Security researcher and blogger Bruce Schneier has a new essay up, arguing that there's a single body out there carrying out a systematic attempt to test the defenses of the internet's fundamental infrastructure, presumably with the intention of one day breaking those defenses. While the sources for the article are anonymous, they hardly need naming since Schneier makes it clear that his research has collected insight from virtually all major internet companies, from large service providers like AT&T all the way to organizing bodies like Verisign or potentially even ICANN itself. Somebody is searching for weaknesses in the sorts of places that many assume you'd only attack for one reason: crashing all or a large portion of the internet.
The basic narrative is this: Schneier has been hearing sustained, widespread reports from fundamentally important internet companies that they are experiencing a marked uptick in certain kinds of attacks, in particular Distributed Denial of Service (DDoS) attacks. These have been not only getting stronger, longer lasting, and more diverse, but they've been moving in seemingly systematic, investigatory ways. Schneier describes a scenario in which attackers sent predictable probing attacks against successively higher levels of security until it had tested everything, apparently being exhaustive in their search for failure points.
More worrying, the attacks also seemed to be interested in the response procedures of these bodies, like the ability to change addresses and routes in response to attacks. These incursions, more than anything else, seem to imply that the attacker is thinking through the possibility of really attacking someday. They're looking at not only the points of ingress, but the response times, and points of egress — everything you'd need to know to attack and get away with it.
The "internet backbone" is a more real, physical thing than people often imagine.
Accepting all of Schneier's intelligence as genuine (and it almost certainly is), we still have to note here the inherent assumption in his thinking: that these investigatory attacks necessarily imply an intent to exploit any weaknesses they find, to tank the internet. It's a fairly safe assumption, but one that does overlook the possibility that this could be the product of a very understandable paranoia on the part of other world powers; as Schneier himself points out, the NSA has more investigatory hardware on the internet backbone than all other powers combined, so it can't be surprising that the internet is seen as an inherently American, culturally aggressive thing. Investigating such a system could at least tell you how best to route your diplomatic cables to avoid being hoovered up by NATO listening hardware.
Russian ships perform "tactical exercises" over the deep sea internet backbone.
The other very real possibility is that these attacks were meant to be seen, and meant to be publicly known. Much like alleged Russian hacking of political documents, a basic point is being made about the abilities that can be arrayed against the United States… should that kind of action become necessary. The implicit threat is not so different from making sure your adversary sees you install a missile battery within range of their border.
You're saying something, very clearly: Watch your ass.
The seeming flaw in this explanation, of course, is that the real attacks most feared to follow these reported investigatory probes may be too indiscriminate to be an effective threat against any one actor, even the US. This means that if it is a threat, it's a threat against everybody. Much like Russian threats against the physical internet backbone in the deep sea, it's believed that any major attack would have to coincide with a major reorientation of the attacking society away from the online space, or it would end up being suicide — it's just a shame that such reorientation efforts are well under way.
The idea is classically that the global internet is so important to to everyone that nobody but ISIS and maybe North Korea could consider crippling or destroying it — but both China and Russia are expending real effort to at least explore such a possibility. It's a far-out threat, one that could conceivably start a major global war if done in certain provocative ways, and so it's probably mostly meant as a threat. The message could be broadly similar to that delivered by a nuclear test: you can see that I have a weapon of last resort, so make sure never to put us in a situation where I might want to use such a thing.
Why is this made out of anonymous quotes? Why aren't companies willing to talk about the very real threats to their security? We have to assume the national security world is more aware of this than Schneier is, as the article's final line is telling: "But this is happening. And people should know."
— Source: http://www.extremetech.com/internet/235868-an-unknown-state-may-be-running-drills-for-taking-down-the-entire-internet