[Bruce Schneier] added that since his blog post, he has heard from three other companies that support the Internet’s “backbone,” and they have also told him they are seeing same thing.
There is little disagreement, however, that a massive DDoS attack could disable portions, or even all, of the internet for some period of time.
Kaminsky called Schneider a “highly credible source,” and said he believes some hackers actually can take down the internet, in part because, “the damage from cyberattacks keeps growing and the risk perceived by attackers keeps shrinking.”
[Paul Vixie, CEO of Farsighted Security] said he thinks Schneier needed to be much more precise about what he meant about taking down the internet. “Down for who, and for how long?” he asked. “There’s no way to break the internet permanently, since the same activities that gave rise to it and which reinvent it every day will eventually recreate a new infrastructure that works mostly the same way the old one did.”
Schneier said he agrees with much of that. “I’m not convinced it will go down,” he said, “and if it does, it will be temporary. A DDoS attack needs the internet to work. It eventually eats its own tail.”
But even a temporary takedown could cause great damage, Vixie said. “In a thought experiment, a bunch of us got together and brainstormed ways to make the internet unavailable to the G-20 for 72 hours.
Some comments on Schneier’s blog have suggested that the DDoS attack isn’t the real attack – that it is meant to be the digital version of “covering fire,” so the hackers can get something like an advanced persistent threat (APT) into a system without detection.
“I thought of that,” Schneider said, “but I didn’t write about it because it would be too speculative.”