Cyberweapon to Take Down Internet … Whenever
Okay, maybe this isn’t exactly how it went down, but Ph.D. candidate Max Schuchard of the University of Minnesota and his colleagues did have the idea to design the ultimate cyberweapon, an attack that would render the Internet dead, useless, and blacked out, for at least a few days before it could even start to be repaired. And then save it for a rainy day. They don’t see anyone trying to wage this kind of attack any time soon, so in the meantime, they are going to work on how to defend against it. But here is what they came up with:
A way to make the infrastructure of the Internet flood itself with traffic and information that would eventually take so long to process that it would crash. Small, individual networks that communicate with each other via routers would be infected by botnets, or software controlled by an external source (namely, those dudes with the crazy idea), to drive mass amounts of traffic to a router. But before that happens, routers are hit with a different attack — called the ZMW attack — that causes those routers to think that they’re offline. Schuchard and his colleagues have figured out a method of launching such attacks over the whole Internet.
Now that these routers think they’re all offline, they are hit with a more refined attack using botnets, or viral software controlled by an external source (namely, those dudes with the brilliant plan) to drive mass amounts of traffic into routers, in other words, a distributed denial-of-service (DDoS). When traffic can’t reach the routers that have “gone dark” after the ZMW attack, it’s sent elsewhere, flooding other routers and bottlenecking, causing backups which, in turn, cause delays, then an overload of information. Kind of like the “Gluttony” murder in the movie Se7en.
This cycle would repeat, with the single breaking and reforming link sending out waves of BGP [border gateway protocol] updates to every router on the internet. Eventually each router in the world would be receiving more updates than it could handle – after 20 minutes of attacking, a queue requiring 100 minutes of processing would have built up.
Then the Internet goes BOOM. But what’s bigger than a BOOM? A nuclear BOOM.
An alternative scenario would be the nuclear option in a full-blown cyberwar – the last resort in retaliation to other forms of cyberattack. A nation state could pull up the digital drawbridge by adjusting its BGP to disconnect from the internet, just as Egypt did two weeks ago. An agent in another country could then launch the attack, bringing down the internet while preserving the attacking nation’s internal network.
So, there’s that. And that’s a pretty big deal. But does Schuchard think this is going to happen any time soon? Nope. It’s also possible that this is an entirely simplified scenario that won’t necessarily happen exactly as described because, as every user of the Internet can attest, the Internet can be unpredictable.
We can relax, and allow Mr. Schuchard to work out defenses against this kind of attack. But in the meantime, I would like to see this animated. Because as long as I can pick up my email and stuff, this sounds more than the tiniest bit cool.
Have a tip we should know? tips@themarysue.com