Why what happened to the Internet in Syria couldn't happen here
- 30 November, 2012 20:59
The Internet shutdown in Syria likely took very little to accomplish considering the country's limited Internet infrastructure and international connectivity, network analysts said Friday.
Such a move would be much harder, if not impossible, to achieve at least from a technology standpoint, in the U.S. or other democracies with mature Internet infrastructures, they said.
Syria on Thursday suddenly dropped off the Internet, as the result of what many believe was the government's decision to pull the plug on Internet connectivity.
Internet monitoring companies, including Renesys, Arbor Networks and CloudFlare on Thursday reported seeing the drop off around 6 a.m. ET when all 84 of Syria's IP address blocks suddenly became unavailable. All Internet traffic between Syria and the rest of the world stop flowing within a period of five minutes.
Since then, the country has remained off the grid, prompting CloudFlare to describe the situation as a "more complete blackout" than any witnessed in other countries in the region over the past two years.
As unusual as such blackouts are, they are not particularly hard to pull off in a country like Syria, said Earl Zmijewski, general manager at Renesys.
"In Syria you have a situation where there is one incumbent Internet service provider," Zmijewski said. All Internet communications go through the state-run Syrian Telecommunications Establishment (STE), which has total control over them.
All it would have taken for the Syrian government to shut down the entire country's Internet was a single call to STE, he said. STE could have simply switched off the routers handling international traffic so they would stop announcing routes to the global Internet, Zmijewski said.
The same result could have just as easily been achieved through a software update changing router configurations, or by shutting off power to the building or room housing the routers and servers.
"The routers inform the world 'hey I own these networks, send me all the traffic to them,' " he said. "If they stop doing that, the routes are withdrawn. It can be done with software, by pulling the plug on the cable or by turning the power off to your facility."
The ease with which an entire country can be disconnected from the Internet depends almost entirely on the number of Internet entry and exit points it has, said Carlos Morales, vice president of global sales engineering and operations at Arbor Networks. It's easy to cut countries like Burma and Syria off the Internet because all they have is a single government-owned ISP with an international connection, he said.
Not only are such infrastructures easy to shut down, they are also much more susceptible to denial-of-service attacks and router-poisoning attacks, he said. "The Internet is all about IP routing reachability," he said. "People traveling on roads know how to get to their destination. On the Internet, at every point you need to be told where to go next." So if the routers that perform that task for a country are shut down, the country disappears from the Internet, Morales said.
The situation in Syria highlights the importance of having physical and logical diversity in the Internet infrastructure, Zmijewski added. Egypt, which suffered through a somewhat similar blackout two years ago, had multiple companies providing Internet services within the country. Even so, the government there was able to easily choke off the Internet because the providers were operating from a fairly limited set of facilities, he said.
"In Egypt's case, they just turned off the power to the facilities where the cables were coming in," Zmijewski said.
Achieving a similar result in a country like the U.S., with its countless Internet entry and exit points and numerous services, would be infinitely harder, even if such a thing were legally permissible, Renesys said. According to the company, countries like the U.S, Canada, Australia, the Netherlands and many in Europe and South America have more than three-dozen major ISPs connecting to the global Internet.
Each country has too many paths for Internet connectivity and too many independent providers to allow for large scale Internet shutdowns. While a government could conceivably impair connectivity by forcing large providers to shut down, there would still be too many paths in and out of the country that remain open, Renesys CTO James Cowie wrote today.
Countries such as China, India, Mexico, Israel and Vietnam, which have between 10 and 40 internationally connected service providers, are also at fairly low risk of total disconnection, Cowie said. The countries, about 72 in all, with fewer than 10 ISPs that are exposed to significant risk of total blackouts, he said. Among them are Oman, Uganda, Iran, Pakistan and Armenia. Though disconnection would not be especially easy, it could be achieved, he said. A total of 61 countries, including Syria, Tunisia, Libya and Ethiopia, have just one or two international ISPs and are st severe risk of disconnection.
For countries like the U.S., the bigger risk is Internet disruptions from attacks against the Internet's core Domain Name System (DNS) servers and other critical infrastructure, Morales from Arbor Networks said. Even here, it would be an enormous task to completely take down the Internet as was done in Syria, he said. "It would be very much harder to black out the Internet in the U.S. either willfully," or by attacking it, he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.
Read more about networking in Computerworld's Networking Topic Center.