The New Year is always a time when tech-gurus like to make all sorts of wild predictions and this year is no different. Due to the rise of the Mirai malware (in the latter part of 2016), 2017 is receiving what can be considered to be the most frightening tech-prediction since the Millennium Bug. Only this time, sadly, most people feel that the divination may hold some traction. So what is it all about?
At the beginning of October, the source code for the Mirai malware was dumped on the Internet. It allows cybercriminals to create a Botnet out of IoT products like connected thermostats, fridges and kettles. That Botnet can be used to launch massive DDoS attacks. Following the source code’s release, the world saw a sudden rise in DDoS attacks bigger than anyone had seen before.
Suddenly attacks ranging from 620 gigabits per second (Gbps) to over 1000 Gbps started occurring. On the 21st of October, Dyn Inc (a firm that provides domain name registration services to many big businesses) was attacked three times leading to Internet blackouts. Companies affected by the attacks were the websites of Twitter, Reddit, GitHub, Amazon.com, Netflix, Spotify, Runescape, as well as Dyn’s own website.
24-hour Internet blackouts
Now, according to US technology security vendor, LogRhythm, that short Internet blackout may have been just a small precursor to what we can expect in 2017. According to the security firm, the attack that was launched on Dyn in October may have just been a small-scale test. The company believes that if the Mirai Botnet is used to its full devastating potential, then 2017 could be the first time that we see global Internet blackouts of up to 24 hours at a time.
Although this may sound like the storyline from Mr Robot, it is true that if a similar attack was aimed at several DNS services and at ICANN (simultaneously); we genuinely could experience unprecedented Internet blackouts. ICANN is the firm that controls what is often described as the “Internet address book”,
“The Internet Corporation for Assigned Names and Numbers (ICANN, /ˈaɪkæn/ EYE-kan) is a nonprofit organization that is responsible for coordinating the maintenance and procedures of several databases related to the namespaces of the Internet, ensuring the network’s stable and secure operation. ICANN performs the actual technical maintenance work of the central Internet address pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract.”
Any coordinated attacks on IANA (which overseas IP address allocation) and a large number of DNS services (like Dyn) could spell disaster for the Internet: Particularly if those attacks went on for a long time. Also, if Artificial Intelligence was unleashed alongside the Mirai botnet then we could experience carefully executed and targeted attacks on various services. Those attacks, could, in theory, lead to massive uncontrollable blackouts.
Hacking tools in development
You would be forgiven for thinking that these were the inner workings of an insane mind (that had too much port over Christmas). However, in August DARPA’s Cyber Grand Challenge proved that automated and self-learning systems are indeed possible. The competition demonstrated that AI-controlled software – capable of difficult cybersecurity tasks – is much more than a distant possibility – with competing teams managing to create various systems that worked independently to capture a flag. If those types of systems were used to launch attacks rather than stop them, the Internet could be in big trouble.
Considering the dangers, one would hope that nobody was developing these types of tools. Especially considering what the past few years have shown us about elite hacking tools like Hacking Team falling into the wrong hands.
Sadly, however, firms like BT Americas are using neural network simulations to create hacking tools based on the ways that humans solve problems. With companies working hard to create these sorts of AI exploits, sadly, the chances of cyber criminals or foreign governments using them in full-scale cyber warfare is a clear and present danger.
James Carder, chief information security officer at LogRhythm, believes that 2017 will see attacks like this take place. According to him the consequences could be devastating not only for consumers but for the financial markets as a whole,
‘In 2017, we’re going to see it hit big sometime, somewhere. If the internet goes down, financial markets will tank.’
Carder also believes that the attack on Dyn could have just been a trial run, and has compared the attacks we have seen so far to “testing missiles by shooting them into the ocean”,
“We saw the massive [distributed denial of service] against DynDNS just a couple of months ago. That DDoS attack took down sites like Twitter and Spotify for a few hours. We saw a similar DDoS hit Brian Krebs before the attack against Dyn. These were really just tests.
If you can prove that you can take down massive sites and a large chunk of the US internet for a few hours, a 24-hour outage seems pretty easy to do?”
Sadly, it is not just Carder’s words that are serving as a warning for 2017. With the possibility of Internet blackouts negatively affecting financial markets (and the value of currencies simultaneously), investors may be turning to Bitcoins as a haven.
The latter part of 2016 saw the price of Bitcoins more than double from $400 at the beginning of the year to over $900 as we approach 2017. That is a massive explosion in the value of Bitcoins, which adds credence to growing concerns of instability in traditional financial markets.
Back in September, when the price of BTC hit $600, a CoinDesk article speculated that the price had risen because of a ‘short squeeze’ in supply and demand. However, with continued growth in the cryptocurrency, one can’t help wondering: Is what we are seeing a bullish Bitcoin market based on sentiment related to concerns over the traditional financial markets? James Carder responded to BestVPN.com directly with the following comment,
“The speculation around financial impact was as a reaction to the internet blackout. This would be more about losing confidence and trust in the government’s ability to protect our financial assets, causing concerned stockholders to react by selling their investments in the market. In the spirit of speculation, I could see a potential uptick in the Bitcoin market as an alternative investment option.”
Bitcoins also vulnerable?
On the other hand, if Internet exchange services came crashing down that could lead to an inability to mine or trade Bitcoins. If they couldn’t be traded for some reason, that could also negatively impact the price of Bitcoins. For now, then, the Bitcoin market seems set to stay volatile; though the bullish trend is encouraging, to say the least.
US media crackdown in full swing
Finally, in the US great lengths are being taken to attempt to crack down on ‘Fake News’. Some people are predicting that this could lead to a backlash from hackers who decide to launch large-scale attacks on mainstream media outlets such as CNN and Fox News. Carder has expressed the following opinion,
“The power of influence is starting to shift away from mainstream news outlets and I don’t think that is something those mainstream outlets can afford to let happen. They will respond to the fake news threat by trying to implement some level of media control that will likely take it a little too far.”
This has, in fact, already been set in motion with a new law called the Countering Disinformation and Propaganda Act. The bill sneaked through the US Senate hidden within the depths of the 2017 National Defense Authorization Act report. Two days before Christmas, Obama signed the controversial law into action. The bill means that the US government will indeed be seeking to control the media and as Carder says,
“I think hackers, in the name of protecting our freedom of speech, will retaliate by knocking down a major media outlet or two.”
Opinions are the writers own.