It seems as though there is single body out there carrying out a systematic attempt to test the defenses of the internet’s fundamental infrastructure, presumably with the intention of one day breaking those defenses.
While the sources for the article are anonymous, they hardly need naming since Schneier makes it clear that his research has collected insight from virtually all major internet companies, from large service providers like AT&T all the way to organizing bodies like Verisign or potentially even ICANN itself. Somebody is searching for weaknesses in the sorts of places that many assume you’d only attack for one reason: crashing all or a large portion of the internet.
The basic narrative is this: Schneier has been hearing sustained, widespread reports from fundamentally important internet companies that they are experiencing a marked uptick in certain kinds of attacks, in particular Distributed Denial of Service (DDoS) attacks. These have been not only getting stronger, longer lasting, and more diverse, but they’ve been moving in seemingly systematic, investigatory ways. Schneier describes a scenario in which attackers sent predictable probing attacks against successively higher levels of security until it had tested everything, apparently being exhaustive in their search for failure points.
One important aspect of these attacks is their power and frequency, implying enormous resources at the disposal of the attacker and strongly indicating a nation-state as the culprit. Schneier name-drops both China and Russia as the most likely culprits (China most of all), but he can’t say for sure. In addition to the sheer volume of the attacks, however, is their variety, forcing defenders to roll out their full complement of defenses. This could be interpreted as an attempt to get defenders to “bare all,” and make their full defensive capabilities known. Corero director Sean Newman said the attacks his company has seen are short and “sub-saturating,” likely meant to slowly approach and find the target’s exact maximum traffic capacity.