The only realistic plan to avoid DDoS disaster

Last Friday’s massive DDoS attack against Dyn.com and its DNS services slowed down or knocked out internet connectivity for millions of users for much of the day. Unfortunately, these sorts of attacks cannot be easily mitigated. We have to live with them for now.

Huge DDoS attacks that take down entire sites can be accomplished for a pittance. In the age of the insecure internet of things, hackers have plenty of free firepower. Say the wrong thing against the wrong person and you can be removed from the web, as Brian Krebs recently discovered.

Krebs’ warning is not hyperbole. For my entire career I’ve had to be careful about saying the wrong thing about the wrong person for fear that I or my employers would be taken down or doxxed. Krebs became a victim even with the assistance of some of the world’s best anti-DDoS services.

Imagine if our police communications were routinely taken down simply because they sent out APBs on criminal suspects or arrested them. Online hackers have certainly tried. Plenty of them have successfully hacked the online assets of police departments and doxxed their employees.

Flailing at DDoS attacks

Readers, reporters, and friends have asked me what we can do to stop DDoS attacks, which break previous malicious traffic records every year. We’re now seeing DDoS attacks that reach traffic rates exceeding 1Tb per second. That’s insane! I remember being awed when attacks hit 100Mb per second.

You can’t stop DDoS attacks because they can be accomplished anywhere along the OSI model — and at each level dozens of different attacks can be performed. Even if you could secure an intended victim’s site perfectly, the hacker could attack upstream until the pain reached a point where the victim would be dropped to save everyone else.

Because DDoS attackers use other people’s computers or devices, it’s tough to shut down the attacks without taking out command-and-control centers. Krebs and others have helped nab a few of the worst DDoS attackers, but as with any criminal endeavor, new villains emerge to replace those arrested.

The threats to the internet go beyond DDoS attacks, of course. The internet is rife with spam, malware, and malicious criminals who steal tens of millions of dollars every day from unsuspecting victims. All of this activity is focused on a global network that is more and more mission-critical every day. Even activities never intended to be online — banking, health care, control of the electrical grid — now rely on the stability of the internet.

That stability does not exist. The internet can be taken down by disgruntled teenagers.

What would it take?

Fixing that sad state of affairs would take a complete rebuild of the internet — version 2.0. Version 1.0 of the internet is like a hobbyist’s network that never went pro. The majority of it runs on lowest-cost identity and zero trust assurance.

For example, anyone can send an email (legitimate or otherwise) to almost any other email server in the world, and that email server will process the message to some extent. If you repeat that process 10 million times, the same result will occur.

The email server doesn’t care if the email claims to be from Donald Trump and originates from China or Russia’s IP address space. It doesn’t know if Trump’s identity was verified by using a simple password, two-factor authentication, or a biometric marker. There’s no way for the server to know whether that email came from the same place as all previous Trump emails or whether it was sent during Trump’s normal work hours. The email server simply eats and eats emails, with no way to know whether a particular connection is more or less trustworthy than normal.

Internet 2.0

I believe the world would be willing to pay for a new internet, one in which the minimum identity verification is two-factor or biometric. I also think that, in exchange for much greater security, people would be willing to accept a slightly higher price for connected devices — all of which would have embedded crypto chips to assure that a device or person’s digital certificate hadn’t been stolen or compromised.

This professional-grade internet would have several centralized services, much like DNS today, that would be dedicated to detecting and communicating about badness to all participants. If someone’s computer or account was taken over by hackers or malware, that event could quickly be communicated to everyone who uses the same connection. Moreover, when that person’s computer was cleaned up, centralized services would communicate that status to others. Each network connection would be measured for trustworthiness, and each partner would decide how to treat each incoming connection based on the connection’s rating.

This would effectively mean the end of anonymity on the internet. For those who prefer today’s (relative) anonymity, the current internet would be maintained.

But people like me and the companies I’ve worked for that want more safety would be able to get it. After all, many services already offer safe and less safe versions of their products. For example, I’ve been using Instant Relay Chat (IRC) for decades. Most IRC channels are unauthenticated and subject to frequent hacker attacks, but you can opt for a more reliable and secure IRC. I want the same for every protocol and service on the internet.

I’ve been writing about the need for a more trustworthy internet for a decade-plus. The only detail that has changed is that the internet has become increasingly mission-critical — and the hacks have grown much worse. At some point, we won’t be able to tolerate teenagers taking us offline whenever they like.

Is that day here yet?