In case anybody hadn’t noticed, the internet is very vulnerable
Yesterday’s DDoS attacks on key US internet infrastructure made one thing clear: since its supposed origins in the 1960s as a distributed and thus resilient military network, it has take five decades to find relatively simple and inexpensive ways to topple it.
From a European standpoint, yesterday’s attacks were apparently no big deal: Medium remained up and running the whole time, and my Spanish homepage was difficult to access for about two hours, a problem I accepted philosophically knowing that the causes were nothing to do with my server and that there was therefore nothing I could do about it. But the map of the attacks, which caused access problems on sites like Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud or The New York Times, among others, along with its modus operandi, attacking DNS servers, makes it clear that it was trial run that someone is carrying out with the intention of pulling a kill switch that would close down the internet.
The attacks were actually foreseen by Bruce Schneier: a month ago the US researcher warned that somebody out there was working on a way bring down the whole internet. He linked this learning process with attacks on the page of another US researcher specializing in security, Brian Krebs.
Schneier has been warning about this since 2014: the exploitation of vulnerabilities not in computers, but in devices connected to the so-called internet of things such as digital recoders, cameras, baby monitors or home router devices.
We know two things about the attack: it was probably the highly vulnerable devices made by Chinese company XiongMai Technologies sold throughout the world that were used to carry out DDoS, and secondly, the malware used to coordinate these devices was Mirai, the same as in the Brian Krebs attack.
Tracing the origin of the attacks will be hard. They could just another escalation in the cyberwar between the United States and Russia that Vice President Joe Biden has referred to in statements saying there was proof the government of Vladimir Putin was behind the attacks on the Democratic National Convention and the disclosure of Hillary Clinton’s emails; or they could be something completely different, such as retaliation by Wikileaks supporters in response to the Ecuadorean government cutting Julian Assange’s internet connection at its London embassy…
Whoever is behind it, the idea that something mankind has become very dependent on could be toppled is deeply unsettling. What’s more, there is no Plan B. No, we are not talking here about a little anxiety from not being able to check Twitter… we are talking about not being able to pay anywhere, not having access to any contents, having problems in coordinating the most basic and primary services, communication breaches… genuinely hard problems. The world as we know it today works over the internet.
Of course all this could have been avoided by taking a few basic precautionary measures: the stability of the internet is now at risk because a few irresponsible companies sell goods to people who have no idea about how to protect them. What did we think was going to happen?
(En español, aquí)