Someone is Probing to Take Down the Internet, Warns Cryptographer

The pillars that provide the basic infrastructure of the internet are being probed by an unknown entity, probing for that point where the foundation cracks and the internet breaks.

The internet’s critical and underlying basic infrastructure is being probed by an unknown attacker who is – patiently – looking for vulnerabilities, revealed cybersecurity expert and cryptographer Bruce Schneier.


A board member at the Electronic Frontier Foundation (EFF) and the Tor project, Schneier is also the chief technology officer at Resilient, a cybersecurity firm recently acquired by IBM.

In a blog post, Schneier states that some of the companies that run “critical pieces of the internet” are being probed by an unknown quantity, with “precisely calibrated attacks.”,

Much like raptors did fences on Isla Nublar, these attacks are systematic and well-planned, seeking to understand the defenses employed by these vitally important companies.

“These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down,” Schneier wrote.

DDoS Disruptions

While Schneier did not disclose the companies – whom he spoke to in the condition of anonymity – he did reveal the attacks occurred in the way of distributed denial-of-service or DDoS attacks. While this form of attack isn’t anything new, Schneier revealed that the companies are seeing a changes in the way these DDoS attacks are being carried out. Not only are these attacks larger in bandwidth, they are also longer. They’re sophisticated and more notably, they’re probing.

He wrote:

One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

In speculating, it’s possible that the companies Schneier is referring to include registrars (the companies that provide domains like .com etc.) and DNS providers.

DDoS flood

Schneier’s findings are in line with a DDoS trends report [PDF] by Verisign, the registrar for domains such as .com and .net. If Verisign is taken down, your favorite websites and even your emails are likely to stop working.

Furthermore, one of the companies even revealed that – in addition to DDoS attacks – intrusions that attempted to modify and manipulate internet addresses and tunnels, were also discovered. Again, to test the company or its security defense’s response times.

Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.

No Mischief Here

Schneier looks beyond activists and cybercriminals as the instigators of these systematic and calibrated attacks, pointing instead to the forces of cyberespionage. Such capabilities are, as history shows, possessed by the likes of China, Russia, North Korea and the United States, among others.

He wrote:

It feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

If the assertion does come true someday, the world could see an unparalleled blackout that could disrupt the way we live in the present day, to the very core.

And what can we do about it?

“Nothing, really,” Schneier added.

Nothing until we are aware and talking about it and do some probing of our own to look for that unknown intruder.

Images from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.