Hackers are probing the defences of critical internet infrastructure providers in what could be the beginnings of a campaign to take down the internet, according to a leading cyber security expert.
Bruce Schneier, Chief Technology Officer at Resilient and security blogger, wrote in a post on his site that major firms were being hit by “probing” attacks: attacks designed to test their defensive capabilities.
Companies had been hit by distributed denial of service (DDoS) attacks which had started at a certain point and then been steadily ramped up before stopping.
The attack would then resume at a higher point and continue.
Schneier said that the attacks looked “as if the attacker were looking for the exact point of failure.”
He also said that the number of attack vectors used by the attackers to launch the DDoS attacks meant that the companies had to use all of their resources to defend themselves.
Another company told Schneier that other probing attacks had taken place, which had tested the ability to manipulate Internet addresses and routes and seeing how long the defenders took to respond.
Content from our partners
While he would not disclose which companies had been targeted, he said that they were “companies that run critical pieces of the internet.”
Bruce Schneier said he felt that a “large nation state” was behind the campaign. He said that his “first guesses” were China and Russia.
He said that “the size and scale of these probes — and especially their persistence — points to state actors.”
“It feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities,” wrote Schneier.
“What can we do about this? Nothing, really,” Schneier wrote.
Schneier said that the data he had seen supported the idea that China was responsible, and that this assessment was shared by people he had spoken with. However, he did not share any of this data and said that it was possible to disguise the origin of an attack.
