[increment_i]

He suspects China or Russia as the likely culprit. What exactly rules out an American agent? Is it because American economic and social activity rely disproportionately on internet backbones more so than other state actors? If so, that would be especially interesting.

[wtracy]

It depends on exactly what services Schneier is talking about here, but an awful lot of the infrastructure of the internet is hosted in countries that the US armed forces have easy physical access to.

Even if a cyber attack were the "plan a" for quickly and untraceably taking those systems out, the US has an easy enough "plan b" that testing "plan a" isn't going to be a major concern. Add that to the fact that the US has a lot more to lose if it gets caught attacking internet infrastructure than China and friends do (even just tests like this) and I would be surprised (honestly not shocked, but definitely surprised) if the USA is behind these shenanigans.

Actually, if the US wanted to test something like this on a service in a friendly country, I would expect the NSA to approach the infrastructure company and say something like, "We're concerned that $enemy_of_free_speech may be planning an attack on your service, and we would like to wargame that scenario with you. What time(s) would an outage have a minimal impact to your bottom line?"

[rantanplan]

> Add that to the fact that the US has a lot more to lose if it gets caught attacking internet infrastructure than China and friends do (even just tests like this) and I would be surprised (honestly not shocked, but definitely surprised) if the USA is behind these shenanigans.

So can you give me the address of the rock you've been living under for the past 3 years?

[wtracy]

No, but maybe you can share some of the evidence you apparently have that the United States is actively trying to sabotage the world's communication infrastructure?

Sure, it throws its weight around when asking various social media platforms to censor certain types of content, and it has a no-holds-barred approach to intercepting data traffic, but it generally draws the line at knocking services entirely offline.

[rantanplan]

It creates, exploits and maintains vulnerabilities in public infrastructure that anyone else(state nation or similar capacity) can take advantage of.

> it generally draws the line at knocking services entirely offline

Well if you're gonna play the card "I'm reading a different Internet than you are", sure whatever.

[hackuser]

Following on what M_Grey says, I'd say beyond a doubt the U.S. military plans to take down any and all Internet infrastructure as needed as a contingency in war.

Remember the U.S. government has plans to effectively destroy the world with nuclear strikes as a contingency in war. Do you think they would hesitate to prepare plans to take down a data network? It's immoral? Unthinkable?

I'm not criticizing such plans. War is death and destruction, and the U.S. must be prepared.

The U.S., and all nations and citizens, also should do everything to prevent situations where war is the best remaining option. This requires sober, expert foresight in foreign policy and politics, anticipating 2nd-, 3rd-, and n-order effects, not emotional, knee-jerk ideology and amateur foreign policy.

[M_Grey]

This is exactly true. Military forces make plans for everything, then make more plans, then study the plans, practice them, and revise them. It's actually the single biggest activity of any military, day in, day out. We're not going to change that anytime soon either.

As you say, we need to be active as citizens in ensuring that either such a war never occurs (in which case lets be realistic, a loss of the internet is going to the prelude to mushroom clouds), or that conflict is minimized and if necessary, occurs through proxies. It's ugly, it's not the way we should do things, but it is the way we do things.

[AnimalMuppet]

Could the NSA do this? Almost certainly.

Could they make it look like China was at fault? Also almost certainly.

Would they? Well, they'd need a good reason. What would a good reason be? To hone their attack skills? Perhaps. (I would expect - though I have no proof - that many of the American pieces of internet-critical infrastructure are more hardened against attacks than many other countries' stuff, because the American stuff gets actual attacks more often. If the NSA can attack our stuff to the point of breaking, it can probably break other countries' stuff.)

Would the NSA do it to hone peoples' defensive capabilities? To show them what a real nation-state attack might look like? Also perhaps. (Or perhaps it could even have both goals.)

Would the NSA be in very deep trouble if they ever got caught at that game? Probably. Deep enough to get them to not do it? I don't know.

TL;DR: The NSA could be doing this. I'm unsure how probable I consider that option.

[a3n]

> What exactly rules out an American agent?

What exactly rules out America? NSA wants to see how an attack might unfold, or wants to see how to actually shut things down in case of insurrection, a coup, or pitchforks. Does some hard probing. Things get bad, and companies call in ... the NSA, who then get to do unfettered battle damage assessment.

[exolymph]

It would be profoundly stupid for the American government to take down the internet under normal circumstances, but then against it would be equally stupid for China or Russia to do it (again, under normal circumstances). But developing the capability seems like a good idea of the face of it.

That said, Schneier obviously has more information than he's currently sharing.

[SixSigma]

Taking down the internet and blaming it on China or Russia.

They are already trying to pin the DNC insider leaks on Russia. Clinton is threatening physical war for "cyber attacks".

Face value is worthless.

[WorldMaker]

Or vice versa? The internet relies disproportionately enough on American backbones/services that an American agency doesn't need to probe because it already has the keys, or at least the power switch?

[compiledAtBirth]

To think of the culprit of a potential action in terms of nationalism is weak logic, no offense to you or the author, of course, because the digital world transcends any national boundary more readily than virtually any other technology, thanks to its low energy overhead and high data throughput.

This internationalism amplifies the net's vulnerability, and when coupled with (as per the article posted a couple of days ago on the grid's susceptibility to overload and the resulting brown/black outs) the net's dependency on a huge infrastructure meshes quite neatly with those who don't give a shit who suffers as long as it's someone that might be responsible for their woes, so someone desperate enough to eradicate the bulk of digital information would likely be concerned with larger issues like debt, weapons manufacture, or something similarly transnational.

[mark-r]

Certainly the internet transcends national boundaries. But ask yourself the question, whose economy is most vulnerable to a disruption to the internet? How much of B2B commerce today relies on the internet? At a time of war, doing damage to the enemy's economy and way of life from thousands of miles away with no risk to people or equipment is a pretty powerful capability.

China in particular has been building their own parallel internet universe. If Google goes down, most of us are going to feel it - but not China.

[1_800_UNICORN]

I was wondering the same thing. My assumption would be that either:

1) The US has nothing to gain by taking down the internet infrastructure via malicious means.

or

2) The US has better access to these systems to take them out directly rather than forcing them down via DDOS attacks.

[rayvd]

I think both. This sort of thing would be extremely disruptive to our economy.

I have no doubt, however, that we likely have developed plans around this sort of thing in a defensive or response capacity.

[squozzer]

I don't think we should rule out the US, as they conduct defense drills all of the time.

In this case, they don't overtly control the assets under attack, but would still want to know how resilient our networks are "in the real world" -- not always as a "friendly" drill, a la Red Cell.

https://en.wikipedia.org/wiki/Red_Cell

[nickpsecurity]

Link to the videos next time:

https://www.youtube.com/watch?v=hWCX6IeBH7U

They'll learn a lot more from them. ;)

[oarsinsync]

Better still, link to both, as has happened here. People are often in situations where a wall of text is easier than a video, and vice versa.

[nickpsecurity]

Oh yeah, I agree. Correction accepted. I figured they'd like option to see it for themselves. :)

[Florin_Andrei]

> He suspects China or Russia as the likely culprit. What exactly rules out an American agent?

Well, a mere suspicion does not rule out properly anything. It's like a quantum wave function with a maximum of probability density on China, but non-zero values everywhere.

[thomnottom]

My guess would be that the American government has less reason to test what would take down some of these services. And not for benevolent reasons, but because they could more easily send in armed agents and simply unplug those services.

[M_Grey]

We've already shown that we can pretty effective destroy a country's infrastructure from the air as well, not just with explosives and incendiaries, but other clever tricks as well.

[PuffinBlue]

Such as...

[M_Grey]

Such as, for one example that's been used to great effect: https://en.wikipedia.org/wiki/Graphite_bomb

[PeterisP]

Yes, as you say, the possible motivation is very different.

In a cyberconflict escalation if it would come up to a possibility of disrupting core Internet infrastructure to (temporarily) disable most of Internet, it would be most likely for China or Russia to want this result and for USA/NATO to actually want the opposite.