Web Application Security

Who Would Want to Take Down the Internet?

This is a question I often ask in response to those sounding the alarm that “hackers” can take down the Internet and that we all should be very worried. This is a warning I’ve seen consistently for years ever since The L0pht told the U.S. Congress they could take down the Internet in about 30 minutes. I’m not about to disagree with The L0pht’s claims, maybe they and others can, but more importantly I fail to see the motivation for why they, or anyone else fitting their profile, would want to. Interestingly enough, there is only one particular class of attacker where it would make sense to take down the Internet.

To break this down we’ll use Mikko Hypponen’s TED talk as a framework. Mikko did a fine job categorizing and articulating the three main types of online attackers. They are cyber-criminals, hacktivists, and national-state. While the hacking techniques they use might be very similar to each others, each group has a unique set of motivations that drive their actions.

Hacktivists, such as Anonymous, LulzSec and others are among those who leverage hacking skills as a means to promote a social or political message — a form of protest if you will. A hacktivist might deface websites, publish stolen sensitive data, perform targeted Denial of Service attacks, but by enlarge their agenda does lead them to take down the Internet. Quite the contrary. If hacktivists disrupted the Internet, they also couldn’t spread their message, nor could others receive it and join the protest. Not to mention hacktivists are notoriously heavy supporters of the Internet, a free and open Internet.

Cyber-criminals, all they want is to make money. As much money as they can get their hands on. Cyber-criminals will hack their way into online accounts, directly or via compromised end-user PCs, and steal whatever money and data of value there is. Cyber-criminals also may Denial of Service a website to extract some extortion money, but just like the hacktivists, taking down the Internet would only obstruct their ability to profit. If the Internet went down, it would actually cost them money as they would not be able sell access to their botnet farms.

This leaves us with national-state, a type of online attacker that is government backed, whose mission is the theft of intellectual property, intelligence gathering, and surreptitious command-and-control over as many critical systems as possible. National-state hackers would also not seem to want to take down the Internet because it would directly prevent them from continuing their mission, especially when their targets are other countries. They’d lose their surveillance capabilities. However, there are exceptions here, two very particular scenarios where national-state and taking down the Internet makes sense.

In the first scenario, a national-state attacker would take down an enemy countries Internet access as part of an active and kinetic military conflict. The Russia v. Georgia conflict back in 2008 serves as a good example. Russia was accused of attacking Georgian government websites in a cyber war to accompany their military bombardment.

In the second scenario, when national-state enemy is domestic in origin (i.e. the people), then taking down or severely limiting Internet access for the entire country can be used to suppress citizen dissent. There are reports of this having occurred in Egypt and Iran — massive surveillance, disruption of communication, and censorship.

So when you get right down to it, the only attacker with motivation to “take down the Internet” is government backed. Then in one of the two scenarios, if your Internet goes down your government will be responsible. For myself, as one always considering the most pressing day-to-day threats to Internet security, I’m less concerned if the Internet can be taken down, but what happens when it stays up.

  • Colin

    Great post — however, one thing that needs to be considered is that these assertions assume that there are no alternative internets that don’t use big-I Internet infrastructure. If a hacktivist group were able to stand up an alternative network for command and control, they could safely take out the Internet while still being able to coordinate their attacks; if governments or militaries stand up an alternative network for internal use, the detente of mutually-assured destruction breaks down. (Indeed, the old saw goes that the Internet itself was designed to work around interruptions in its circuit-switched predecessors in the event of wars that destroyed them.)

    Not to disappear too far into the rabbit hole, but I could imagine that there are discussions about “continuity of network” in the event of war going on behind the doors of the Pentagon and White House right now, and there might even be some interesting arms control questions raised by the prospect in the coming years (is the ability to communicate in the event of Internet compromise a matter of tactical superiority?)

  • Andrew

    … not to mention that government does not need a hacker to take down Internet when national-state enemy is domestic in origin

    That leaves just one option

  • jouser

    Mikko Hypponen omitted one type of attacker: script kiddie (cyber-criminals, hacktivists, and national-state). Otherwise how do you categorize the pre-adolescent punks running around defacing or deleting data for the lolz ? I’ll admit this category is shrinking but I’d argue they’re not promoting any social or political message.

  • http://websec.rooted.pl Dawid Skomski

    Good point, there is nothing to worry about taking down the Internet.

    I like to read your posts, they remember me RSnake blog – it is pros 🙂

    Keep going