Don't panic: The Internet is not collapsing, despite a spike in global 'attack' traffic

Don't panic: The Internet is not collapsing, despite a spike in global 'attack' traffic

Summary: It turns out the definition of "attacks" and "malicious activity" might be to blame. And a little enthusiastic over-egging of the panicky pudding.

SHARE:
TOPICS: Networking, Security
2
upload-lede
(Screenshot: ZDNet. Image: Akamai)

The Internet isn't about to collapse or crumble, despite two long threads on popular technology site Hacker News and news-sharing site Reddit suggesting (in some cases) that it might.

Pointing to Akamai's Real-time Web Monitor, which tracks "global Internet conditions around the clock," many drew concern from the meter showing that attacks were — at the time — up as much as 98 percent.

At the time of writing, the meter showed attacks were up by close to 107 percent above normal.

Across the U.S., which saw some of the brightest colors in the attack vector heatmap, New York saw 36 attacks in a 24-hour period, while Illinois had 40 attacks, and Idaho had 137 attacks. California, home to Silicon Valley technology giants, saw a massive 497 attacks in the day-long period.

second
(Screenshot: ZDNet. Image: Akamai)

Some speculated it was due to the recent one-year anniversary of hacker Aaron Swartz's death, reported by ZDNet's Violet Blue. One commenter on Hacker News said:

Likely an accumulation of attacks in commemoration of the anniversary of Aaron Swartz's death, as have been going on the last few days.

While Reddit users took to a giant thread under the name "Internet's Going Down, Abandon Ship!" Except, it wasn't. Further speculation on the thread pointed to AT&T, Google, a bevy of DNS servers, the Internet backbone, or even Syria.

In fact, Akamai, which provides the Internet attack heatmap, tweeted that Syria saw a massive country-wide outage that lasted more than an hour on Monday.

Likely neither we to blame for the near-blind panic and speculation.

Akamai's Robert Morton explained on the phone to ZDNet said that it was "not a massive distributed denial of-service (DDoS) attack against anyone."

The apparent spike in attack traffic is more of a reflection of what the tool is designed for.

On its description page, it says:

"We collect data on the number of connections that are attempted, the source IP address, the destination IP address and the source and destination ports in real time. The packets captured are generally from automated scanning trojans and worms looking to infect new computers scanning randomly generated IP addresses. The attack traffic depicts the total number of attacks over the last twenty-four hours."

The malicious packets are "generally" from automated scanning malware — not too dissimilar to a burglar with a key trying on each door in a neighborhood to break into someone's home. Eventually, statistically, the thief will break in.

"The visualization took is a look at what we call the darknet — where the information comes from our unnamed, unadvertised 'honeypot' servers," he said. "We count any hit or look at our servers as 'malicious traffic'."

"Anyone looking for those servers would be considered a malicious attack," he added.

Akamai also confirmed that it's not unusual to see large fluctuations above or below the normal amount — such as Monday — when the real-time monitor's meter was registering almost 800 attacks per hour.

While many consider the Akamai monitor to be DDoS traffic, the tool in fact registers "malicious" traffic, which boiled down is an attempt to connect to one of Akamai's hidden set of Internet-connected servers.

In speaking to the company's security contacts, he suggested it could be that someone is testing out a new scanning tool, or simply looking for vulnerable servers. "While you may see a large percentage spike in traffic, it's actually a small sample set than the overall platform."

Bluntly putting it: "The Internet is not collapsing around itself," Morton said.

Well that settles it. Back to sharing kitten pictures and animated GIFs, then. 

Topics: Networking, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Clarity Needed

    Aaron Swartz technically was a hacker, but not necessarily in the same vein as the hacking being addressed in this article. I would hope the informed reader knows that Aaron Swartz was being pressured by our government not so much for his "hacking" of JSTOR, but for his inconvenience to those who prefer to keep their activities hidden from public view.

    I believe truly bad people (hackers who steal pension funds) get a slap on the wrist (or ignored by the authorities-think NSA) where as Aaron was getting the whole 500 pound book thrown at him from making scientific research available to those who didn't pay for it.
    Pronounce
  • My old father (a veteran of WW2) hopes ...

    ... the destruction of internet because he thinks it has made people even more stupid than they used to be. He got opionion not much different than that of Tony Soprano:

    "How 'bout the fact that I hate my son? I come home, he's sittin' on the computer in his underwear...wastin' his time in some chitchat room goin' back an' forth with some other f---uckin' j---erkoff... gigglin' like a little school girl. I wanna f---uckin' smash his f---uckin' face in."
    MacBroderick