Russia? China? It's Minecraft you should fear, and bored teenagers!

Berlin, January 27, 2017 | #CyberWar #Internet #TheRussians

[TL;DR: If this is already too long, forget it. But here's the bottom line: If you want to continue debating "foreign cyber warfare targeting Western democracies" without looking like an utter clown, you should read the articles linked below. Specifically (3), which is the most illuminating piece of investigative journalism I have read online all month, and (4), because instead of perpetuating myths about technology, it documents how stuff actually works.]

Most likely, you don't remember it, but some may recall that in September 2016, the Internet went down for an entire afternoon, leaving many of the most popular websites and social media platforms unreachable for hours. This was widely reported as an unprecedented cyber attack on the infrastructure of the United States. Bruce Schneier, usually regarded as one of the most respectable security researchers in the world, wrote in the wake of the incident:

We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses. [...] It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. (1)

Schneier made big waves again in November, when he testified before U.S. Congress. His declaration was widely quoted:

It might be that the internet era of fun and games is over, because the internet is now dangerous. (2)

Meanwhile, Brian Krebs, another well-known security researcher, decided to do some proper research about the incident. Last week, he published his findings (3). Not only did he find out who was behind the attack, his account also dispels some of the most persistent myths about cyber war on the Internet:

Below is an excerpt from a longer conversation between the perpetrator of last September's attacks and one of his targets (4):

[10:49:11 AM] katie.onis: i love the conspiracy guys thinking this is china or another country haha

[10:49:18 AM] live:anna-senpai: yea

[10:49:22 AM] live:anna-senpai: lol

[10:49:29 AM] katie.onis: can't deal with the fact the internet is so insecure

[10:49:31 AM] katie.onis: gotta make it sound hard

[10:49:34 AM] live:anna-senpai: the scheiner on security blog post

[10:49:40 AM] live:anna-senpai: "someone is learning how to take down the internet"

[10:49:47 AM] live:anna-senpai: lol

Last night, a friend reminded me that if you look at the pricing for such attacks — and there is no reason to doubt the numbers quoted in Brian Krebs' research — then renting a botnet and shutting down the Internet for an hour or two is astonishingly cheap. His idea was that this could become a fashionable way for nerds to propose to their fiancĂ©es: Hey darling, I wanted your full attention, so I turned off the Internet for a moment...

(1) Someone Is Learning How to Take Down the Internet, schneier.com

(2) Bruce Schneier: 'The internet era of fun and games is over', dailydot.com

(3) Who is Anna-Senpai, the Mirai Worm Author?, krebsonsecurity.com

(4) Chat between Anna-Senpai and Robert Coelho, krebsonsecurity.com