The internet is under siege. On October 21, 2016, a massive distributed denial-of-service attack was launched against the company Dyn, whose servers play an important role in monitoring and rerouting internet traffic. This distributed denial-of-service attack relied upon hundreds of thousands of internet-connected devices – including cameras (webcams, CCTV cameras), baby monitors, thermostats, and home routers – infected and co-opted, without their owners’ knowledge, with the Mirai malware that commanded them to overwhelm Dyn’s servers with internet traffic.

The attack came in three waves throughout the day, rendering many websites inaccessible throughout most of North America and parts of Europe.

This incident represents yet another troubling case of attacks against the internet itself instead of a website. And no one knows who is responsible.

A distributed denial-of-service attack, or DDoS, involves hackers flooding a target’s servers with so much internet traffic that it either slows or shuts down the targeted website. Although these kinds of attacks are relatively common, there are some significant shifts in their capabilities and targets.

First, DDoS attacks are becoming more sophisticated and powerful in their technical abilities, processes, and impacts. Second, DDoS attacks are now commandeering internet-connected devices, from DVRs and game consoles to lamps, for their botnet armies marching malicious traffic towards their targets. This co-option of internet-connected devices is a troubling new development due to their sheer numbers and diverse kinds, their relatively weak security features, and their access to high internet bandwidth connectivity. Third, DDoS attacks are increasingly targeting core internet infrastructure providers instead of websites.

Over the past couple of years, there have been carefully calibrated assaults and aggressive probes against companies like Dyn, and thus by extension the internet, to determine precisely what it would take to disrupt their operations and cripple the internet. According to Dyn’s chief strategist, Kyle York, his company and other companies that host and run the internet’s main infrastructure have become targets for a growing number of more powerful attacks. He notes that “the number and types of attacks, the duration of attacks, and the complexity of these attacks are all on the rise.”

Indeed, targeting companies can cause much more serious damage than aiming at a particular website because they can undermine the very internet itself. These continuing attacks are revealing the fragility and vulnerability of the internet’s core parts.

Some people are theorising that someone is trying to figure out how to shut down the internet

Computer and information security specialist Bruce Schneier also warns of the increase of attacks against the internet’s core infrastructure providers. He states that “these attacks are significantly larger than the ones these companies are used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.”

Whoever is responsible for these attacks wants to break the internet.

Breaking the internet necessarily requires targeting companies like Dyn. For example, Dyn is one of the companies that hosts the Domain Name System, or DNS, which functions as the internet’s address book that facilitates requests to specific websites. It can be considered as a kind of switchboard. It takes one from a browser bar or search result to a website. Whenever one types a web address into a browser, or clicks on a link, the DNS ensures that they arrive at the intended virtual location seamlessly.

Thus, when the massive distributed denial-of-service attack took down Dyn’s servers, browsers and links were unable to find the specific websites. They could not figure out where to locate the intended information to load onto the screen. This attacks shows just how critical DNS, and other such crucial infrastructure, is to a stable and secure internet. Although attacking internet infrastructure has always been a possibility, the Dyn case turned it into a reality. But seemingly, up until the Dyn case, it has been taken for granted. For instance, according to Richard Meeus, vice-president for technology for the network security firm Nsfocus, the internet’s infrastructure and “DNS has often been neglected in terms of its security and availability. It is treated as if it will always be there in the same way that water comes out of the tap.”

Indeed, the attack on Dyn represents an escalated era of cyberattacks because of the scale of its disruption, its simultaneous emanation from different points, and its use of internet-connected devices.

To begin, the use of internet-connected devices in cyberattacks is particularly troubling because there are so many, are very diverse, and have weak security features. The US Department of Homeland Security, in fact, recently issued a warning about these internet-connected devices being hijacked for attacks.

Moreover, according to Schneier, there are “a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.”

Indeed, these attacks point to a bleak future of even greater ones that could result in more extensive and permanent crippling of critical internet infrastructure or perhaps even the internet’s complete shutdown. According to a recent report by Verisign, a registry for many domain names, there was a 75 per cent increase of such attacks against these kinds of companies between April and June of this year, compared with the same period last year. These attacks were more frequent, extensive, and sophisticated – in fact, it is estimated that the typical attack has more than doubled in size and impact.

Further, the attack on Dyn emanated from multiple points. The attackers, whoever they may be, are also simultaneously using different methods to attack, such as using internet-connected devices, making them more challenging to stop since the target must employ all of its defences. Schneier, the computer and information security specialist, states that “the more attack vectors you employ simultaneously, the more different defences the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defence capabilities for the attacker.”

Further, the fact that no one knows the attacker, or attackers, compounds the worry over these increasing cyberattacks. According to Rob Reynolds of Al Jazeera, “we still don’t know who is responsible for this attack. But it certainly seems to be an attack that took coordination and possibly a lot of resources. So this is not some teenaged kid in a basement somewhere hacking for fun. The purpose behind their attack is also very vague since nothing was stolen. It was just disruptive, so some people are theorising that someone is trying to figure out how to shut down the internet.”

It is often difficult, sometimes impossible, to be able to attribute cyberattacks to a clearly identifiable culprit. Even when there are strong indications that a cyberattack may have emanated from a certain source, the existence of hard evidence remains elusive. This inability to attribute blame often engenders many conspiracy theories, many outlandish but some plausible. In the Dyn case, for instance, there are conspiracies that it was the Obama administration attempting to disrupt the internet to distract Americans from the recent presidential election campaign or ensure that people would not be able to read the leaked Hillary Clinton e-mails on Wikileaks.

The Russian government appeared to actively interfere in this election cycle

While this suggestion may be one of the outlandish conspiracies, there are more plausible suggestions that such attacks are coming from or sponsored by a powerful state actor like China or Russia. Schneier, the computer and information security specialist, argues that, while the culprits remain unknown, it nevertheless “feels like a large nation state. China or Russia would be my first guesses.”

Although it currently cannot be proved, the Russian suggestion is plausible, considering the contentious role that Moscow played in the recent US presidential election. The Russian government appeared to actively interfere in this election cycle. For example, the hacking and leaking of e-mails and other data of the Democratic Party president nominee Hillary Clinton, along with other top Democratic Party leaders, allegedly emanated from Russia.

The issue even featured in the final presidential debate in which Clinton highlighted the unanimous assessment of US intelligence agencies which, she stated, “all concluded that these espionage attacks, these cyberattacks, come from the highest levels of the Kremlin.

“And they are designed to influence our election.”

Further, Washington apparently intends to respond in kind. Referring to Russian President Vladimir Putin, the American Vice President Joe Biden stated that the US is “sending a message: we have the capacity to do it. He’ll know it. It will be at the time of our choosing. And under the circumstances that have the greatest impact.”

It is perhaps not a coincidence that this spectacular attack on Dyn occurred during this election season. Some analysts argue that this apparent interference by Russia in the American president election signals a new development in the role that State sponsored cyberattacks are likely to play in the future. Although it could be argued, from a security standpoint, that the US cannot avoid sending some kind of response to this interference, the concern is that it could lead to a vicious cycle of escalating retaliatory attacks and maybe more serious disruptions to the internet.

Preventing these cyberattacks is complicated. It seems as though each time a security company develops new ways to protect companies like Dyn, hackers develop new ways to attack. Even attributing blame or identifying an attacker, or attackers, is so complicated that it is arguably nearly impossible. These cyberattacks, meanwhile, are becoming increasingly persistent, pernicious, and problematic. There are dire warnings that even greater attacks that could more extensively cripple critical components of the internet or even completely shut it down, are on the horizon. Indeed, the internet, as we know it, is more fragile than we realise and more vulnerable than ever.

Marc Kosciejew is a lecturer and former head of department of Library Information and Archive Sciences at the University of Malta.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.