Someone is learning & practicing how to take down the Internet

This is serious and genuinely alarming.

Bruce Schneier is the Chief Technology Officer of Resilient, an IBM Company, a fellow at Harvard’s Berkman Center, and a board member of Electronic Frontier Foundation — an organization defending our rights in the digital world.

In a blog post, Schneier sounds the alarm that in the past year, the websites of major companies that provide the Internet’s basic services repeatedly have been attacked, each time more sophisticated than the last, which suggests “someone” is practicing how to take down the Internet by learning from the companies’ defensive moves.


Below is Bruce Schneier’s blog post of Sept. 13, 2016, “Someone is Learning How to Take Down the Internet“:

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it’s overwhelmed. These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attack. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.

I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there’s a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn’t have the level of detail I heard from the companies I spoke with, the trends are the same: “in Q2 2016, attacks continued to become more frequent, persistent, and complex.”

There’s more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.

Who would do this? It doesn’t seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It’s not normal for companies to do that. Furthermore, the size and scale of these probes — and especially their persistence — points to state actors. It feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

What can we do about this? Nothing, really. We don’t know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it’s possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the US decides to make an international incident over this, we won’t see any attribution.

But this is happening. And people should know.

A reader of Schneier’s blog-post, Random Guy 17, wrote this interesting comment:

“An attack on a service is best done by an attacker that doesn’t need that service. You don’t pull the plug on the power company that supplies your own home/business.

With that in mind, a closed, not highly Internet enabled country makes the most sense- like China.”

Other commenters warn that it may be the U.S. government, e.g., the NSA, doing the attacks — to find the Internet’s weaknesses (in order to better defend it), or more malevolently, as bargaining chip for more money allocated to cyber-security.

It doesn’t help that in two weeks, on October 1, control of the Internet — specifically, the Internet Corporation for Assigned Names and Numbers (ICANN) — will pass from U.S. administration to a multilateral body, most likely the United Nations International Telecommunications Union (ITU). (Breitbart)

H/t ZeroHedge and FOTM’s Will Shanley

UPDATE (Sept. 20, 2016):

Rhett Jones reports for Gizmodo, Sept. 11, 2016, that two 18-year-old Israelis — Itay Huri and Yarden Bidani —  have been arrested “in connection with an FBI investigation into vDOS, a cyberattack service that has been credited with perpetrating ‘a majority’ of the DDoS attacks over the last few years.

The following evidence pointed to the Huri and Bidani as the perpetrators:

  1.  Their vDOS service refused to attack Israeli sites in their “home country”.
  2. vDOS was hosted on a server that was traced back to Huri.
  3. SMS notifications pointed to both men.
  4. Huri and Bidani had co-authored a technical paper about DDoS attacks that was published in Israeli security magazine Digitals Whispers.

According to security blogger Brian Krebs, the vDOS site has reportedly raked in $618,000 (£465,835) for its services in two years.

According to Israeli news site The Marker, both men were arrested, then released on $10,000 bonds and placed under house arrest. Their passports have been taken away and they are forbidden from accessing the internet or any other telecommunications equipment for 30 days. It’s unclear if the two men will be extradited to the U.S and formally charged.

It is also unclear if Huri and Bidani are the perpetrators of the increasingly sophisticated DDoS attacks addressed in this post.



20 responses to “Someone is learning & practicing how to take down the Internet

  1. Professional hacks will help keep it online! They would stand to lose a lot of money if they totally shut it down!


  2. His damn dictatorship attitude is getting old! I am sick of that (^&^)^$#
    Obama administration backs plan to relinquish Internet control

    I think these internet Providers will be fighting back:
    Time Warner
    and I am sure the list goes on and on.

    Liked by 1 person

  3. Pingback: Someone is learning & practicing how to take down the Internet — Fellowship of the Minds | kommonsentsjane

  4. William Brandon Shanley

    My first guess at the attacker: the NSA.

    Liked by 4 people

  5. I agree, it is NASA, and making it look like Russia. Our Dear Leader and his handlers will do anything to poke the Russian Bear, because his legacy depends on an all out war or martial law. Besides, they cannot let Trump win. Interesting times we live in.

    Liked by 3 people

  6. Matthew H Stevenson

    Your black helicopters await…a whole fleet of ’em.

    Pick one and hop on


  7. Houston we have a enormous problem unless the law to goes into effect Midnight Sept 30 does not for whatever reason.


  8. William Brandon Shanley

    Who would be attacking the Internet with Denial of Service Attacks? My guess is the same lunatics that have had copies of Hillary’s emails all along and EVERYTHING else: the DOD’s NSA, the National Security Agency: the out of control, signals intelligence spy that has Quantum computers and it’s own air force!

    Liked by 3 people

    • Qui bono? NSA taking down world commerce? Hardly. China, taking down its major markets? Hardly. Russia, risking overwhelmingly massive retaliatory DDofS? Hardly. Blackmail fits, however, and in that case, supposing these probes are malicious, the presumptive culprit is our dearest and closest ally in the whole universe that, in any case, is automatically fed, or had been fed, raw feeds of all NSA data streams.

      Liked by 2 people

  9. This is why goobermint should have no control over the Internet whatsoever.

    These incompetent boobs can’t even stop a bunch of ass-backward 7th Century illiterates from carrying out attacks inside this country anytime they feel like it.

    Liked by 2 people

  10. It’s Mossad! It’s Mossad, don’tchaknow! 🙂 (I never believe the China/Russia stuff anymore.) Either way, STOP IT whoever is messing with our beloved internet!

    A few years ago I found Bruce’s blog somehow, & was reading it for a brief period, mostly a bunch of techie guys talking in the comments, & definitely mostly over my head. As usual, being an incurable cynic, I was thinking, What if this guy, who has all the “right” connections, is leading everyone in the wrong direction re all this cyber security stuff? And he’s Jewish to boot, lol. About that same time period, he posted this:

    Can I Be Trusted?

    Whaaaat? He was reading my mind! I laughed & was spooked at the same time. Of course he filed it under “humor” as it was some other site that had posted the original question online as to whether BS could be trusted, so he thought it was a big joke.

    Liked by 1 person

  11. Just saw this in the comments section of

    I wonder if these are the ones Bruce is talking about?

    9/11/16: Israeli Teens Arrested In Connection With ‘Majority’ of Recent DDoS Attacks:
    Two Israeli eighteen-year-olds have been arrested in connection with an FBI investigation into vDOS, a cyberattack service that has been credited with perpetrating “a majority” of the DDoS attacks over the last few years.

    (Full story at above link.)

    Liked by 1 person

  12. His name is Bruce Schneier, not Schneider.
    Schneier is good, but a cryptologist, not a networking expert.
    He overstated the problem.
    Read the comments.

    Liked by 1 person

  13. Sorry for being late on this….I meant to comment but life gets in the way.
    I wanted to ask….Is the “perp” Al Gore? After all…….he “invente” the internet. I thought, maybe he wants to “take it back.”

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s