If you want to commit the greatest conceivable act of terrorism and declare a version of war against every country on the planet, you only need to take the world offline.
So many facets of human life are nowadays facilitated by a giant machine called “the internet,” which networks the world to unlock all kinds technological convenience. By instantaneously moving information from one place to another, the internet touches everything we depend on in 2016 — our transportation systems, our mortgage payments, and our Amazon purchases alike. To say goodbye to it permanently wouldn’t be like losing a limb; it would require a whole new worldview.
Malicious actors have previously made parts of the internet disappear for some people. It happened as recently as October, when a distributed denial of service (DDoS) attack against a company called Dyn temporarily made A-list services like Reddit, Twitter, and Spotify evaporate. Acting as a type of phone book for the internet, Dyn provides domain name system services to these and many more sites, so when you type, say, “www.facebook.com” into your browser, Dyn translates this into the numerical IP address of the server you want to access.
Domain name system service providers are what make the internet usable for humans. When hackers successfully overwhelmed Dyn’s servers with bogus requests for information, the system could no longer handle legitimate traffic. A fundamental infrastructure that makes part of the internet work had been turned off, and with Twitter down, no one could tweet their complaints about it.
But what would it take to multiply this effort such that the entire internet was permanently taken down? How many people would it take to pull it off?
Though many computers were involved in the attack against Dyn, it theoretically would have taken only one person to steer the ship. The weapon of choice for these situations is a “botnet,” or a collection of private computers infected by the same malware, granting a third party some control over these machines. A botnet of a few thousand infected computers could be used for everything from sending spam email messages to manipulating online polls. A botnet owner with a few hundred thousand internet-connected computers at his or her disposal could cause much higher-profile problems, like making Facebook disappear for the internet-using public.
But can one person take down the entire internet? “The answer is no,” says Gleb Budman, CEO of BackBlaze, a backup company and cloud storage provider. “Even the large-scale attack against Dyn still only knocked out certain sites down for certain people for certain amounts of time. That myth is busted.” And as a botnet relies on the internet to work, it can’t destroy the system that enables it.
It’s difficult to cripple the web because it’s extremely robust. In his book Tubes: A Journey to the Center of the Internet, author Andrew Blum calls it a “network of networks” — it has no single off switch, but is instead a collection of layered systems that interact with each other to keep us online and connected at all costs. This means botnet-enabled denial of service attacks have more in common with vandalism and short-lived inconvenience than they do with actual lasting damage. But this hasn’t stopped people from seeking to do more genuine harm to the internet.
In the age of wi-fi, it’s easy to forget that most of the internet is still physical. Our communication with distant parts of the world is made possible only because an immense system of communication cables sits on the ocean floor, connecting continent to continent. You can browse a map of these cables -. Large countries are connected at a number of points, meaning their web traffic is easily rerouted around digital roadblocks; a host of detours are available when a country needs them.
But consider a smaller nation like New Zealand, connected to the rest of the world by just two cables. With a couple serious snips in the right place, an entire country gets knocked offline (divers in Egypt were caught doing exactly this in 2013). If this seems like a like an obvious problem deserving a resilient solution, you’re right: The consensus is that these essential cables are “surprisingly vulnerable.” Earthquakes, deep sea divers, large anchors, and even sharks have taken areas of the globe offline for a few days to a few months.
In 2015, someone carried out a mysterious series of attacks on the West Coast’s fiber optic cable system. Again, the method was low-tech but effective: By climbing down manholes and cutting cables, the actor was able to slow California’s internet speeds and even interrupt Microsoft’s enterprise service, Azure. If that effort were carried out at a larger scale, or deep in a remote part of the ocean, it would wreak a lasting havoc difficult to recover from.
And since it’s common today for those in the developing world to manage their entire relationship with the internet through an iOS- or Android-powered mobile phone, “if something happened to shut off the internet in these systems, half the world loses its connectivity,” says Budman.
This consolidation of resources hasn’t really been seen before in the history of the internet, which was born as random, varied servers popped up all over the place. But we are accessing the internet in an increasingly homogenous way; a hack or flaw in these dominant systems — or a questionable decision by Google and Apple — could make the internet disappear for more than a third of the 3.2 billion people who access the internet each year.
There is simultaneously relief and caution -. No one person could permanently dismantle the internet, but if a savvy-enough group of people acted together to jam networks and attack physical infrastructure, then we’d all have to start reading books again.