An Internet joke that goes back at least to the early 1980s consists entirely of the phrase: “Imminent Death of the Net Predicted!”
Every year, even more often than you’d hear “This will be the year of
the Linux desktop!” someone would predict that the Internet was going to
go to hell in a handbasket and nothing happened. This year it’s my
turn, but I fear I’m going to be proved right.
Here’s why.
Take a good look at what happened to the Internet in 2014. In February we saw the biggest distributed denial-of-service (DDoS) attack of all time. It hit a high of 400 gigabits per second (Gbps). That’s more traffic than the total Internet bandwidth of a small country.
In October. Akamai reported that in the previous quarter it alone had defended its customers, against 17 DDoS attacks flooding targets with traffic greater than 100 Gbps, with the largest topping out at 321 Gbps.
And, as every Xbox and Sony PlayStation gamer knows, Xbox Live and the PlayStation Network were knocked out for about 72 hours during the Christmas holiday weekend by DDoS attacks.
Who thinks we’ll see a petabit-per-second DDoS attack in 2015? I do.
An attack of that magnitude may come from hackers, such as Lizard Squad, going after gaming companies for reasons that will undoubtedly remain obscure. But I think it’s much more likely that it will come from a nation state.
Cyberwar is not just the stuff of science fiction. It’s already happened.
Russia has been accused of taking out Estonia’s Internet in 2007 and Georgia’s network in 2008. Richard Stiennon, principal at security consulting firm IT-Harvest, expects that if Russia decides to seriously attack Ukraine, Ukraine’s Internet would be Russia’s first target.
Meanwhile, North Korea has accused the United States of attacking its Internet. And, of course, before that the FBI had said that North Korea was responsible for the Sony intrusion.
Someone is going to pull the trigger on a truly gigantic DDoS in 2015. The only question is who.
How these attacks be made isn’t so mysterious. Attackers need only abuse long-existing problems in such basic Internet protocols as Network Time Protocol (NTP) and Domain Name System (DNS). We are running the Internet using decades-old technology, and we’ve been really, really lazy about upgrading it.
I have no doubt that other security holes are hiding in old, fundamental Internet protocol programs, and we’ll find out about them the hard way in 2015.
Finally, let’s not forget good old human error. Logins and passwords are also being swiped by cyber-crooks from companies all the time As former FBI director Robert Mueller said this summer, “There are only two types of companies — those that have been hacked, and those that will be.”
Here’s why.
Take a good look at what happened to the Internet in 2014. In February we saw the biggest distributed denial-of-service (DDoS) attack of all time. It hit a high of 400 gigabits per second (Gbps). That’s more traffic than the total Internet bandwidth of a small country.
In October. Akamai reported that in the previous quarter it alone had defended its customers, against 17 DDoS attacks flooding targets with traffic greater than 100 Gbps, with the largest topping out at 321 Gbps.
And, as every Xbox and Sony PlayStation gamer knows, Xbox Live and the PlayStation Network were knocked out for about 72 hours during the Christmas holiday weekend by DDoS attacks.
Who thinks we’ll see a petabit-per-second DDoS attack in 2015? I do.
An attack of that magnitude may come from hackers, such as Lizard Squad, going after gaming companies for reasons that will undoubtedly remain obscure. But I think it’s much more likely that it will come from a nation state.
Cyberwar is not just the stuff of science fiction. It’s already happened.
Russia has been accused of taking out Estonia’s Internet in 2007 and Georgia’s network in 2008. Richard Stiennon, principal at security consulting firm IT-Harvest, expects that if Russia decides to seriously attack Ukraine, Ukraine’s Internet would be Russia’s first target.
Meanwhile, North Korea has accused the United States of attacking its Internet. And, of course, before that the FBI had said that North Korea was responsible for the Sony intrusion.
Someone is going to pull the trigger on a truly gigantic DDoS in 2015. The only question is who.
How these attacks be made isn’t so mysterious. Attackers need only abuse long-existing problems in such basic Internet protocols as Network Time Protocol (NTP) and Domain Name System (DNS). We are running the Internet using decades-old technology, and we’ve been really, really lazy about upgrading it.
I have no doubt that other security holes are hiding in old, fundamental Internet protocol programs, and we’ll find out about them the hard way in 2015.
Finally, let’s not forget good old human error. Logins and passwords are also being swiped by cyber-crooks from companies all the time As former FBI director Robert Mueller said this summer, “There are only two types of companies — those that have been hacked, and those that will be.”
No comments:
Post a Comment