As sites, pages and servers hosting them multiply exponentially with the growth and spread of the world wide web, Domain Name Servers (DNS) and sites which host the DNS infrastructure become key to the availability of the Internet. A sustained DDoS attack against a bunch of major DNS hosts could thus render inaccessible a whole host of sites and pages which register huge page views regularly, leading to what could be stated in common parlance as large parts of the Internet being down and unavailable.
Before we get any further, let us understand how Domain Name Servers work. DNS is essentially the internet's phonebook. They facilitate the user's request to go to a certain site or webpage and make sure that the user reaches the page he or she is looking for. Put another way, the DNS is a large database that, among other things, converts a domain name into a more complex IP address from which data can be retrieved. Taking down a DNS server means that the user's browser can't use it to resolve which IP address it should use to get the files for a particular Webpage.
DNS hosts may be visualized as sites which host several such 'phonebooks' at least. If a DNS host or provider is targeted by a sustained DDoS attack, it will be unable to direct users to a large number of sites whose 'phonebook' it hosts, thus making them inaccessible & 'down' to users. This is what a DDoS attack during the second half of October, 2016 did, by targeting Dyn, a major DNS host, leading to a large number of sites including Twitter, Reddit, Github, New York Times, BBC, Fox News, Time, Soundcloud, Pinterest, Spotify, Netflix and Paypal - to name some - becoming inaccessible to users in certain geographical locations for long periods.
Next, let us get into a little background about DDoS. If you want to take a network off the Internet, the easiest way to do it is to mount a DDoS attack. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Shorn of the nuances and complexities, a DDoS attack essentially means blasting so much of data at the site that it is simply overwhelmed. DDoS attacks are not new and have been used by hackers to target sites that they don't like and even by criminals bent on extortion. While there is an entire industry, with a whole arsenal of weapons, devoted to defence against DDoS attacks, it largely boils down to an issue of bandwidth utilized. If the DDoS attacker has a bigger fire hose of data than the defender has, it wins out, for a while at least.
Recently, some of the major companies that make the internet work (like Dyn and Verisign ) have seen a significant increase of DDoS attacks against them. These attacks are becoming longer, more sophisticated and are happening at various levels, giving the impression that someone is carefully probing.
There are many different ways to launch a DDoS attack. The more attack vectors the attacker uses simultaneously, the more defenses the defender has to use to try and ward off the attack. Some of the recent attacks have been employing three or four different vectors, forcing the companies to use every weapon they have in their arsenal to defend themselves, thus opening up to the attacker the absolute limit of their defence capabilities.
Schneier, CTO of Resilient (an IBM company) also mentions probing attacks, in addition to DDoS attacks, which test the ability to manipulate Internet addresses and routes and check out how long it takes the defenders to respond. Clearly some people out there are testing the core defensive capabilities of the companies that are tasked with providing critical Internet services. It is unlikely that activists, researchers or criminals may be doing such probing, which leads to the possibility of certain countries doing this for reasons which are unclear.
The good news is that the DNS, by definition, is a distributed database, which means that copies of the same information can be found across the Internet. This makes it fairly robust. However, it still takes time for DNS servers to recover from these attacks and, if several servers can be taken down at once, the resultant outage could be both widespread and prolonged.
What could be the disruptions in case of a prolonged Internet outage? The possibilities are many and a cross-section of these are listed below.
1. Failure of the electrical grid supplying power.
2. Phone and cellular services becoming unavailable.
3. Unavailability of basic information even, like weather and news.
4. Unavailability of all email and messaging services.
5. Most financial transactions, particularly across different locations and countries, getting disrupted.
6. Logistic networks and services getting majorly disrupted, leading to unavailability of products at retail outlets.
7. E-commerce coming to a halt.
8. Online retailing getting totally disrupted.
|End-to-end Encryption Explained|