Could the internet ever be switched off – or destroyed? Chris Baraniuk investigates what it would take to bring down the network we all now rely on.
The internet is unbreakable. At least, we think it is. That’s why when something goes extremely viral, such as pictures of Kim Kardashian’s bottom or #thedress, we joke about it “breaking the internet”. This is because, well, that obviously isn’t going to happen – but we’re searching for some way of exaggerating the impact of the event. It’s a great piece of contemporary hyperbole. But could you really, literally, break the internet? And if so, does anyone really know for sure what would happen next?
A massive attack to bring down the whole internet is actually possible
Part of the answer lies in London’s Docklands district: nestled just north-east of Canary Wharf is a large, unassuming building. Its grey, monolithic exterior is surrounded by a metal fence and there are security cameras dotted along its windowless walls. No hoardings or signage explains to passers-by what it is, or to whom it belongs. But it houses a substantial node in the internet. It’s called “Linx”, the London Internet Exchange, and it’s one of the biggest points of traffic exchange on the internet anywhere in the world. There are bigger exchanges out there, but not as many as you might think. Matthew Prince, CEO of content delivery network CloudFlare, puts the number of large facilities like Linx at “around 30”.
These buildings, scattered across the globe, are where networks from providers like Virgin or Comcast come together to exchange their traffic. That, after all, is the whole point of an “inter”-net. And if any of them were cut off – by a power cut or earthquake, for instance – we would know about it.
“You would actually see regional disruptions on the internet,” says Prince. “And if you were able to actually take out all 30 of those buildings, the internet itself would probably largely cease to function.”
This sort of doomsday scenario isn’t very likely or feasible, though. These kinds of important internet facilities are extremely well protected, says Jack Waters, CTO of Level 3 – one of a handful of “Tier 1” network providers that are also crucial, because their big and resilient networks help form the backbone of the internet.
“We have surveillance everywhere, we take all the appropriate precautions around barricades and those sorts of things. They are very hardened facilities,” he says. There has never been a known sabotage attempt at one of Level 3’s many buildings, he adds.
Perhaps cutting the links between such places, then, would be an easier way to break the internet? There are uncountable miles of cables wrapped around the globe, and many of the biggest are just lying there unprotected – albeit often underwater. Indeed, cables do sometimes get severed just by accident, for instance during earthquakes or when ships’ anchors slice through them on the seabed. It’s believed that significant internet disruptions in 2008 that affected countries including Egypt werecaused by these sort of cable breaks.
Distributed resilience
But the effects of these failures in the physical infrastructure of the net aren’t as far-reaching as you might think, because they come up against the original designed resilience of the system. It’s people like Paul Baran, a Polish-born American engineer, who we can thank for this. Baran is one of a few people who, way back in the early 1960s, believed a communications network could be designed with significant physical survivability, to withstand even a nuclear attack.
He wrote many fascinating papers about it, but at first no-one took him seriously. It might have stayed like that except for Donald Davies, a Welsh computer scientist, who came up with the same fundamental idea as Baran, completely independently and at almost exactly the same time. Their idea was called “packet-switching” and it describes a communications protocol that breaks messages down into small blocks, or packets. These are fired across a network via the fastest route available – whatever that route is – until they all arrive at their destination, where they are then reassembled. Take out one link in the network, even an important one, and messages can still arrive where they are expected by taking one of the many alternative routes.
It’s really clever. “It’s a spectacular architecture when you think about it,” says Waters. “End-to-end communication where the end points don’t care about what is in the middle is a very powerful idea.”
That’s why cutting cables or throwing data centres offline does limited damage to the network at large. Even disconnecting entire regions, like Syria, won’t necessarily restrict internal communications within Syrian networks – though of course access to external websites like Google may no longer be possible.
Eventually, though, people realised that the internet’s wonderful capacity to re-route traffic could be used against it. One such way is a distributed denial of service (DDoS) attack, in which a huge flow of traffic is deliberately sent to servers which can’t cope with the overload. DDoS attacks are becoming more and more common, and they are one of the threats which CloudFlare and other networks are designed to protect their clients against, says Prince. The ultra-high capacity of the CloudFlare network can simply absorb this “bad” traffic and redirect it, so that public websites under attack remain online. But dealing with the problem is getting more difficult all the time.
“We’re definitely seeing an increase in the number of attacks, and an increase in the size and scale of those attacks,” explains Prince. “It becomes so easy to do them that sometimes they’re even used by rival businesses. We saw two feuding day spas the other day that were launching denial of service attacks against each other.”
Border breach
Another major concern is BGP hijacking. BGP stands for “border gateway protocol”. This is a key system which tells internet traffic – those billions of packets – where to go. For a long time it was just assumed that the BGP routers positioned at various points across the network always sent the packets in the right direction. In recent years, however, it emerged that traffic could be surreptitiously re-directed if the destination information logged in the routers got manipulated, perhaps by hackers. Such hijacking would mean that huge swathes of internet data could effectively be stolen, or snooped on by third parties, such as intelligence agencies.
The other potential consequence is that large portions of traffic could get sent to areas of the network that are more easily overwhelmed. Something like this happened a few years ago when Pakistan’s government tried to stop people in the country watching YouTube. BGP routes in Pakistan were changed, but this information was copied around the world. Huge numbers of people couldn’t access YouTube and all the traffic was instead sent to Pakistan, where the network infrastructure was quickly overloaded. It’s even been theorised that overloading routers with BGP updates could knock the entire internet offline.
Re-routed traffic can cause unexpected headaches for the people who try to keep servers and online systems running. One blogger recently investigated what had sent a mail server offline only to discovermistakenly re-routed traffic was the cause. “While looking at IP addresses in my logs, I noticed something interesting: all of this traffic was coming from China,” he wrote.
However, although most of these problems have been known to cause “disruption” – and some could, in theory, break the internet – there’s never been a case where the whole internet has gone down. That doesn’t mean we shouldn’t think about the possibility, though, says Vincent Chan, a professor at the Massachusetts Institute of Technology.
Worst case
“I think a massive attack to bring down the whole internet is actually possible,” he says. He points out that physical attacks on the internet’s infrastructure are unlikely to do much permanent damage. Destroying one node in a 1,000 node network won’t take the whole network down, of course. But what if you find a software vulnerability that affects all 1,000 nodes? Then you’ve got a problem.
“In that case, it’s not a 1,000 point independent failure, it’s only a one point failure,” he says. And Chan points out that there are methods of disrupting the internet that would be very hard to detect. In his lab he’s experimented with “splicing” a data signal and inserting high levels of noise. You could do this, he says, by going to low security junction boxes in remote locations around the world and simply putting a sabotaging black box between the electronics and the fibre optic cables.
“The worst thing to do would be if you put enough noise into the signal so that the system actually is not completely down, but it is so error prone that most of the packets that come through are unreadable,” he explains. “The network would constantly have to ask for retransmission and it might slow down to, say, 1% of its capacity. The people running the network wouldn’t know what hit them. They would just think that it was exceptionally busy.”
Chan thinks there might be some who would be tempted to attack the internet in this way. But the consequences of breaking the internet may not always be properly thought through. “I think there should be discussions of attack and defence of the internet as an entity,” he says. “That’s never been discussed before adequately.”
Dark net
Banks, commerce, government systems, personal communication, appliances – a lot of our modern world relies on the internet staying up. Localised, temporary disruption is little more than a nuisance. But if the internet really went dark, we’d be in trouble.
The real problem, though, is that we don’t know exactly how bad the trouble would be. Danny Hillis, an early pioneer of internet technology,pointed this out to an audience at TED in 2013 (see below).
“Nobody really exactly understands all the things [the internet is] being used for right now,” he commented. “We don’t know what the consequences of an effective denial of service attack on the internet would be.”
Frustratingly, though, because there has never been such a full-scale denial of service, no-one seems too worried about Hillis’s warning that the internet could one day crash. He realised this. “It’s hard to get people to focus on Plan B when Plan A seems to be working so well,” he said.
Since Hillis’s talk there hasn’t been much more debate about this problem. And yet, every day the internet gets bigger and more indispensable. The truth is, we need the internet so much that no-one wants to think about it not being there. But maybe, one day, that may come back to haunt us.
No comments:
Post a Comment