Beyond Stuxnet: Preparing for Internet Armageddon

November 05, 2012 2:53 PM EST

Could sophisticated denial of service attacks against American telecommunications carriers and ISPs, perhaps backed by the resources of a hostile foreign power, take down the Internet in the U.S? During an interview for this week's Computerworld cover story (After Stuxnet: The new rules of cyberwar), AT&T chief security officer Ed Amoroso said it hasn't happened yet, but "we need to be prepared" for the possiblity that segments of the Internet backbone could be overwhelmed.

The threat is growing in both scale and sophistication. Where AT&T had two people dealing with occasional distributed denial of service (DDoS) attacks a few years ago it now has upwards of 60 full-time staff fighting off a continuous onslaught, Amoroso says.

Just how easy is it to knock a 40 Gbps backbone offline? A quarter of a million PCs infected with the Conficker virus, if used in a coordinated attack, would be do the trick, Amoroso said. "So far, no one has pushed that button. But we need to be prepared," he added.

Shortly after our conversation the prospect of state-sponsored attacks hit home after a series of DDoS attacks, launched against U.S financial institutions last month, were attributed to actors in Iran.

There is no shortage of hosts that could be used to launch similar scale attacks in the future. In fact, with the explosion in mobile devices there are hundreds of millions of potential hosts, each capable of carrying upwards of 1 Mbps of bandwidth. In addition, fiber to the home allows even greater bandwidth for attacks from desktop PCs and other devices, says Carlos Morales, vice president, global sales engineering and operations at Arbor Networks, a provider of DDoS attack mitigation products and services. "You're looking at gigabits per second, if not terabits per second of traffic. No single provider can handle that," he says.

To stop an "Armageddon attack," Morales says, ISPs will have to work together, a position put forward earlier this month by Mark Weatherford, deputy undersecretary for cybersecurity at the Department of Homeland Security.

It's unclear whether the Iranian government was really behind the most recent attacks, but the series of events moved the needle in terms of what banks, ISPs and other potential targets should expect to see in the future. "In the past with DDoS attacks, often viruses were used to infect PCs with malware to make them part of a botnet. But this one used servers, which have higher bandwidth and processing power available and can mount larger attacks over smaller populations," says Neal Quinn, chief operating officer at DDoS protection services vendor Prolexic.

And you don't need to be a state-sponsored attacker to create similar attacks. "Launching large attacks is not something that’s all that difficult these days," he adds.

But Internet Armageddon? Quinn doesn't see it. "Taking down segments of Internet service provider backbones is something you can do. In fact it happens from time to time just from normal traffic," he says, and when it does, providers reroute traffic to relieve the congestion. "We haven’t seen a whole lot of ISPs claiming something destroyed their infrastructure," he adds. At least for now, ISPs are keeping up with the threat.

The sophistication of DDoS attacks has matured over the last three years, says Dan Holden, director of security research at Arbor Networks." These days you're talking about application level threats blended with these types of DDoS threats, and the attackers are using very sophisticated tools."

Being able to detect that an attack is occurring and responding quickly using a planned DDoS mitigation approach is essential. "You have to be able to take the attack out," Quinn says. On the other hand, managing congestion on backbone links is a routine part of a service provider’s life.

If Internet Armageddon does occur one day, it's unlikely to come in the form of a state sponsored attack unless it’s in the context of a war between countries, contends Holden. "Right now it's more of a cold war where people are feeling each other out."

"There is no end to this," Morales says. "It's going to be an arms war between attackers and defenders to see who can win."