Not too long ago, we here at Giz Asks contemplated what might happen if the entire internet shut down at once. One imaginative stumbling block, in playing out the implications of that scenario, was how something like that could happen in the first place. And so — without advocating any of the methods described below, or strongly suggesting that hundreds or thousands of like-minded heroes band together to take this sucker down once and for all — for this week’s Giz Asks we’ve asked a number of cybersecurity experts how exactly one would go about shutting down the entire internet.
Laura Brandimarte
Assistant Professor, Management Information Systems, University of Arizona
Everything being connected today may bring along significant convenience, but it also implies that everything can be hacked. What if the nation’s power grid were successfully attacked? No electricity also means no internet access. The internet also relies on physical infrastructure, such as subsea cables and other fibre cables: any infrastructure issues (cable cuts, damages), whether due to criminal activity or natural disasters that were to affect major subsea cables could potentially shut down the Internet.
In a different sense, authoritarian governments can also potentially shut down the internet if they somehow all colluded against it, either blocking internet access to citizens altogether (we have seen that in Egypt during the Arab Spring, for example, or in the Democratic Republic of the Congo during a period of unrest); or substantially limiting it (we see that in countries where internet censorship is widespread and information access is controlled by the central government, as it happens in China).
There are ways around censorship, of course: Privacy Enhancing Technologies, or PETs, such as virtual private networks or VPNs, and anonymous browsers such as Tor, can help circumvent it, but censorship essentially prevents the vast majority of the population, who may not be familiar with these tools, to access the internet, de facto making it disappear.
Ryan T. Wright
Associate Professor of Commerce and Associate Director of the Centre for Management of IT at the University of Virginia, whose research focuses on the human elements of cybersecurity, among other things
First, it is highly unlikely that the internet could be universally shutdown. Internet infrastructure consists of several redundant connections that make it near impossible to bring down the entire internet unintentionally or accidentally. Internet traffic is resilient and can dynamically reroute around any problems.
Bad actors would be the most plausible reason for an internet outage. Two critical internet systems that could, if attacked or exploited, bring down the internet are BGP and DNS.
BGP, or Border Gateway Protocol, is used to route traffic on the internet. There have been several attacks that hijacked BGP to reroute traffic, thus breaking the internet. Just this summer, a large amount of mobile internet traffic in Europe was rerouted to servers in China.
DNS, or domain name system, resolve web addresses such as www.gizmodo.com to the Internet Protocol (IP) address 151.101.194.166, much like a phonebook can be used to look up a telephone number. The IP address is necessary to route traffic on the internet. Bringing down the root DNS servers would disable the ability to lookup IP addresses and therefore “break” the Internet. The attack on Dyn’s DNS servers is an example of an attack on DNS servers that brought down the internet for a portion of the US.
The good news is these critical systems are widely known as points of failure for the internet and therefore, heavily monitored.
Jeremy Straub
Assistant Professor of Computer Science and Associate Director of the North Dakota State University Institute for Cyber Security Education and Research
There isn’t some gigantic on-off switch: The internet is a diversified platform, a lot of different networks connected to each other, so there’s no good way to turn it off.
Fundamentally, you have to think back to the original conception of the internet, which was to try to create a distributed network that could survive attacks on different government or military installations. It was designed to be resilient to external threats — but not necessarily to internal or peer-level threats, which is where you probably see the greatest potential risk factors.
When certain countries have tried to turn the internet off — in the whole country or in specific regions — they use techniques that basically interfere with or deny some of the services that people use online, or they take control of the actual pipeline to the rest of the world. The Great Firewall of China is an example of the latter — they filter the web, looking for things that are not appropriate.
On the other hand, when people have tried to turn off the internet in just one region, or deny access to particular groups, that has typically been accomplished through interfering with a service such as DNS, to make it so that, for at least those that don’t have a ton of technical knowledge, the internet just looks like it’s not working, even though you might have a lot of what is actually needed to have an internet connection. Denying critical services reduces the ability of the internet to work for most people, and makes large coordination a problem.
Certainly, there’s a lot of stuff on the internet that isn’t critical infrastructure — these are things that are ancillary, but which many people would consider important communications channels. Things like Facebook, for instance. Nobody’s going to immediately get injured or die if Facebook went offline — but it might push traffic that’s typically on that platform to a different platform, like the telephone, which might not be able to handle that influx.
More important are the critical infrastructure systems — things which, if they stopped working, would cause immediate danger. For instance, gas and power in the winter, or keeping reactors in check, and making sure water systems are working. The internet being knocked out isn’t going to cause the power to shut down — but knocking out the power is going to knock out the internet. So if somebody was really trying to deny internet access in an area, they might make that their target.
The next tier would be commercial systems — if a company’s website goes offline, it’s not going to cause famine, or injure or kill someone, but it could be very detrimental.
Kevin Butler
Associate Professor of Computer and Information Science and Engineering and Associate Director of the Florida Institute for Cybersecurity Research at the University of Florida
Probably the most important protocol to assure the continued operation of the internet, the Border Gateway Protocol, or BGP, is relatively obscure. BGP is the routing protocol that determines how IP packets move between networks at the granularity of organisations, or “autonomous systems” (ASes). Internet Service Providers have an AS (for example, Comcast is AS7922, AT&T is AS7018) and if you work for a large company that multi-homes their internet connection, there’s a chance they have an AS number as well.
BGP is a so-called “path vector” protocol: in other words, it looks for the shortest path length (the shortest number of ASes) to a destination. Whoever is advertising the shortest BGP route gets the traffic. Additionally, the more specific the set of routes that you’re advertising (e.g., a /24 representing 256 IP addresses in a netblock compared to a /16 representing 65,536 addresses), the more preferential your advertisement is.
Unfortunately, the ease of advertising a shortest route can have catastrophic consequences. The most infamous example of this happened back in 1997, when a small Florida internet provider started inadvertently advertising specific netblocks for much of the internet in ways that made them the preferred destination for other routers. The effect of this was a large portion of the internet’s traffic was routed to this small provider, which had no way to deal with the resulting crush of traffic.
Because the new “best routes” started being advertised throughout the internet, even though the routers at the victim ISP were continually getting knocked offline because of the traffic, it kept on coming. This led to a major outage. More recently, in 2008, Pakistan Telecom wanted to block access to YouTube for nationals in that country by advertising BGP routes to YouTube as going through it. Unfortunately these routes leaked outside of Pakistan and led to large portions of the internet sending their YouTube request traffic to Pakistan Telecom, denying service.
The key problem with BGP is the lack of authentication for where an advertisement originates or of the path being advertised. Solutions have been proposed in the past using cryptography to assure the integrity of advertisements but they have met with limited success operationally for a large variety of factors including computational overhead on already-strained gateway routers, the need for centralised trust, and the need for changing protocols on routers around the globe to handle this new security information.
If BGP was systematically attacked by a determined adversary to cause similar routing shutdowns, the internet as a whole could fully shut down. If it had to bootstrap from scratch, there is no guarantee that it would actually reconverge. To ensure that we never have to test this in practice, a dedicated group of network operators around the world vigilantly checks the state of internet routing.
Through mailing lists such as the North American Network Operator’s Group (NANOG) and similar ones in Europe and Asia, these operators keep each other aware (regardless of whether their companies are competitors) of anomalous routing conditions and outages. This first line of human-scale defence has been instrumental in preventing catastrophic failure of the global internet.
Dale Rowe
Associate Professor of Information Technology & Cybersecurity and Director of the Cybersecurity Research Laboratory at Brigham Young University
The internet is designed as a massive distributed network with no single party having total control. Fragmenting the internet (breaking it down into detached networks) would be the more likely result of an attempt. To our knowledge this hasn’t been attempted but one would imagine that some state actors have committed significant research to develop internet kill switches.
A few methods that could be viable:
DNS (Domain Name System): The address book of the internet. A DNS outage results an inability to translate hosts to IP addresses. Technically the internet wouldn’t be shutdown, but would be inaccessible to most users. DDOS (Distributed Denial of Service) attacks on this have already occurred and caused significant outages in the last few years.
One of the most notable was the Mirai botnet targeting DYNDNS servers. Since Mirai, significant research has been performed into countermeasures for similar attacks and it’s unlikely that this would result in a total shutdown today. As DNS is implemented across various platforms, a universal 0-day is unlikely to completely disable this globally.
Routing/addressing: Finding a 0-day in something like BGP (Border Gateway Protocol) across multiple vendors, or massive route-poisoning attacks could potentially fragment the internet to a state where it was unusable. There are some very old protocols here that could be vulnerable to a well researched attack although they have stood the test of time. With IPv6 on the rise, there are potentially new attacks in addressing/routing to be discovered in the next few years.
Physical: Cutting undersea cables combined with satellite jamming could cause continents to lose connectivity to each other and even fragment communications internally. This would be extremely complex to achieve but may be possible for state actors such as China, Russia, the USA, and potentially the UK and France. An electromagnetic pulse (EMP) can also disable electronics at range quite effectively.
While unlikely outside of wartime, this is probably the most effective way to shutdown the internet within a large, but specific region. The best known examples of this are from a nuclear weapon blast, but there are also non-radioactive means to cause localised EMP’s. TLDR: targeted physical attacks at key locations and choke-points could potentially disable the internet at a large scale.
Some of the smartest minds in technology and science are constantly looking at new ways to add redundancy and increase resilience for the internet. While most people shouldn’t lose sleep about this happening right now, it’s might be a good idea to consider contingency plans without it.
Justin Cappos
Associate Professor, Computer Science and Engineering, New York University
Shutting down the entire internet would be about as difficult as shutting down all of the roads in the world, an analogy I’ll use below.
An attacker could cripple a lot of traffic on the internet by using a backhoe and/or submarines to cut many of the key fibre-optic cables that serve as the backbone of the internet. This would be similar to disrupting automotive traffic by damaging major highways all around the world. It would stop or slow long distance communication, which is much more common on the internet than long distance travel is on roads. This would be massively disruptive, but large parts of the internet would still be able to communicate locally.
Flooding networks on the internet with traffic is another strategy. This would be like trying to clog up all the roads with extra cars. The problem both in the internet and real world is that it would be hard to both transmit enough traffic and to do so in all of the right areas simultaneously. Network operators would notice and block such traffic quickly (perhaps in an automated way), as they are accustomed to seeing this sort of attack traffic already. So this is not likely to be an effective way to shut down the Internet.
It would be possible to disrupt DNS (Domain Name Service), the service that changes names like google.com into an Internet Protocol address like 1.2.3.4 (which is what computers use). This is similar to how you might ask a driver to take you to the White House (similar to a DNS name) instead of to 1600 Pennsylvania Avenue (similar to an IP address). So, while this would break programs that use DNS, many aspects of the internet would function just fine.
An attacker could go after the routing aspect of the internet which is called BGP (Border Gateway Protocol). This serves somewhat like Google Maps that tells data on the network how to get from point A to point B. While it is possible to disrupt this for parts of the internet, it is hard to disrupt routing for computers that are far away from where you are attacking.
A common way to disrupt traffic is to say that you have a fast (perhaps instant) way to get to an address. However, if someone is far away, just getting to you will take them longer than to go to the legitimate way. Even if they had a lot of computers able to do this around the world, the issues would still only be localised to some extent. So this also would cause only partial disruption.
Even a social movement which tried to ban the internet and had people try to rip out infrastructure may not have great effect. One of the main design goals of the internet is to be resilient to attack. So to be effective you really need to disrupt such large segments of the internet that it seems quite impractical it could happen, much like the difficulty of getting people to tear up all of the roads in the world.
To actually shut down the entire internet would require disrupting effectively all networks (both wired and wireless) all over the globe. This would require a massive, catastrophic event such as a meteor that destroys much of the planet. If this happens, whether or not the entire internet has completely shut down will be the least of our worries.
Jessica Beyer
Lecturer and Research Scientist, International Studies, University of Washington, whose research focuses on cybersecurity issues, particularly non-state actors and international security
There is no one answer to this question, but here are some (although not all) possible answers. Many of the ways one might shut off the entire internet are related to the underlying infrastructure of the internet. Like many elements of internet resiliency, the resilience of the internet is variable depending on density of providers, resilience of critical infrastructure, and the number of national connections to global infrastructure.
For instance, lots of countries routinely use internet blackouts in the wake of major political events or tragedies, such as following the 2019 Easter bombings in Sri Lanka or during elections like during the DRC 2019 election. Other countries use internet blackouts during major events, such as Algeria’s 2018 blackout during national exams.
Also common is the use of blackouts as a social control mechanism to frustrate political organising, as Cameroon did when it cut internet in its Anglophone region in 2017. Usually this type of internet blackout is at the request of governments who simply require all internet service providers (ISPs) to stop providing service.
Another way to shut off most of the internet would be for an actor to engage in a coordinated effort to destroy the cable network that carries the internet around the world, particularly the submarine cables that crisscross the ocean. A malicious actor would also want to target major internet exchange points where different networks meet. Much of this infrastructure is hidden in plain sight. For instance, political protesters have cut cables in the past as part of their protest, as happened in Haiti in 2018, or cables have been cut by accident by ship anchors as happened in UAE in 2008. The internet would still, theoretically, be available to some via satellite, but it would not be widely available.
Another way to shut off the entire internet would be to shut off electricity. There are lots of ways to accomplish this, although it would be challenging to do it globally all at once.
Justine Sherry
Assistant Professor, Computer Science, Carnegie Mellon University
Shutting down the internet is something the designers of the internet wanted to prevent from the start: the internet was originally a research project from the US Defence Department and the designers worried a lot about attacks on the United States. Hence, one of their earliest goals was to make sure the network would stay online despite failures of the links and routers that keep networks connected.
The internet is capable of re-directing messages along alternate routes when large fractions of the network go down. I like to think about it like driving in Pittsburgh: if Forbes Avenue is closed, I can take Fifth Avenue. If Fifth Avenue is closed, I can take Penn Avenue. There are many ways to get to my destination, even if many streets and intersections are closed. The internet is designed on this principle: even if some paths fail, the network will find another way to deliver messages to their destination. Hence, I think it would be hard to shut down the internet.
That said, if I were a malicious actor trying to do the most damage to the internet, I would probably go after internet services rather than the internet itself. Every day, I interact with only a few companies online: Google manages my email and calendar, Amazon manages my shopping lists and online purchases, Microsoft has many of my documents, etc. All of these major companies store their data in large warehouses called data centres, and there are only a few tens of data centres for each company across the U.S.
If I were to disconnect the power to each of these few buildings, I would knock all of their services offline: no more email, no more online shopping, no more writing documents in my web browser. To follow the analogy of streets above, this would be like being able to drive around town but every store being closed. My messages might be able to reach Google or Amazon, but the computers on their side would not be online to reply to me.