FBI Operating System....

Recently, Dark Web News published a story about the Federal Bureau of Investigation (FBI)’s very public Joint Criminal Opioid Darknet Enforcement (dubbed the J-CODE team), and their targeting of high profile vendors on darknet markets.

It’s unquestionably a politically charged initiative on the back of the Trump administration’s rhetoric which seems to consist of his left hand of being tough and hard on drug users, while using the right hand to tweet.

In a coordinated media effort, the FBI has released a video on YouTube seemingly in an attempt to both instil fear in all those that might be in their crosshairs, and satisfy those that crusade in the 40-year so-called “War on Drugs.”

The clip is relatively tame, showing the internals of a darknet market and the reviews left on a very popular vendor’s listing.

What’s more interesting in these types of videos is the window the audience briefly gets to see from the outside world into what’s beyond their narrative—right into their office.

Even if it is all for show, there are little things to notice here:

2. An FBI Cyber Team Member Uses a 11” MacBook Air

From this information, simply the type of computer used, we immediately understand that this isn’t a run of the mill, stock standard team, issued with some enterprise Windows 7 box. These agents may get to select their own gear, or the FBI may trust Apple’s source code a little more than Microsoft.

What can we take away from this? We can take away that if the FBI cyber team puts their faith in a Mac, maybe we should too.

But wait, they are clearly running what appears to be a Windows 10 desktop? Yes, they are. And interestingly, it’s an unauthorized version.

We can see the unmistakable watermark of an unregistered Windows operating system in the bottom righthand corner of their screen.

2. But, the Video Shows the Windows OS

Since it’s clearly a Windows operating system on Apple hardware, the agent is either dual booting the MacBook Air, or more likely, this person is running a virtual machine.

This, again, reveals an important piece of information to us, and something darknet market users need to take note of: running a virtual machine should be the minimum for accessing marketplaces. More secure would be booting an operating system like Tails from a USB, but it seems that the FBI is happy with the level of operational security a virtual machine, that is sandboxed from the rest of the computer’s file systems, provides them.

There is another element of trust which arises when using a virtual machine on a computer: the host computer does have the final say when it comes to the security of your virtual operating system since traffic passes through.

If the host system is compromised, so too can the virtual box. It isn’t failsafe. That’s why you’ll find that Tails is a very secure method of accessing the dark web and using darknet markets.

It appears as though the FBI team trusts Apple’s source code to a pretty high degree. But who knows whether the FBI has had access to Apple’s source code and have been able to perform their own audit.

They do have the ability to break Apple’s pretty reasonable encryption (insofar as massive consumer grade products go).

The Overall Message

The clip progresses to a bunch of heavily armed agents and officers from a variety of organizations, presumably to get a pretty clear message across. They are coming. We can deduct from this that they still see the War on Drugs as an actual war, as opposed to a societal issue not addressed.

It’s abundantly clear from multiple sources that addiction should not be a crime, nor does imprisonment treat issues.

Case in point is Portugal. They are a model of what the future should be. Freedom, choice, and safety.

Perhaps we’re reading into it all too much. It’s a short promotional clip. Perhaps it all is what it is and the short clip means very little.

Perhaps. But I guarantee that every piece of information the FBI and other investigatory organizations get their hands on is examined, twisted, hypothesized and stereotyped.

Every chunk of metadata is used and processed to profile their targets. Those of us who are not targets, who are law-abiding and reasonable, need to put the magnifying glass back to where it belongs: the government and all its arms and legs.

Wi Fi Hacking In Window.....

How to Hack Wi-Fi Passwords

Chances are you have a Wi-Fi network at home, or live close to one (or more) that tantalizingly pops up in a list whenever you boot up the laptop.

The problem is, if there's a lock next to the network name (AKA the SSID, or service set identifier), that indicates security is activated. Without the password or passphrase, you're not going to get access to that network, or the sweet, sweet internet that goes with it.

Perhaps you forgot the password on your own network, or don't have neighbors willing to share the Wi-Fi goodness. You could just go to a café, buy a latte, and use the "free" Wi-Fi there. Download an app for your phone like WiFi-Map (available for iOS and Android), and you'll have a list of over 2 million hotspots with free Wi-Fi for the taking (including some passwords for locked Wi-Fi connections, if they're shared by any of the app's 7 million users).

However, there are other ways to get back on the wireless. Some require such extreme patience and waiting that the café idea is going to look pretty good. Read on if you can't wait.

Windows Commands to Get the Key

This trick works to recover a Wi-Fi network password (aka network security key) only if you've previously attached to the Wi-Fi in question using that very password. In other words, it only works if you've forgotten a previously used password.

It works because Windows 8 and 10 create a profile of every Wi-Fi network to which you attach. If you tell Windows to forget the network, then it also forgets the password, so this won't work. But most people never explicitly do that.

It requires that you go into a Windows Command Prompt with administrative privileges. To do so, use Cortana to search for "cmd" and the menu will show Command Prompt; right-click that entry and select "Run as administrator." That'll open the black box full of white text with the prompt inside—it's the line with a > at the end, probably something like C:\WINDOWS\system32\>. A blinking cursor will indicate where you type. Start with this:

The results will bring up a section called User Profiles—those are all the Wi-Fi networks (aka WLANs, or wireless local area networks) you've accessed and saved. Pick the one you want to get the password for, highlight it, and copy it. At the prompt below, type the following, but replace the Xs with the network name you copied; you only need the quotation marks if the network name has spaces in it.

netsh wlan show profile name="XXXXXXXX" key=clear

In the new data that comes up, look under Security Settings for the line "Key Content." The word displayed is the Wi-Fi password/key you are missing.

On macOS, open up the Spotlight search (Cmd+Space) and type terminal to get the Mac equivalent of a command prompt. Type the following, replacing the Xs with the network name.

Command: security find-generic-password -wa XXXXX

Reset the Router

Before you do a full router reset just to get on the wireless, try to log into the routerfirst. From there, you can easily reset your Wi-Fi password/key if you've forgotten it.

That's not possible if you don't know the password for the router, either. (They're not the same thing unless you set it up that way). Resetting the router only works if you have access. That access could be over Wi-Fi (which we've just established you don't have) or physically utilizing an Ethernet cable.

Or that access can simply be that you are in the same room as the router. Almost every router in existence has a recessed reset button. Push it with a pen or unfolded paperclip, hold it for about 10 seconds, and the router will reset to the factory settings.

If you've got a router that came from your internet service provider (ISP), check the stickers on the unit before a reset—the ISP might have printed the router and Wi-Fi key right on the hardware.

Once a router is reset, you need another password (plus a username) to access the router itself. Again, you can do this via a PC attached to the router via Ethernet—you'll need that since the reset probably killed any potential Wi-Fi connection you had going in. The actual access is typically done with a web browser.

The URL to type is either 192.168.1.1 or 192.168.0.1, or some variation. Try them randomly; that generally works. To figure out which one, on the PC connected to the router, open a command prompt and type "ipconfig" without the quotes. Look among the gobbledygook for an "IPv4 Address," which will start with 192.168. The other two spaces, called octets, are going to be different numbers between 0 and 255. Note the third octet (probably a 1 or 0). The fourth is specific to the PC you're using to log into the router.

In the browser, type 192.168.x.1, replacing the X with the number you found in the ipconfig search. The 1 in the last octet should point at the router—it's the number one device on the network.

At this point, the router should then ask for a username and password. You can check your manual, but you probably lost it or threw it away. So instead, go toRouterPasswords.com, which exists for one reason: to tell people the default username/password on every router ever created.

You'll need the router's model number, but that's easy enough to find on the back or bottom. You'll quickly see a pattern among router makers of having the username of admin and a password of password. Since most people are lazy and don't change an assigned password, you could try those options before hitting the reset button. (But c'mon, you're better than that—change the password when you access the router's settings via your web browser.)

Once you've accessed the router interface, go to the Wi-Fi settings, turn on the wireless networks, and assign strong but easy-to-recall passwords. After all, you don't want to share with neighbors without your permission.

Make that Wi-Fi password easy to type on a mobile device, too. Nothing is more frustrating than trying to get a smartphone on Wi-Fi with some cryptic, impossible to key-in-via-thumbs nonsense, even if it is the most secure.

Crack the Code

You didn't come here because the headline said "reset the router," though. You want to know how to crack the password on a Wi-Fi network.

Searching on "wi-fi password hack," or other variations, nets you a lot of links—mostly for software on sites where the adware and bots and scams are pouring like snake oil. Download them at your own risk, for Windows PCs especially. It's best to have a PC that you can afford to get effed up a bit if you go that route. I had multiple attempts with tools I found just get outright deleted by my antivirusbefore I could even try to run the EXE installation file.

You could create a system just for this kind of thing, maybe dual-boot into a separate operating system that can do what's called "penetration testing"—a form of offensive approach security, where you examine a network for any and all possible paths of a breach. Kali Linux is a Linux distribution built for just that purpose. You can run Kali Linux off a CD or USB key without even installing it to your PC's hard drive. It's free and comes with all the tools you'd need to crack a network. It even now comes as an app for Windows 10 in the Windows App Store! If you're only after a Wi-Fi network, the Wifislax distro is a Live CD targets them directly.

Introduction of Virus...

What is Virus??

A virus is a self-replicating program that produces its own copy by attaching itself to another program, computer boot sector or document.

• It infects other programs, 
• Alters Data
• Transforms itself
• Encrypts Itself
• Corrupt files and Programs
• Self Propagates

Different types of Viruses:

Boot sector virus

A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). The infected code runs when the system is booted from an infected disk, but once loaded it will infect other floppy disks when accessed in the infected computer. While boot sector viruses infect at a BIOS level, they use DOS commands to spread to other floppy disks. For this reason, they started to fade from the scene after the appearance of Windows 95 (which made little use of DOS instructions). Today, there are programs known as ‘bootkits’ that write their code to the MBR as a means of loading early in the boot process and then concealing the actions of malware running under Windows. However, they are not designed to infect removable media.

The only absolute criteria for a boot sector is that it must contain 0x55 and 0xAA as its last two bytes. If this signature is not present or is corrupted, the computer may display an error message and refuse to boot. Problems with the sector may be due to physical drive corruption or the presence of a boot sector virus.

File overwriting or cavity Virus

Viruses use different strategies to infect host files. This article explains these strategies so that the infection type of viruses can be identified during analysis. 

Depending on the file infection strategy it is sometimes possible to remove or disable the malicious code from an infected file. This process is called disinfection and performed by antivirus software. Disinfection does not necessarily restore the file to its original form.

Crypter

A crypter is a type of software that can encrypt, obfuscate, and manipulate malware, to make it harder to detect by security programs. It is used by cybercriminals to create malware that can bypass security programs by presenting itself as a harmless program until it gets installed.

Polymorphic virus

Polymorphic viruses are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection. To vary their physical file makeup during each infection, polymorphic viruses encrypt their codes and use different encryption keys every time.

Polymorphic viruses rely on mutation engines to alter their decryption routines every time they infect a machine. This way, traditional security solutions may not easily catch them because they do not use a static, unchanging code. The use of complex mutation engines that generate billions of decryption routines make them even more difficult to detect. 

Polymorphic viruses are usually distributed via spam, infected sites, or through the use of other malware. URSNIF, VIRLOCK, VOBFUS, and BAGLE or UPolyX are some of the most notorious polymorphic viruses in existence. When combined with other malicious routines, polymorphic viruses pose even greater risk to its victims. In March 2015, researchers found that VIRLOCK evolved to include ransomware routines, making it a challenge to detect and remove.

Tunnelling Virus

One method of virus detection is an interception program which sits in the background looking for specific actions that might signify the presence of a virus. To do this it must intercept interrupts and monitor what’s going on. A tunneling virus attempts to backtrack down the interrupt chain in order to get directly to the DOS and BIOS interrupt handlers. The virus then installs itself underneath everything, including the interception program. Some anti-virus programs will attempt to detect this and then reinstall themselves under the virus. This might cause an interrupt war between the anti-virus program and the virus and result in problems on your system.

Some anti-virus programs also use tunneling techniques to bypass any viruses that might be active in memory when they load.

Metamorphic virus 

A metamorphic virus is one that can transform based on the ability to translate, edit and rewrite its own code. It is considered the most infectious computer virus, and it can do serious damage to a system if it isn't detected quickly. Antivirus scanners have a difficult time detecting this type of virus because it can change its internal structure, rewriting and reprogramming itself each time it infects a computing system. This is different from a polymorphic virus, which encrypts its original code to keep from being detected. Because of their complexity, creating metamorphic viruses requires extensive programming knowledge.

Macro Virus

A macro virus is a computer virus that replaces a macro, which is what enables a program to work and instigates a designated group of actions and commands. When these actions and commands are replaced by a virus, this can cause significant harm to a computer. 

Macro viruses can be built into sophisticated applications such as those present in word processors in order to run programs so that they can be launched automatically. Because macro viruses replace prompt commands, word processors are especially vulnerable to these types of viruses. The language is built into the macros in order to hijack the commands, including necessary actions like opening up a document. Thus, through the simple action of opening a document, a macro virus can be launched. Macro viruses may be spread through email attachments, modems and on the Internet, networks, and disks.

Cluster Virus

A cluster virus is a type of virus that ties its own execution to the execution of various software programs. These viruses typically work by changing directory or registry entries so that when someone starts a program, the virus will start as well.

Experts call this type of virus a cluster virus partly because it can load various directory pointers that make it look like every program on a disk is infected with the virus, when in fact, only one copy of the virus exists.

Experienced users can sometimes get around a cluster virus using the checkdisk utility and other elements of the operating system to diagnose and remove the virus. However, less savvy users can end up erasing vital program information through the use of operating system prompts.

One prominent example of a cluster virus is the Dir-2 virus. This is sometimes classified as a "stealth" virus because of some of its natural protections. This virus is commonly attributed to Bulgaria, and attacks various types of executable files.

Stealth/ tunnelling virus

In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Generally, stealth describes any approach to doing something while avoiding notice. Viruses that escape notice without being specifically designed to do so -- whether because the virus is new, or because the user hasn't updated their antivirus software -- are sometimes described as stealth viruses too. Stealth viruses are nothing new: the first known virus for PCs, Brain (reportedly created by software developers as an anti-piracy measure), was a stealth virus that infected the boot sector in storage.

Extension Virus

Incorrect file associations could be the result of underlying issues within your PC system. As such it is highly recommended to scan your PC for invalid registry entries, unused processes and other unfavourable system settings to identify slowdown issues.

The VIRUS file type is primarily associated with 'F-Secure' by F-Secure. The F-Secure rescue CD will scan all connected disks and rename any suspected infected files with a .VIRUS file extension.

Metamorphic Virus

A metamorphic virus is one that can transform based on the ability to translate, edit and rewrite its own code. It is considered the most infectious computer virus, and it can do serious damage to a system if it isn't detected quickly. Antivirus scanners have a difficult time detecting this type of virus because it can change its internal structure, rewriting and reprogramming itself each time it infects a computing system. This is different from a polymorphic virus, which encrypts its original code to keep from being detected. Because of their complexity, creating metamorphic viruses requires extensive programming knowledge.

WI FI Hacking...

How to hack WPA/WPA2 Wi Fi with kali Linux.

Kali Linux can be used for many things, but it probably is best known for its ability to penetration test, or “hack,” WPA and WPA2 networks. There are hundreds of Windows applications that claim they can hack WPA; don’t get them! They’re just scams, used by professional hackers, to lure newbie or wannabe hackers into getting hacked themselves. There is only one way that hackers get into your network, and that is with a Linux-based OS, a wireless card capable of monitor mode, and aircrack-ng or similar. Also note that, even with these tools, WiFi cracking is not for beginners. Playing with it requires basic knowledge of how WPA authentication works, and moderate familiarity with Kali Linux and its tools, so any hacker who gains access to your network probably is no beginner!

Step

1.  Start Kali Linux and login, preferably as root.

2.

Plugin your injection-capable wireless adapter (unless your computer card supports it).

3.

Disconnect from all wireless networks. Open a Terminal, and type airmon-ng. This will list all of the wireless cards that support monitor (not injection) mode.

• If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it.

4.

Type airmon-ng start followed by the interface of your wireless card. For example, if yours is wlan0, your command would be: airmon-ng start wlan0.

• The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mon0.

5.

Type airodump-ng followed by the name of the new monitor interface. The monitor interface is probably mon0.

6.

Review the Airodump results. It will now list all of the wireless networks in your area, and lots of useful information about them. Locate your network or the network that you have

permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl+C on your keyboard to stop the process. Note the channel of your target network.

7.

Copy the BSSID of the target network. Now type this command: airodump-ng -c [channel] -- bssid [bssid] -w /root/Desktop/ [monitor interface]

• Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).
• A complete command should look like this: airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0.

8

Wait. Airodump with now monitor only the target network, allowing us to capture more  specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password. 

• Also, four files should show up on your desktop; this is where the handshake will be saved when captured, so don’t delete them! But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do.
• We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers use this tool to force a device to reconnect by sending deauthentication (deauth) packets to the device, making it think that it has to reconnect with the router. Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.

9.

Leave airodump-ng running and open a second terminal. In this terminal, type this command: aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0.

• The –0 is a short cut for the death mode and the 2 is the number of death packets to send.
• -a indicates the access point (router)’s bssid; replace [router bssid] with the BSSID of the target network, for example 00:14:BF:E0:E8:D5.
• -c indicates the clients BSSID. Replace the [client bssid] with the BSSID of the connected client; this will be listed under “STATION.”
• And of course, mon0 merely means the monitor interface; change it if yours is different.
• A complete command looks like this: aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0.

10. Open a new Terminal. Type in this command: aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap

• -a is the method aircrack will use to crack the handshake, 2=WPA method.
• -b stands for bssid; replace [router bssid] with the BSSID of the target router, like 00:14:BF:E0:E8:D5.
• -w stands for wordlist; replace [path to wordlist] with the path to a wordlist that you have downloaded. For example, you might have “wpa.txt” in the root folder./root/Desktop/*
• .cap is the path to the .cap file containing the password; the * means wild card in Linux, and assuming there are no other .cap files on your Desktop, this should work fine the way it is.
• A complete command looks like this: aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt /root/Desktop/*.cap.

                                                                       

Hacking Tools?

Hi,
     I ' m MahaKaaL. And you known me. And today i tell you Hacking Tools.

 

HACKER TOOLS

There now are more than 100,000 known viruses with more appearing virtually daily. The myriad of hackers and their nefarious deeds can affect any computer owner whether an occasional home user, e-mailer, student, blogger, or a network administrator on site or on the internet. No matter your level of computer use, you must protect your computer, business, or even your identity. The best way to know how to protect your computer is to understand the hacker's tools and recognize their damage.

Viruses, Exploits, Worms, and More

The term computer "virus" originated to describe machine code command inserted into a computer's memory that, on execution, copies itself into other programs and files on the computer. Depending on the hacker's intent, the design of a virus can merely be an inconvenience or have very serious consequences up to a potential catastrophe.
Generally, a virus is a piece of software, a series of data, or a command sequence that exploits a bug, glitch, or vulnerability. Each example is appropriately termed an "exploit." An exploit causes unintended or unanticipated behavior to occur in a computer's operating system or applications while propagating itself within the computer.
An exploit and operates through a network security vulnerability or "hole" without previous access to the vulnerable system is a "remote" exploit. An exploit that needs prior access to a system is termed a "local" exploit. These are usually intended to increase the hacker's access privileges beyond those granted by a system administrator.
Worms are simply viruses that send copies over network connections. A bomb resides silently in a computer's memory until set off by a date or action. A Trojan horse is a malicious program that cannot reproduce itself, but is distributed by CD or e-mail.

Protect Your Computer: Avoid Computer Holes/Vulnerabilities

Install only trusted software and delete unknown emails. If you have any doubt about a piece of software's function, do not install it. If you receive e-mails from random people's names, resist your curiosity and do not open it, just delete it.
Under no conditions download or open attachments from anyone that you do not know and even then be cautious. Banks and most companies that create online personal accounts will not send you attachments. If they do, it is probably best to go to the company site and request the download or at least see if it is legitimate. Avoid adult web sites, a hacker's paradise.
Whether in your e-mail or online, do not click on ads. If the ad is of interest, find the site. Be careful with what you physically put into your computer. This is especially true for shared R/W CDs, USB hard disks, or flash drives. This is an easy path for a virus to follow from computer to computer.

Protection: Install Anti-Virus Software

Anti-virus software searches for evidence of the presence of viral programs, worm, bombs, and Trojan horses by checking for the characteristic appearances or behaviors that is typical of these programs. When found the program logs its discovery, its type, often its name or an identifier, and it potential for damage. The anti-virus software then eliminates or isolates/quarantines the infected files. For the individual, commercial software is relatively inexpensive; however, there are free anti-virus programs available.
Since new viruses appear almost daily with new code it is imperative that you update you antivirus program often to keep up with these threats; therefore, make sure to set your program to update automatically. To avoid the annoyance of computer slowdown schedule full scale scans late at night.
The same is true for your Windows Operating System. Very often, your OS is where hackers discover the holes to exploit. Of course, in an ever-continuing battle, this software is continuously updated with security patches.

Finally, secure your wireless network with a router that has a built in firewall. Almost all wireless routers are set to no security when first installed. Log into the router and at least set it to basic security with a strong password to replace the factory setting that any hacker knows. A firewall or router that is not configured properly or non-existent allows hackers to scan passwords, e-mails, or files that cross your network connection.

Use This Link : https://whatismyipaddress.com

                                                                                                                  

                                                                                                                                          By: MahaKaaL

The Internet's Weakest Links...

How many phone calls does it take to kill the internet? 

It seems like an odd question to ask about a network once thought to be strong enough to withstand a nuclear attack. However, first-strike mushroom clouds aren’t the biggest threat to the internet anymore. Just ask the citizens of Libya, Egypt and Syria: nations whose connections have been recently severed, albeit temporarily.

But if you think that the internet’s most vulnerable regions correspond to autocratic regimes or civil war zones, think again. Following the Syrian blackout in late 2012, Renesys, a consultancy that specialises in monitoring and mitigating risks to connectivity, created a map ranking every country’s "risk of internet disconnection". They found resilience has little to do with the presence or absence of jackbooted thugs: Belarus is at "significant risk" of internet disconnection, while China – which blacked out the entire province of Xinjiang for ten months in 2009 and 2010 – is rated at "low risk".

How can this be?

Renesys simplified the question of global internet resilience by tracking one metric: the number of so-called "frontier" internet service providers (ISPs) that a country has. A frontier ISP is one that maintains connections or gateways to the global internet at large, not just to its own domestic network. "Not all ISPs have or need connections to the outside world," says Jim Cowie, chief technology officer and co-founder of Renesys. "Comcast, for example, only sells internet service in the United States."

It's this number of international gateways, then, that captures how difficult it would be to snuff out a country's internet pulse. Disable them, and the global web goes dark. The more gateways there are, the more difficult it will be to neutralise all of them.

Even sophisticated, highly networked countries can be at risk of a blackout if their digital frontier has a paucity of global connections. "Iran is a good example of this," says Cowie. "Iran was one of the countries that came to networking really early – they have nearly 100 ISPs all over the country. But very few [of those] are internationally connected ISPs by design." Renesys's map places Iran in the "significant risk" category, one of 72 countries and territories with "fewer than 10 service providers at [the] international frontier."

One advantage in using frontier ISPs as a proxy for internet resilience is that it cuts through any biases from news reports about blackouts in developing world nations. "It doesn't matter whether the damage comes from politics or war or a meteor strike hitting the wrong building," Cowie says. "Vulnerable is vulnerable." Any country with just one or two connections to the global internet has a clear point of failure. By this measure, Syria and Libya are as much at "severe risk" of disconnection as Greenland.

‘Leaky bucket’

But mere physical connections don't paint a full picture of a country's disconnection risk. Outside of a massive solar flare or electromagnetic pulse, unplugging a country from the global web may be an organisational problem more than anything else.

Would you expect Afghanistan, sundered by war for decades, to be at less risk than its relatively stable neighbour Iran? 

 Probably not, but it is as likely to lose the internet as India, the world's largest democracy. It turns out that the very circumstances that make Afghanistan a near-failed state – regional fragmentation and a central government unable to control local warlords – also make it impossible for Kabul to systematically clamp down on Afghanistan's motley hodgepodge of globally-connected ISPs, which are powered by "various satellite providers, as well as by Uzbek, Iranian, and Pakistani terrestrial transit," according to Renesys.

This organisational inertia is also what makes Renesys deem China at "low risk" of internet cutoff. Beijing's autocrats would have to make too many phone calls to too many frontier ISPs across their vast domain, says Cowie, to make a bona fide internet blackout very practical. And that's just the official global connections. "There are a lot of independent, unlicensed connections; foreign companies [doing business in China] have VPNs" that connect them to their home countries, Cowie says. "I'd have to believe it'd be a leaky bucket."

Not everyone agrees with Renesys's sanguine assessment of China's disconnection risk. "It doesn't seem to be accurate," says Adam Segal, an expert on Chinese technology and cybersecurity at the Council on Foreign Relations. "Given everything we know, there's no reason to believe the [Chinese] ISPs wouldn't fall into line if the government said to shut down."

Segal cites the blackouts in Xinjiang and Tibet as evidence of China's ability to flex its organisational muscle over its frontier internet connections. Chinese ISPs are already accustomed to constantly filtering and censoring all global web traffic; "they know that if they don't do it, they won't be in business any longer," Segal says. "Unless society has completely broken down there, it's hard to imagine that a company would balk [at a cutoff order]." So while it might take a lot of phone calls to cut China off from the web, those calls could go through rather quickly.

What's more, the result probably wouldn't even look like a blackout at first. "The Chinese don't want to be considered in the same category as Syria and Egypt," Segal explains. "They have to maintain a story to their users that they have an open internet, so what they get instead are incredibly slow load times. They very rarely will get blocked."

Postcode problem

The organisational nature of resilience extends into the purely digital realm, as well. After all, at its most fundamental level, the internet is just information: a set of open, mutually agreed-upon standards called TCP/IP. Those protocols connect the "autonomous systems" that make up the so-called "network of networks" we call the global internet. This is made up of tens of thousands of these autonomous systems; countries have them, and so do large organisations and companies. "If IP addresses are like street numbers for individual computers, autonomous systems are a bit like postcodes," explains John Graham-Cumming, an author, programmer and cybersecurity expert at Cloudflare. "They are how one network says to another, 'I am the place to go if you want to reach Belarus, or the BBC."

In the case of Belarus – the only country in Europe marked "at significant risk" of internet disconnection according to Renesys – "there is a single 'postcode', controlled by a state-owned telecom company, that connects to the rest of the world," says Graham-Cumming. "If you had control of that, you could cut the country off." These "postcodes" aren't secret, either – the internet wouldn't work if they were. Belarus's is 6697.

To the other autonomous systems and routers connecting the global internet, this single four-digit number represents Belarus's entire existence. And removing it would be trivial, says Graham-Cumming: "You'd go to the telecom company, and a command would be typed into the routers, saying 6697 doesn't exist anymore, or that it's empty. Because the internet operates by cooperation, the other routers would say, 'OK, thanks for the update.' And you'd be gone."

Much like a neutron bomb wiping out life while preserving physical property, neutralising an autonomous system's address can "delete" portions of the internet without making costly or irreversible changes to network infrastructure. "If any country wants to cut [itself] off, it's all done on the command line, and you can leave it all running," Graham-Cumming says. He suspects this is what happened in Syria – although, as Jim Cowie adds, "we won't know for sure until the war's over and we can talk to the network engineers."

Which brings us to a mirror version of the question posed at the beginning: how many phone calls would it take to strengthen the internet? In the case of Bahrain, a tiny island monarchy in the Persian Gulf, it took several decades. "For many years they had a single telephone company largely owned by the government," says Cowie. "But they wanted to become the financial centre of the Gulf, so they started a 30-year plan to open up the ISP market and bring in as many competitors as they could."

Today, Cowie says, Bahrain has "about 10 providers that can all connect to international ISPs." That's not anywhere as resilient as the United States or United Kingdom, but it is enough to put Bahrain at "low risk" of internet disconnection alongside India, China, Mexico and New Zealand.

In Africa, where much of the continent is at severe risk of disconnection, similar network robustness could develop even faster. "Africa is the fastest-growing continent in terms of internet presence: more autonomous systems are joining every year, and countries that once only had satellite connections [to the global internet] are investing in fibre-optic cables," says Cowie.

In another 30 years, will a world map of internet resilience show every country at low risk? That's about as likely as world peace breaking out. But knowing how many phone calls it would take to kill the web – and where – can at least help point out where this "network of networks" still needs more shoring up.