Internet

Is Something Nefarious Probing the Entire Internet for Weakness?

If the entire internet were to suddenly disappear, we wouldn't just be plunged decades into the past. We'd probably find ourselves in the middle of a worldwide paralysis, with thousands of companies and billions of people suddenly robbed of something they never really learned how to live without. Could that ever even happen? Someone might be trying to find out.

According to Bruce Schneier, an expert on cybersecurity who has previously spoken to Popular Mechanics about topics such as infrastructure hacking and airport security, something or someone is slowly and systematically testing the limits of the systems that make up the very framework of the internet.

The weapon of choice appears to be Distributed Denial of Service (DDoS) attacks, in which actors with billions-strong armies of virus-infected "zombie" PCs (called botnets) direct torrents of internet traffic at their target until it collapses under the weight. If you visualize it, it looks something like this:

The little dots are incoming requests, and the paddle is the server darting around to deal with them and send them back. You can probably figure out which ones are legitimate, and which one are part of the attack.

DDoS attacks are not particularly exotic. Relatively small-time hackers with access to minor botnets will sometimes use them to take down sites for fun by just slamming them with as much traffic as their pet botnet can muster. But what's happening to the internet now seems much more considered and methodical.

Who would do this? Schneier, citing sources who spoke on the condition of anonymity, says China is a likely suspect, and that the scope of the project definitely suggests a state-sponsored actor. China's limitations on internet use within its own country is widespread and extreme, up to and including bans of all news media that is not state-approved. To the extent that the internet exists in China, much of it is unrecognizable from the internet outside.

It's hard to do more than just gesture broadly as the possibilities because, as Schneier notes, it's more than possible to disguise the true source of the traffic. But you can't disguise that it is happening.