Cybergeddon – Who Would Kill The Internet And How Could They Do It?
“Cybergeddon” is a real, if unlikely, threat but who would want to carry out such a monstrosity anyway?
Cybergeddon. That beastly neologism was supposed to be the basis of discussion during a panel debate at the ever-charming Imperial War Museum this week. Yet despite its apocalyptic overtones, it was clear the very definition of a cyber disaster was not the same in everyone’s eyes.
Rather than talking about cataclysmic cyber scenarios, much of the talk was devoted to more plausible, but therefore far less interesting, security incidents. Keeping passwords safe is admittedly rather important, but it won’t make many movie scripts. But a virus infecting software that runs a nuclear power station and subsequently makes it blow up? Ah, it brings back memories of a young Sandra Bullock, messing around with floppy disks in The Net.
What is clear, however, is that cyber disasters, even ones that have a kinetic result (i.e something exploding) can and most likely will happen at some point in the future. It just depends on what form they will take, and whether they will come about as a result of an attack, or from error, be it human or machine made.
Smashing up the Internet
The Internet could indeed be completely destroyed. But that’s akin to saying everyone could die in the next five minutes. There is a possibility that will happen, but it is extraordinarily unlikely. Apologies if you cark it in the next four minutes and 55 seconds.
In terms of how one could dismantle the Internet completely, there are various ways. First, you could simply cut all the physical wires that connect everything up. Let’s not forget that the Internet is not some mystical thing – it all works by sending signals and currents over wires that eventually connect up, via various steps, to a machine with a browser. It’s not some nebulous thing. It is no cloud. Cut enough wires, you kill the Internet.
Back in 2008, some nine undersea cables were severed, taking out a load of connections in Egypt. It was reported that 1.7 million Internet users in the UAE were affected too. Given that it’s believed some 90 percent of Internet traffic goes through undersea cables, any criminal genius with a submarine equipped with a rocket launcher could cause serious carnage, possibly even a cybergeddon. They would have to move very fast, as companies are employed to regularly repair cables. So a fleet may be required, or you could just dig up the cables as they come up on shore and take an axe to them…
That would cripple the global Internet, smashing financial systems that rely on high-speed global communication and preventing people from communicating over the Web. To completely wipe it out, however, you’d also have to hit each nation’s internal networks and the data centres that people’s data passes through (a handy list of some major facilities can be found here). That would either require some more extensive cable cutting, or possibly using an EMP weapon in various locations (e.g. ISP server farms, exchanges) to disrupt connections.
What about knocking out the 13 DNS root servers that run the Internet? The idea has been mooted in the past, but it’s time to bust a myth on this one. There aren’t just 13 physical servers that you can take out, either by overloading with traffic, infecting or simply smashing to pieces, that would subsequently destroy the Internet as we know it (remember the DNS looks up IP addresses from URLs like techweekeurope.co.uk, so directly typing in IP addresses would still take you to a website).
Even Brian Krebs, noted security writer, started something of a scare when he tweeted about distributed denial of service (DDoS) attacks taking out nine of the 13 DNS servers. It turned out that he was looking at data from 2002. It was a little booboo but highlighted that even the most clued up people don’t realise that there aren’t really just 13 root DNS servers. If all of those 13 were hit, the system would most likely still struggle on. There are numerous replicas which would carry out the job in place of them.
But if you can find all the places where DNS root servers failover to (and you can find a list to start with here), that consumer-friendly side of the Internet would be no more. Great idea, Dr Evil.
Who would live in a mind like this?
So yes, with enough weaponry, personnel and capability, as well as a large slice of crazy cake, you can destroy the Internet. It’s close to infeasible, but it’s possible. But the other big question is: who would want to carry out such an infernal plan?
Not cyber criminals, Fred Piper, cryptographical legend and Royal Holloway professor, tells TechWeekEurope. They need the Internet to stay up as much as anyone. “How else would they extort people?” Piper asks.
Governments too also need it to stay up, given it’s the basis of financial systems that keep the economy ticking, amongst other slightly important things, like smart grids and communications systems.
Who else then? Terrorists? Potentially, but there has been little evidence they are carrying out sophisticated attacks, using custom-made, classy malware to harm their enemies, let alone chop up cables and blow up data centres. They also need the Internet to spread their message to Western nations. They send out various English language magazines with Jihadist sentiment, such as the Inspire digital magazine, calling for death to the infidels.
Religious fanatics with extreme cyberphobia? Possibly, although to remain true to their beliefs they would have to stick to offline attacks. It’s also highly unlikely a crazy person could amass enough funds to carry out a serious campaign. There aren’t any mad, hyper religious rich people in the world anyway, right?
All of the above groups may have some interest in killing the Web, but it’s either too important for them to let that happen, or they don’t have anything close to the ability to do so.
Mass destruction
But mass cyber destruction, the panel argued, is far more likely than any global collapse, and could take many forms. Entire countries can be shut off from the Internet – it has happened in Syria twice this year.
The cause of those outages appears to be internal, rather than the result of external malicious action (although never rule anything out). Yet there have been cases where an entire nation’s Internet has been brought to its knees by malicious outsiders.
In 2007 in Estonia, a country proud of its advanced Internet infrastructure, where almost all bank transfers are done online and voting is very much virtual, botnets took over, clogging up pipes across the country and causing it to come to a grinding halt. It was one of the most epic DDoS campaigns ever carried out, and possibly one of the first cases of cyber war, although it remains unclear who carried out the attack.
Did the Russians sponsor it? No-one has given a definitive answer, but proud Russian citizens were blamed rather than a military-led offensive. A student was arrested, but it was clear he wasn’t acting alone.
Russia was again implicated a year later. Georgia claimed a number of servers had been smashed offline by DDoS hits during real-world military engagement. It appeared citizens were behind the hits again, but it would come as little surprise if they had the backing of officials back at the Kremlin.
The other likely form of “cybergeddon” is destruction of critical infrastructure, caused by malicious software. Again, with Stuxnet, believed to be the work of the US and Israeli governments, this has been shown to be possible. It managed to turn centrifuges carrying out uranium enrichment, reportedly setting Iran’s nuclear ambitions back by two years. “We’ve seen a lot of things over the last 24 months that should be a wake-up call for us around critical infrastructure,” warns Blue Coat’s chief security strategist Hugh Thompson.
As it has been in every arms race, nation states are the key players. When it comes to localised cybergeddon, governments will very much be the main players again.
Like some Kubrickian comic nightmare, of course, a human or network-based error could bring the Internet crashing down, at least from the DNS perspective, says co-founder of information security group The Jericho Forum, Paul Simmonds. “I would see it being taken down by an inglorious cock up rather than by a state-sponsored attack.
“Systems are so complex these days, people don’t understand how they operate.”
Think you’re a security pro? Try our quiz!