Today’s internet problems could be a bad omen.
I noticed the problem accessing Twitter.
Tweets not loading fully, the site timing out. That wouldn’t be the first time Twitter has had a hiccup, but it lasted a long time.
Here’s why, via Gizmodo, Today’s Brutal DDoS Attack Is the Beginning of a Bleak Future:
This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider. Details of how the attack happened remain vague, but one thing seems certain. Our internet is frightfully fragile in the face of increasingly sophisticated hacks.
Some think the attack was a political conspiracy, like an attempt to take down the internet so that people wouldn’t be able to read the leaked Clinton emails on Wikileaks. Others think it’s the usual Russian assault. No matter who did it, we should expect incidents like this to get worse in the future. While DDoS attacks used to be a pretty weak threat, we’re entering a new era….
Recently, we’ve entered into a new DDoS paradigm. As security blogger Brian Krebs notes, the newfound ability to highjack insecure internet of things devices and turn them into a massive DDoS army has contributed to an uptick in the size and scale of recent DDoS attacks. (We’re not sure if an IoT botnet was what took down Dyn this morning, but it would be a pretty good guess.)
Gizmodo points a prior post — which we linked in the Post of the Day previously — by Bruce Schneier, Someone Is Learning How to Take Down the Internet:
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses….
Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.
The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attack. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.
Taking down the electric grid used to be our big worry. And it still is.
But taking down the internet would be just as paralyzing. The only thing preventing huge devastating cyber attacks by the major state actors is the same old concept of mutually assured destruction.
But what if a state actor isn’t involved. Wikileaks sent out this curious tweet:
Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point. pic.twitter.com/XVch196xyL
— WikiLeaks (@wikileaks) October 21, 2016