The internet is not invulnerable.

/The internet is not invulnerable.

And someone is learning how to take it down.

Remember also this post predates the big IoT-launched DDoS that took Dyn offline, which in turn impacted most major US-based websites. Remember also that current thinking is that the Dyn attack was performed by kids, not by professional hackers or by a fully resourced nation-state.

If you were alive in the 1990s you may remember one of the big original selling points of the internet was that it was supposed to be “self-healing”. That is, its infrastructure is distributed enough that, in theory, no one entity should be able to offline it by targeting one other entity. That was the whole original point of the thing; it was a military network that was supposed to be immune to the whole “bomb the datacenter, kill the comms” attack.

The internet is not like that any more. Not because of the underlying protocols–it certainly could be run that way1–but rather because of corporatisation and the consolidation of service providers, from ISPs to services like Dyn.

This is what happens when you lose the Open Web.

We haven’t seen The Big Attack yet. But we will…

  1. And on some layer still is. If you’ve seen that “sharks attack the internet” headline, what happens is the sharks bite through the undersea cables, and internet traffic suddenly has to get re-routed through a different cable. The net result is everyone’s internet goes a bit slower in a few specific instances, but it doesn’t go down. ^
2016-11-23T08:19:07+00:00 28th November, 2016|Tags: infosec|Comments Off on The internet is not invulnerable.