The Morning News needs your support
The Morning News needs your support. Please join us as a Sustaining Member!
Last Friday, a coordinated attack of unknown origin brought down a broad swath of the web, cutting down sites from Github to Spotify to Twitter. Unlike thieves who steal data, this hack—known as a DDOS attack—just brings down websites by crippling the reference service called DNS. It’s like ripping up the phonebook.
In this case, someone was able to shut down a company called Dyn by capturing a massive number of computers and directing them at Dyn all at once. Here are the gory details.
Over the past year or so, someone with a lot of resources appears to have been probing the capabilities of major web sites. In strategically targeting Dyn, the attack highlighted the surprisingly vulnerable centralization that remains at the heart of web architecture.
"To protect DNS, ICANN came up with a way of securing it without entrusting too much control to any one person. It selected seven people as key holders and gave each one an actual key to the internet." Every three months since 2010, cryptography officers participate in a secret key ceremony designed to keep the web secure.
You might hear otherwise, but the Dyn attack had nothing to do with the United States "giving away the internet," as Republicans have suggested. ICANN declined to renew its contract with the Commerce Department, and will instead assume those responsibilities itself. A spokesman demurred poetically on the question of control, saying "It's human nature that everybody wants to find out who is in charge ... but that is not something you can do with the Internet. Each other connects to each other."
Four states suing the federal government to stop the ICANN handover dropped their suits Friday.
From the Radiolab vault: "Darkode," an episode with the story of a man who helped build botnets before turning his back on hacking. A botnet called Mirai was instrumental in Friday's attack.
Oct 24, 2016“Control” over the entirety of the internet is a concept based on a broken understanding of what the internet is and what it’s become since the first packet switches were installed in UCLA labs in 1969.
↩︎ Fusion
ICANN's most politically contentious area of control is really cosmetic: it controls top-level domains, the postfixes on URLs. Because governments sit on its advisory committees, these domains are politically influenced. For example, Saudi Arabia was able to get .gay rejected.
Perhaps the general internet user should have an ombudsman on that council, too. Tech reporters are passing around a 2008 memo that suggests that controlling tendency might go too far at times, entertaining the possibility of allowing domains with the same names as common file types.
I briefly pondered a future where ICANN takes an active role in policing internet security
— sarah jeong (@sarahjeong) October 22, 2016
Extremely briefly https://t.co/v3FyithLPU
The evidence is strong that “user confusion” would indeed result from URLs that look like filenames. The only case like this in operation is .zip, and it’s the internet’s shadiest neighborhood.
