[TL;DR: If this is already too long, forget it. But here's the bottom line: If you want to continue debating "foreign cyber warfare targeting Western democracies" without looking like an utter clown, you should read the articles linked below. Specifically (3), which is the most illuminating piece of investigative journalism I have read online all month, and (4), because instead of perpetuating myths about technology, it documents how stuff actually works.]
Most likely, you don't remember it, but some may recall that in September 2016, the Internet went down for an entire afternoon, leaving many of the most popular websites and social media platforms unreachable for hours. This was widely reported as an unprecedented cyber attack on the infrastructure of the United States. Bruce Schneier, usually regarded as one of the most respectable security researchers in the world, wrote in the wake of the incident:
We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses. [...] It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. (1)
Schneier made big waves again in November, when he testified before U.S. Congress. His declaration was widely quoted:
It might be that the internet era of fun and games is over, because the internet is now dangerous. (2)
Meanwhile, Brian Krebs, another well-known security researcher, decided to do some proper research about the incident. Last week, he published his findings (3). Not only did he find out who was behind the attack, his account also dispels some of the most persistent myths about cyber war on the Internet:
Basically, the entire thing happened because he blocked someone on Skype.
The target wasn't the United States, Silicon Valley or Western Democracy, but Minecraft.
The clandestine actors in command of the largest denial-of-service attacks that the Internet has ever seen are not foreign intelligence agencies, but a cottage industry of DDoS protection providers, a racket of small-time extortionists: the Minecraft mafia. These are bored kids in college dorms in the United States.
A suprisingly effective measure to mitigate such a denial-of-service attack (launched through hundreds of thousands of insecure "Internet of Things" devices, like security cameras or toasters), is to call up an ISP upstream of the botnet's command-and-control center, and ask them to turn it off.
The era of fun and games on the Internet is still very much on.
Below is an excerpt from a longer conversation between the perpetrator of last September's attacks and one of his targets (4):
[10:49:11 AM] katie.onis: i love the conspiracy guys thinking this is china or another country haha
[10:49:18 AM] live:anna-senpai: yea
[10:49:22 AM] live:anna-senpai: lol
[10:49:29 AM] katie.onis: can't deal with the fact the internet is so insecure
[10:49:31 AM] katie.onis: gotta make it sound hard
[10:49:34 AM] live:anna-senpai: the scheiner on security blog post
[10:49:40 AM] live:anna-senpai: "someone is learning how to take down the internet"
[10:49:47 AM] live:anna-senpai: lol
Last night, a friend reminded me that if you look at the pricing for such attacks — and there is no reason to doubt the numbers quoted in Brian Krebs' research — then renting a botnet and shutting down the Internet for an hour or two is astonishingly cheap. His idea was that this could become a fashionable way for nerds to propose to their fiancées: Hey darling, I wanted your full attention, so I turned off the Internet for a moment...