Russia has nearly completed an alternative to the Domain Name System — the common “phone book” of the internet that translates numerical IP addresses to readable text like “Amazon.com” and “NYMag.com.” When implemented, the DNS alternative could separate Russia and its allies from the rest of the connected internet — a possibility that, however remote, has experts worried about a “balkanization” of a global network.
Last November, the Russian Security Council announced its ambition to create an independent internet infrastructure for Russia and the other members of BRICS (Brazil, India, China, and South Africa). According to reports, the Russian government sought to create the alternative internet to protect itself from American and Western manipulation of internet services and avoid “possible external influence.” (Sound familiar?)
Now, the project appears near completion. Last week, a senior member of the Russian Foreign Ministry reportedly said that the DNS alternative was ready, but would only be used in “the worst-case scenario.” While the Russian government claims it needs this DNS alternative as a defensive measure to avoid American and Western European cyberattacks, security experts worry it could be used as a backup for an offensive attack.
“If they have their own DNS system that would make it easy for them to threaten or to actually attack our [internet] infrastructure,” Mike Lloyd, a network security expert at RedSeal, told Select All.
Lloyd compared the internet to a medieval city where everyone drinks from the same water well. “If I choose to dig another well because I want another water supply, is that because I am worried you are going to cut off access to my water supply, or is it because I want to poison your water supply and be able to keep drinking mine?” Lloyd added.
A fully implemented DNS alternative could also impede experts’ ability to trace online trolls and misinformation spreaders. “Right now, forensic analysts have a lot of access into DNS records,” Bob Gourley, CTOvision publisher and former chief technology officer at the Defense Intelligence Agency, told Select All. “Russia would have the ability to reduce the forensic evidence that investigators have access to.”
In the event of misinformation attacks, like the ones conducted during the 2016 elections, this alternative DNS would make it easier for a nation state to cover its tracks. “The use of these Russian internet troll farms and these social-media campaigns, even figuring that out is going to be harder if Russia controls all the DNS information,” added Gourley.
While experts would still likely be able to trace a troll farm back to its nation origin, this DNS alternative would make it difficult to pinpoint the exact address of origin. In the Russia example, Gourley said, this would make it easy for the government to deny responsibility.
According to Lloyd, the Russian Foreign Ministry’s claim that it’s using the system to avoid Western surveillance does not add up. Since most of the actual underwater internet cables route through the United States at some point, Lloyd says Russia would need to physically relay its own cable if it truly wanted to eliminate the possibility of Western surveillance.
Russia’s DNS alternative also differs significantly from other internet manipulations in authoritarian states like China and North Korea. Where China’s Great Firewall places a premium on surveillance, Russia’s DNS alternative does not. Partly, this is because of cost (China reportedly employs over 2 million workers to manage its surveillance state), but also because Russia realizes it is engaged in a constant arms race with its citizens between surveillance and circumvention — a race it is unlikely to win. As Russia and Iran’s recent Telegram-ban failures demonstrate, tech-savvy users will find ways around most blocks.
While Russia may not invest as heavily in surveillance, if implemented properly, Gourley said this new DNS alternative could severely restrict access to certain sites by Russian citizens. According to Gourley, the Russian government could choose to limit access to Western sites like Facebook or Google, or restrict Western news outlets.
“This shows how important geopolitical factors are to the technology world,” Gourley said. “Global politics and how the internet is governed are totally related now. Russia and China have overlapping interests when it comes to cracking down on the use of the internet by open societies, and cracking down on the internet within their own countries.”
Of course, the degree to which you should worry about an attack on DNS depends largely on how suspicious you are of Russia. The thing is, Russia has already proven that it possesses the capacity and the willingness to attack nation states by crippling their internet infrastructure.
Take last year’s NotPetya ransomware attack, which crippled Ukraine’s power grid and banking sector and led to the loss of billions of dollars throughout Europe. The attack was attributed to the Russian GRU foreign military intelligence agency by both the United States and the United Nations. These threats on internet and physical infrastructure are not just limited to Ukraine. In March, the U.S. Department of Homeland Security and the FBI released a joint statement that claimed that Russian cyberthreat actors have been targeting critical U.S. infrastructure since 2016.
On an early October morning in 2016, millions of U.S. internet users awoke to find their daily routines in shambles. Morning Mix Spotify playlists would not load, Netflix streams were down, and PayPal accounts were disabled. Those searching for answers on Twitter and Reddit found that they, too, were offline.
By the end of the day, service to these sites returned, but the damage was done. DYN, a major DNS provider and one of the main backbones of the internet, had been attacked by a powerful, destructive botnet.
This massive disturbed-denial-of-service attack launched against DYN was one of the largest in history and introduced the world to now-notorious Mirai Botnet. It was also launched by a crew of teenage Minecrafters.
According to Lloyd, a successful Russian attack on DNS could resemble something akin to the DYN attack, except instead of originating with kids, it would have the financial and military backing of major Russian intelligence agencies. With its own DNS, Russia (and any allies using the alternative) could launch an attack without getting caught in the cross fire.
Again, one should treat possibilities of cyberdoom with a heavy bit of skepticism. Maybe this Russian internet precaution does serve the sole purpose of protecting Russia from potential U.S. intervention. Indeed, the U.S. has its own proven track record of foreign manipulation.
However, given the post–2016 election revelations of Russian hacking and online manipulation throughout the U.S. and the West, and the Kremlin’s close ties to NotPetya, one need not stretch the imagination far to give credence to these concerns.