Two ways to destroy the web: hack it or cut it
It was a pretty formative time in the mainstream use of the Web, an exciting time to surf: content was being uploaded onto proto-websites . But impressively, less than a decade after the hypertext prototcol was knocked together, it was becoming an indispensable part of our lives.
.
I remember it perfectly; people were freaking out, businesses were panicking, pulling out their old fax machines and trying to remember how they worked. Commerce slowed down and communication chugged. It had only been a short while that AOL had worked its way into the fabric of our lives, but its absence was utterly devastating.
Oh how exciting.
I realised that day how vulnerable we had already become. What if the plug was pulled? What if the Web disappeared? What on earth would happen?
That was almost 15 years ago, and since that time, we have become even more invested in Web technology. It has become part of our lives in the most incredible ways. It is our commerce, our security, our health service, our politics. And that makes us - and the systems that keep social order - even more vulnerable.
There have been very few instances of nation-on-nation cyber attacks, but those that have occurred have hinted at the new possibilities for real disruption. There appear to be two pathways: the soft and hard attacks.
Here's an example of a nation-level soft attack: on 27 April 2007, Estonia's communication was that was alleged to be actuated by Russia. Angry at the removal of a Soviet war monument, Estonia's websites were bombarded with so many false requests from a botnet that they were offline for a fortnight.
I haven't heard about any hard attacks yet. By these, I mean attacks that do something physical to the systems. I do remember hearing several years ago about a carbon-based explosive that detonated above ground and rained carbon filaments onto circuit boards, jamming their connections and rendering the systems helpless. And then there was the , when a ship's anchor accidentally cut the offshore cables that connected the Middle East, Egypt and India to the Internet: that could foreshadow a method that someone might take to disable a part of the Web.
I'm interested in the safety features put in place: networks have work-arounds, of course, to cope with over-loads. But, like the four apocryphal locations in London that, if attacked, would disable the capital and bring down the UK, I wonder if there are any places the Web may be most susceptible.
After all, we rely so much on it, it would be a shame to lose it.
Let us know anything you've heard about potential weaknesses in the system. For example, are the a potential security breach? What about the Cloud, that memory system in the sky, that has in the past? Are there security guards patrolling the beaches where the Web comes onshore, or are we relying on the faith that we'd see any potential attackers if they got that close?
Let us know your theories (based on facts, of course) and we'll see if we can work them into the show.
Comment number 1.
At 18th Aug 2009, EnglishFolkfan wrote:I remember living through the Cuba crisis where, through my childish eyes, it seemed the fate of the world depended on the moral actions of 2 powerful men. Now it is my adult blind faith in the view that the scales of dependancy on the internet/www have tipped so far over into need we will find altruism, commercial gain and political power will unite to keep it from destruction.
Sometimes it is difficult to produce hard facts at short notice, but I very much look forward to hearing them from more knowledgeable sources too.
Complain about this comment (Comment number 1)
Comment number 2.
At 18th Aug 2009, wisepacket wrote:I tend towards scepticism when I hear reports of the web's imminent downfall. These don't seem to come quite as frequently as they once did - remember the succession of aspiring bogeymen that came and went (Sircam, Code Red, etc) in the first few years of the century? I also remember Steve Gibson's fears that Windows XP would create - probably a bit hysterical, in hindsight.
So the boy's cried wolf a few times; but can we count the lupine threat as non-existent? I don't think so.
in February 2008 was an example of the vulnerability of DNS propagation. In this case, a local blacklisting propagated to the world, leading to the temporary removal of one of the world's most popular sites. Could this aspect of the internet's structure be exploited?
Also, botnets have increased in sophistication. If you're unfamiliar with their power and scope, it's worth reading up on the Storm botnet, which reached its peak in September 2007. At its height it was 'intelligent' enough to people who tried to research it. Although Microsoft claim to have crippled Storm last year, more powerful replacements might one day emerge.
Today, I see the main threat to the web coming from something with Storm's power coming under the control of a group motivated by ideology rather than money. However the threat is being diminished by the slow erosion of Windows' monopoly - a more diverse computer ecology will make things harder for botnets of the future.
Complain about this comment (Comment number 2)
Comment number 3.
At 18th Aug 2009, Dan Biddle wrote:@Englishfolkfan 'we will find altruism, commercial gain and political power will unite to keep it from destruction. '
I suspect (and hope) you're right.
It's funny you mention Cuba in this context. I understand the web was (still is?) banned in Cuba, and that native and active Cubans created their own internet, intranet - or better yet - 'extranet', by transferring entire files, wikis and web pages .
This in some way a companion to @nevali's point on the previous blog post regards the internet principle as an adaptable feast.
Complain about this comment (Comment number 3)
Comment number 4.
At 18th Aug 2009, Mo McRoberts wrote:@wisepacket
One small correction: Pakistan鈥檚 accidental obliteration of YouTube was鈥攁s far as I know鈥攁n issue with poor BGP filtering, rather than DNS. DNS does have its (widely-known) flaws, but a Pakistani ISP would have had to try an awful lot harder than it did if it wanted to block YouTube for everybody by exploiting them ;)
The fact that NANOG folks were able to recover from the YouTube incident quite as rapidly as they did demonstrates quite neatly how the Internet works 鈥渂ehind the scenes鈥. It's about people working with other people with commercial and national boundaries mattering far less than they ordinarily would.
Take the 成人快手鈥檚 peering policy for example (and they鈥檙e by no means unique in their approach). They prefer _not_ to have a formal peering agreement, though will draw one up if pressed. Such things tend to get in the way of actually making the network work.
It鈥檚 worth remembering that the web, and e-mail, and even the assorted botnets out there are not themselves the Internet, just applications of it. Sometimes routes fail. Sometimes ISPs have insufficient redundancy in places where they really should. Destroying one particular application is relatively easy. Destroying the Internet less so; it'd require dismantling, piece by piece, and doing it more quickly than dissenters put it back together again. Good luck with that.
And yes, there are locations which鈥攚ere you a dirty terrorist鈥攜ou could plan a coordinated attack against. Certainly, you could make life difficult for one country鈥檚 Internet traffic for a while. Well-timed explosions in the right parts of Docklands, Manchester, Cambridge, Leeds and Edinburgh would have a pretty devastating effect. For a day or so.
Complain about this comment (Comment number 4)
Comment number 5.
At 20th Aug 2009, TimWintle wrote:I think the main issue here is probably a mental one within the population. People who know what they are doing (and have enough need to) would still be able to route traffic across the place through private networks where necessary. The military and financial systems being examples.
But to the average web user, an attack which stopped them being able to type in "google.co.uk" and get to a search engine would play quite a noticeable mental game - regardless of if it was only that one domain taken off-line by some kind of DOS attack.
Thus there is no single point of failure - every web server becomes a point for a mental attack on any country. And that's an awfully large amount of nodes that could be attacked.
Complain about this comment (Comment number 5)
Comment number 6.
At 20th Aug 2009, GaryGSCC wrote:The whole #whentwitterwasdown thing was interesting to watch? I don't condone hacking, but it was funny watching the Twitter equivalent of panicky headless chickens. I didn't even know that Twitter and Facebook had been brought to a halt until much later and I wonder how many other users actually missed the incident too? If Twitter or Facebook weren't as popular a site as they are would people care? Is it a case of "I'm alright Jack as long as it doesn't affect me." Would people really be interested that a Georgian blogger was being targeted if it didn't affect their daily fix of their favourite site?
Complain about this comment (Comment number 6)
Comment number 7.
At 26th Aug 2009, earthgecko wrote:There is more than one way to skin a cat. The Internet, like all evolutionary emergences is dependent on underlying systems. Electricity for one. Electricity is arguably the largest single point of failure on the Internet. However, should all electricity fail, the Internet would probably be low down on our list of priorities to restore.
Is it possible for all electricity infrastructure to fail.. it may be if you pay any heed to NASA and their report earlier this year on severe space weather.
One thing that is probably true is that over a long enough time line the Internet will fail. I would hazard when it does there is a high probability that it may fail due to some "unaccounted" for factor. Maybe the singularity will actually break it...
Complain about this comment (Comment number 7)
Comment number 8.
At 24th Jan 2010, Ralph Howard wrote:This comment was removed because the moderators found it broke the house rules. Explain.
Complain about this comment (Comment number 8)