Home → Magazine Archive → February 2016 (Vol. 59, No. 2) → How a Supervillain (or a Hacker in His Basement) Could... → Full Text

How a Supervillain (or a Hacker in His Basement) Could Destroy the Internet

By Logan Kugler

Communications of the ACM, Vol. 59 No. 2, Pages 18-20
10.1145/2852235

[article image]

Save PDF

U.S. senator Ted Stevens (R-AK) sealed his legacy in 2006 when he infamously referred to the Internet as a "series of tubes." This was a simplistic description in the extreme for the varied and intricate architecture that comprises the Internet's physical and virtual infrastructure. While it might be excused as a gaffe from an older generation, Stevens was partially responsible for regulating the Internet at the time he made the remarks.

Unfortunately, Stevens, who passed away in 2010, was not alone in his misunderstanding of how the Internet works, and ignorance in this areafar from being blissis dangerous. The series of tubes and other machinery that make the Internet possible can and have been disrupted. They can even be destroyed, say experts.

One such expert is Samy Kamkar, and he knows all about Internet security. After he hacked the social network MySpace in 2005 with the Samy worm and was caught and convicted of a felony, he agreed to a plea deal with the U.S. Secret Service that banned him from even touching a computer for three years. The virus Kamkar created spread so alarmingly fast that "the entire Internet was freaking out about [it]," reported media site Fusion.

People like Kamkar do not idly think about ways the Internet could be disrupted or completely destroyed; they get paid for it. Today Kamkar is a white-hat hacker, helping companies patch security flaws before they can be exploited. Following are some of the biggest threats Kamkar and people like Thomas Savundra, cofounder of ultra-secure cloud storage service Sync, see to Internet infrastructureand what we might be able to do to help prevent them.

Back to Top

Cutting the Cord

Software crashes and cybersecurity threats dominate the headlines, but Kamkar says there is another way to attack the Internet that could do more damage on a wider scale.

"A physical attack that is starting to affect small areas (but significant numbers of users) is criminals physically cutting fiber optic cables," Kamkar says. "Typically just knowing where to go and what to do is enough to cause major disruptions."

This may seem like a mundane and unsexy doomsday scenario, but it is one authorities are beginning to take seriously. The Washington Post reported in July 2015 that the U.S. Federal Bureau of Investigation (FBI) was investigating a series of attacks on fiber optic cables in California that disrupted Internet service in parts of San Francisco and Sacramento. These attacks probably were not the work of petty vandals or common criminal elements; the FBI believes the attacks required expertise, as the perpetrator(s) broke into underground bunkers that housed those cables. This was the eleventh attack within 12 months in this particular case; a similar attack took place in Arizona early last year.

In each case, an attack on fiber optic cables caused local Internet disruptions. Consider what might happen if the cables tampered with served a larger area.

That has happened several times over the last decade to the fiber optic cables under the Mediterranean Sea, when cables delivering Internet service to entire Middle Eastern and Asian countries have been the victim of a variety of attacks. Some are known to have been accidental, such as when a ship's anchor cuts through submarine cables; others, however, are potentially criminal. All have worldwide implications. One such attack in 2008 stopped Internet service in Egypt, Pakistan, Kuwait, and Indiafour countries together inhabited by nearly 1.5 billion people or one-fifth of our planet's population, according to a report from Wired.

Destroying undersea infrastructure may require a specific set of skills, but it does not require an army. One of the cable-cutting incidents in the Mediterranean was the work of just three men. The relative ease with which malicious parties can disrupt Internet service on a global scale does not end there. While undersea cables are marginally thicker and sturdier than their landborne counterparts, they still are shockingly easy to access.

Andrew Blum, author of Tubes: A Journey to the Center of the Internet, told Wired, "Other than obscurity and a few feet of sand, [the cables] are just there. The staff at a cable landing station might patrol the path to the beach landing once or twice a day, but otherwise I've never heard of or seen any constant security."

Attacks on enough poorly defended cables at the same time could bring the Internet crashing to its knees.

Back to Top

When the Lights Go Down in the City

Another area malicious parties could attack to undermine the Internet is the electrical grid, says Kamkar. "This could happen by attacking the industrial systems that control the electrical grid, such as SCADA systems," he says.


In a complete disruption of the Internet, stock market activity would cease, online transactions would grind to a halt, and work at most modern businesses would be impossible.


SCADA (Supervisory Control And Data Acquisition) industrial control systems govern major functions in everything from factories to refineries to power generation stations. Someone who wanted to take down the Internet could infiltrate and destroy these systems, wreaking havoc on the machinery that keeps power plants running and leaving their service areas without power and Internet.

Obviously, a power grid disruption causes huge problems beyond taking down the Internet. A generator or alternate power source can bring homes and businesses back online after some initial turmoil in the event of a grid failure. The downtime is costly, to be sure, but in a complete disruption of the Internet, for example, stock market activity would largely cease, online banking, commerce, and transactions would grind to a halt, and work at most modern businesses would be impossible.

On a wider scale, targeting facilities that service key Internet infrastructure could destroy huge swaths of the Net. "We have to consider the underlying tubes and fiber, the key network exchange hubs and datacenters hosting Internet content," says Thomas Savundra, cofounder of ultra-secure cloud storage service Sync. A disruption to the power supplied to any of these facilities could knock out a key piece of the machine that keeps the Internet running.

Disruption is not limited to instances in which a facility's power source fails; its machinery is also a target.

In 2010, the world was introduced to Stuxnet, a computer virus sometimes called the first digital weapon. It is believed the worm was created by U.S. and Israeli intelligence services, because it targeted Iranian centrifuges used to enrich uranium. Stuxnet burrowed its way into the centrifuges after unwittingly being introduced to the machinery via a corrupted USB drive. Once present, Stuxnet damaged the centrifuges from the inside. The highly guarded centrifuges were air-gapped (physically isolated) from the Internet, which is why the virus had to be introduced via USB. That may be a rarity, however.

"More likely in the future it would be an attack that happens online, as more industrial systems are further connected to the Internet," says Kamkar.

According to a report by the World Economic Forum, the number of Internet-enabled sensors in use increased more than five times between 2012 and 2014from 4.2 billion shipped to 23.6 billion. That is not just for smart homes and snazzy gadgets; governments and huge corporations are bringing key infrastructure and plants online, too. Stuxnet attacked machinery's actuators, which are under threat in any factory where the machinery is directly connected to the Internet. As offline machines are augmented with online sensors, those sensors may enable damage indirectly when viruses cause problems with them (such as replacing real data with fake data).

That means a future saboteur would not need to be physically present to do serious damage; he or she or they could introduce a Stuxnet-like worm into one or more facilities using the machinery's connection to the Internet, while working from anywhere in the world. This next generation of cyber-terrorist could even shut down parts of the Internet by attacking the power sources of key Internet infrastructure.

While the Internet of Things might deliver untold economic and productivity benefits, companies and governments need to prevent such attacks before they occur by bringing industrial infrastructure online intelligentlyno matter how fast the technology deploys or how much pressure they face from citizens and shareholders.

"Connecting critical infrastructure to the Internet shouldn't be done without proper security measures," Kamkar says.

Back to Top

Saving the Internet from Itself

There is one other less tangible, but no less important, piece of infrastructure that couldif damaged heavily enoughdestroy the Internet as we know it, says Savundra. "The threats are less likely to be centered on physical infrastructure, but rather software-layer trust and confidence," he says. "I think privacy and security are going to be the major issues. Individuals and companies are already beginning to change their behavior because of widespread hacks, unauthorized surveillance, and the erosion of online privacy."

Such nefarious activities are starting to break some of the Internet's most deeply cherished tenets, namely the ability to surf safely and anonymously, whether for business or for pleasure.

That could be the harbinger of a future Internet that has been hollowed out by hacks and spying. Imagine a situation in which consumers could not trust payment details to companies because of threats to online databases. Think how the Internet's value would diminish if people could not reasonably assume their identity would not be stolen the moment they exchange basic information with another party online. What if the free speech that Internet communities enable became leverage used by governments against their citizens? All of these issues could hamstring the Internet's effectiveness as the "network of networks."


What if the free speech that Internet communities enable became leverage used by governments against their citizens?


"I think if the erosion of privacy becomes widespread," Savundra says, "people will start using Internet services differently."

Savundra sees regular and healthy discourse about privacy, hacking, and safety issues online as a major solution to the problem. "The Internet is designed by humans for humans. There are plenty of smart people who will defend their rights, either via policy or technology, when their freedoms are jeopardized," he says.

Kamkar, perhaps as a cynical souvenir from his time in the shadows as a hacker, has different advice to address serious threats to the Internet's basic infrastructure: "The biggest way to prevent these issues is to understand that most of these systems are insecure by default."

Back to Top

Further Reading

Chang, Alexandra
Why Undersea Internet Cables Are More Vulnerable Than You Think. Wired, http://www.wired.com/2013/04/how-vulnerable-are-undersea-internet-cables

Hill, Kashmir
10 years after his epic MySpace hack, Samy Kamkar is trying to turn hackers into heroes. Fusion, 2015; http://fusion.net/story/180919/samy-kamkar-is-a-white-hat-hacking-hero

Greenberg, Will
String of West Coast attacks on Internet fiber optic cables leads to FBI investigation. The Washington Post, 2015; http://http://wapo.st/1TStnhI

Back to Top

Author

Logan Kugler is a freelance technology writer based in Tampa, FL. He has written for over 60 major publications.

Back to Top

Figures

UF1Figure. Samy Kamkar, who hacked the MySpace social network with the Samy worm in 2005, is today a white-hat hacker, helping companies catch security flaws before they can be exploited.

Back to top


©2016 ACM  0001-0782/16/02

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from [email protected] or fax (212) 869-0481.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2016 ACM, Inc.

0 Comments

No entries found