Web Application Security

Who Would Want to Take Down the Internet?

This is a question I often ask in response to those sounding the alarm that “hackers” can take down the Internet and that we all should be very worried. This is a warning I’ve seen consistently for years ever since The L0pht told the U.S. Congress they could take down the Internet in about 30 minutes. I’m not about to disagree with The L0pht’s claims, maybe they and others can, but more importantly I fail to see the motivation for why they, or anyone else fitting their profile, would want to. Interestingly enough, there is only one particular class of attacker where it would make sense to take down the Internet.

To break this down we’ll use Mikko Hypponen’s TED talk as a framework. Mikko did a fine job categorizing and articulating the three main types of online attackers. They are cyber-criminals, hacktivists, and national-state. While the hacking techniques they use might be very similar to each others, each group has a unique set of motivations that drive their actions.

Hacktivists, such as Anonymous, LulzSec and others are among those who leverage hacking skills as a means to promote a social or political message — a form of protest if you will. A hacktivist might deface websites, publish stolen sensitive data, perform targeted Denial of Service attacks, but by enlarge their agenda does lead them to take down the Internet. Quite the contrary. If hacktivists disrupted the Internet, they also couldn’t spread their message, nor could others receive it and join the protest. Not to mention hacktivists are notoriously heavy supporters of the Internet, a free and open Internet.

Cyber-criminals, all they want is to make money. As much money as they can get their hands on. Cyber-criminals will hack their way into online accounts, directly or via compromised end-user PCs, and steal whatever money and data of value there is. Cyber-criminals also may Denial of Service a website to extract some extortion money, but just like the hacktivists, taking down the Internet would only obstruct their ability to profit. If the Internet went down, it would actually cost them money as they would not be able sell access to their botnet farms.

This leaves us with national-state, a type of online attacker that is government backed, whose mission is the theft of intellectual property, intelligence gathering, and surreptitious command-and-control over as many critical systems as possible. National-state hackers would also not seem to want to take down the Internet because it would directly prevent them from continuing their mission, especially when their targets are other countries. They’d lose their surveillance capabilities. However, there are exceptions here, two very particular scenarios where national-state and taking down the Internet makes sense.

In the first scenario, a national-state attacker would take down an enemy countries Internet access as part of an active and kinetic military conflict. The Russia v. Georgia conflict back in 2008 serves as a good example. Russia was accused of attacking Georgian government websites in a cyber war to accompany their military bombardment.

In the second scenario, when national-state enemy is domestic in origin (i.e. the people), then taking down or severely limiting Internet access for the entire country can be used to suppress citizen dissent. There are reports of this having occurred in Egypt and Iran — massive surveillance, disruption of communication, and censorship.

So when you get right down to it, the only attacker with motivation to “take down the Internet” is government backed. Then in one of the two scenarios, if your Internet goes down your government will be responsible. For myself, as one always considering the most pressing day-to-day threats to Internet security, I’m less concerned if the Internet can be taken down, but what happens when it stays up.