitful often being leveraging the human aspect – i.e. the weaknesses, and capacity for errors, of employees at the targeted firms.