| by Shawn D. Stewart | No comments

Horror Stories – No Internet

OR Offline, No One Can Hear You Scream

The Cloud! How convenient! Our email and files are always available, 100% of the time. The lowered costs of Dedicated Internet Access has afforded even small businesses redundant Internet connections from a phone carrier, cable company, wireless provider, or satellite.

But what would happen to business and society as a whole if the Internet suddenly didn’t work? You’re talking crazy! Yes, maybe. Smart Cybersecurity Consultants don’t use fear as a tactic. But The Conjuring movies made over $2.1 billion. It seems everyone enjoys a good scary story. Turn the screen brightness down and prepare for a fright. The Internet is going down!

Do You Remember? – In 2016, the Mirai botnet launched a Distributed Denial of Service (DDoS) attack that crippled the Internet. And how did that happen? Millions of Internet of Things (IoT) devices attacked the Domain Name Service (DNS). Unprecedented and limited, but effective.

Attack Option #1 – There are two primary attacks that could cripple the Internet. The first, as with Mirai, is an attack on DNS. Without DNS, www.google.com will not translate to 64.233.177.105. The Internet is based on IP addresses and without DNS, name-based traffic will not work. You could poison zone transfers, but let’s stay out of the weeds. Direct address connections, such as VPN and financial transactions would continue to work, but this would shut individuals and businesses off. 

Attack Option #2 – The only way to really break the Internet is to disrupt Core Routing. The Internet is physically owned and managed by large telecom carriers in each country. British Telecom (UK), France Telecom (France), AT&T, Verizon, and Lumen (US) are just a few. Before I answer the question of “how could something like this happen”, pick the carrier listed above who has not suffered a breach in 2021. The answer is F) None of the Above.

How Internet Routes Work – IP addresses are blocked into owners and routers work much like the US Postal Service in terms of sending traffic to a specific address. A post office is the primary route for all addresses assigned to its zip code. Core Routers send traffic to the telecom carrier responsible for the IP range. The Carrier routers will pass the traffic as many times as needed to reach the local owner of that IP address. 

The Problem – Whether it is a core, carrier, or your home Internet, the router does the same thing; route IP traffic. The only difference is core and carrier routers handle more connections and have several redundancies. Unfortunately, some of the primary and international connections are held together with barely functional hardware and no institutional knowledge. All routers share global routes, either dynamically or statically assigned. 

But Why? – This is a coordinated attack by a nation-state or highly motivated hacker group. Why go through the trouble? Money. $100 TRILLION ($100,000,000,000,000) transfer worldwide every day across the Internet. If you disrupt that for one day, what is the ransom to ensure it works tomorrow? Banks and governments could easily fork out $1 trillion if you take the Internet down for a solid three days. Take out only Google, Facebook, and YouTube and you’ve eliminated 60% of all global Internet traffic and likely dropped their stock prices. You’ve also just increased corporate production by 200%!

How? – I’m not going into details since I don’t want every alphabet US agency knocking on my door if this were to actually happen. First, you need to secretly compromise all carriers globally and maintain access. Second, you need access to the core routers, DNS servers, and all backup paths. They could choose to attack both DNS and core routing at the same time and watch as the lights stop blinking. Or maybe they go off the chain, leaving behind a wave of Ransomware on every device, effectively killing the Internet as we know it. Much more could be done, but that would pronounce it dead.

Now What? – The Internet is gone, whether it is a day, a week, or a month, it is unprecedented. Phone service would fail, as most wireless traffic and all VoIP service is Internet based. I bet there isn’t a page in your Contingency Plan for this. Can your company, bank, town, state, or country continue to function and provide basic services? It’s a scary question, especially if the power is inadvertently affected. You thought 666 was the most frightening number? Try 404 (Not Found). 

A Ray of Hope – There are always survivors. How do they do it? Training, grit, bravery, and a chainsaw. Though, you can leave the chainsaw at home for this one. The moral? Don’t put all your eggs in one basket. Plan for the unexpected. Any decent Cloud service offers on-premise redundancy. If you aren’t taking advantage of it, you should. How much does it cost? Does it really matter if you can keep a physical copy of your data on hand? Can you guarantee you will always have access to your data on Microsoft, Amazon, Oracle, Google, and Salesforce? 

One final thought and you know exactly what I’m going to say. Be absolutely sure to maintain an offsite, physical backup of your data. The Cloud is great until it ain’t. Read your services agreement. Internet connectivity is usually NOT covered, and they won’t ship you a hard drive with your data. Protect yourself. 

Want to see an article on a specific subject? Need help? Reach out. We are all in this together.

mm
Shawn D. Stewart

Mr. Stewart has 25 years of experience with hundreds of international, commercial, military, and government IT projects. He holds or has held certifications with ISC2, Cisco, Microsoft, CompTIA, ITIL, Novell and others. He also holds a BS in IT, a Minor in Professional Writing and is a published author. He is scheduled to complete his Masters in Cybersecurity in August 2021.

Leave a Reply