Someone Is Learning How to Take Down the Internet2016.10.25
Vor dem Hintergrund der massiven DDOS-Angriffe vom letzten Freitag, die zu Ausfällen bei Twitter, Amazon, Ebay, New York Times oder Github führten mehren sich Gerüchte, es könne sich um einen Testlauf gehandelt haben.
Interessant in diesem Zusammenhang scheint ein Artikel von Bruce Schneier aus dem September 2016 zu sein, der genau dies thematisiert: Someone Is Learning How to Take Down the Internet (Auszüge weiter unten)
In genau dieses Bild passen die seit Mitte des Jahres massiv zunehmenden Botnet-Aktivitäten, die wir in unserer Sensor-Infrastruktur sehen; im September eine verdoppelung der Aktivitäten um, den 15.09. herum, gefolgt von einem massivene Anstieg ab dem 22.10.
Auszüge aus: "Someone Is Learning How to Take Down the Internet" von Bruce Schneier, 13.09.2016
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.
First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it's overwhelmed. These attacks are not new: hackers do this to sites they don't like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it's a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.
Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.
The attacks are also configured in such a way as to see what the company's total defenses are. There are many different ways to launch a DDoS attack. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.