Massive Cyber Attack On The Internet Underway; Is This A Probe? And, Part Of A Larger Strategy By A Nation-State, Terrorists, Others — To Launch A Cyber Pearl Harbor-Type Attack?
A massive denial-of-service cyber attack has been ongoing most of the day today – October 21, 2016 — shutting down about half of the Internet. The website, GIZMODO is reporting that popular sites such as Twitter, Spotify, Netflix, Amazon, Redit, etc., were included in this attack. And perhaps in a related development, while these sites were experiencing a ‘blackout,’ “a large, Distributed, Denial-Of-Service (DDoS) attack on the servers of Dyn, a major DNS host also occurred. This cyber attack was mainly affecting the U.S. east coast in the first part of the day stateside; but to then expanded to the U.S. west coast and Europe.
The U.S. Department of Homeland Security (DHS) issued a statement a few minutes ago, which said that the hack/s did not appear to be anything really sinister, or profound — but, appeared to be more digital mischief than something more sinister. Let’s hope this assessment pans out; but, we should also use it as a wake-up call — if we need one — that a Black Swan-type cyber attack is well within the possible as we move closer to 2017.
William Tutton, writing for GIZMODO, notes that “Dyn is investigating yet another[second] attack, causing the same massive outages experienced this morning — but this time affecting the U.S. west coast, and Europe. Mr. Tutton writes that it is “unclear how the two attacks are related;” but, noted that the outages have numerous similarities. Dyn is a Manchester, New Hampshire-based provider of Internet Infrastructure services, including managing DNS activity that connects a user to a website’s server.
David Gibson, Vice President of Strategy and Market Development at Varonis, told The Daily Mail Online that “like many of our aging technologies, DNS wasn’t built with security in mind. Unfortunately, DNS is a foundation technology for the Internet, that allows people to connect Internet resources with human names rather than IP addresses (think of them as Internet phone numbers), and when its vulnerabilities are exploited, attackers can do a lot of damage — computers don;t know which ‘phone number’ to call when you want to connect to a particular site, like Hacker News. DNS is one of the aging technologies the industry is struggling to update, along with one-factor authentication (password-only security), unencrypted web connections — the list is very long, and the stakes have never been higher. Many people and organizations are affected by today’s attack; and, by the email and file (e.g., video) leaks over the past few months,” Mr. Gibson said.
Someone Is Learning How To Take Down The Internet
Whether today’s cyber attack is part of a larger plan by someone (nation-state, terrorist group, etc.) to eventually launch a devastating, Pearl Harbor-type cyber attack is anyone’s guess at this point — but, it has to be considered. Cyber security guru Bruce Schneier wrote last month in the Lawfare blog, that “over the past year, or two, someone has been probing the defenses of companies that run critical pieces of the Internet. These probes,” he added, take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves; and, what would be required to take them down. We don’t know who is doing this; but, it feels like a large nation state — China and Russia would be my first guesses,” he said.
Of particular note, Dr. Schneier observed that, “some of the major companies that provide the basic infrastructure that makes the Internet work [sound familiar?] have seen an increase in DDoS attacks against them.” More worrisome, Dr. Schneier notes that “these attacks are significantly larger than the ones they’re used to seeing.” And he adds, “they last longer; they’re more sophisticated; and, they look like probing. One week, the attack would start at a particular level; and, slowly ramp up before stopping. The next week, it would start at a higher point, and continue. And, so on, as if the attacker was looking for the exact point of failure. The attacks are also configured in such a way, as to see what the company’s total [cyber] defenses are,” he wrote last month.
I sure hope our cyber forensic investigators can be certain that the cyber attacks today are more in the mischief category and not something much more worrisome. But, I am uncomfortable that we have reached the conclusion so soon that the attacks today are not part of a larger plan of mapping the cyber battle-space in preparation for a Cyber Pearl Harbor-type attack. How, can we be so sure. It would certainly be in a nation-state’s best interest to use/employ ‘private citizens/private cyber militias — so as to ensure plausible deniability; and, fool investigators into believing that what they’re seeing is not something else entirely.
Denial and deception (D&D) in the digital wilderness of mirrors is alive and well; and if one does not practice the elegant art of D&D themselves — then it is much, much harder to recognize when you are the victim of such a ploy — and, setting yourself up for a nasty strategic surprise., I also worry that today’s attacks could have been a diversion — drawing our attention to the sites that were attacked — while the real cyber thief’s, or worse — entered the digital backdoor and has left a ‘gift that keeps on giving.’ Or worse, a digital WMD that will cause a cascading failure across the entire network enterprise. Interestingly, if you read the unclassified Chinese literature on Unrestricted Warfare, China’s military does practice — at times — totally disconnected from any network. And, finally, Beijing last month, put into orbit, the beginning of an ‘unhackable,’ encrypted, quantum satellite constellation — a decisive advantage if Beijing successfully completes this ecosystem before we do — which seems likely at this point.
Whatever ground truth is here, we had better be looking for targets that could have been stealthily attacked today in an area that — purposely — had nothing to do with today’s targets. Focus our attention in one area — while the real attack was occurring elsewhere.
I am reminded of a brilliant, and successful deception operation that Hannibal reportedly used against the Roman Army. It is said that after years of pursuit, and countless defeats, the Roman Army finally felt they had Hannibal in a no win situation. He was reportedly pinned down and two passes blocked he and his Army’s only escape route. Otherwise, he would either be pushed into the sea — or, Roman commanders would continue to block both passes and starve he and his men to death. One pass was about half a football field wide, while the other was about a full football field in width. What did Hannibal do? He had his men tie straw around the horns of the cattle at night and then set the straw on fire and stampede the cattle towards the larger pass. When the Romans at the smaller pass saw the fire and movement towards their brethren at the other pass, they rushed to go and support their fellow soldiers. Hannibal it is said, was at the smaller pass all along; and, he and his men simply waited for the ruse and deception/diversion to work; and then, moved through the other pass unmolested; and, lived to fight another day.
I sure hope….we are sure of what the real cyber targets were today — and, we are not the victims of the equivalent of a Hannibal-type D&D cyber operation. V/R, RCP