State actors looking at ways to bring down the internet with DDoS, warns security guru Schneier

Probing DDoS attacks reminiscent of Cold War tactics

Security expert Bruce Schneier has warned that unnamed forces have been probing the internet's underlying infrastructure, presumably in an attempt to find out what would be needed to take it down.

Schneier reports in his blog that companies that "provide the basic infrastructure that make the internet work" have reported an increase in distributed denial of service (DDoS) attacks against them. The probes appear to be carefully calibrated in order to find out just what it would take to bring the company down, he reports.

"These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure."

The attacks are carried out using three or four different vectors, adding to the suspicion that the perpetrators are gathering detailed intelligence about the nature of the providers' defences, Schneier notes.

While he does not name the organisations that have reported the new attacks, which have been going on for the past two years, they are likely to include Tier 1 networks and DDoS mitigation services such as CloudFlare and Level 3 Communications, domain name system (DNS) providers.

The findings are consistent with a report published by DNS provider and registrar of top level domains Verisign, which has also noted DDoS attacks that are increasing in sophistication.

The scale and intricate nature of the attacks point the finger at state actors. "It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar," Schneier suggests.

Although it is impossible to tell where the probing attacks are coming from, this sort of cyber-warfare is consistent with that carried out by China and Russia, and indeed by the US.

"It reminds me of the US's Cold War programme of flying high-altitude planes over the Soviet Union to force their air-defence systems to turn on, to map their capabilities," Scheier notes.

While other types of internet communications are possible without DNS, knocking out the web would presumably be a high-risk strategy given its global nature, causing serious knock-on effects in the attacking state as well as the victims.

In November 2015 encrypted email provider ProtonMail was knocked offline by "an extremely powerful DDoS attack", which the Swiss company put down to a state actor concerned about the secure communications service it provides for journalists and activists.