In tonight's Republican debate, Donald Trump claimed we should shutdown parts of the Internet in order to disable ISIS. This would not work. I thought I'd create some quick notes why.
This post claims it would be easy, just forge a BGP announcement. Doing so would then redirect all Syrian traffic to the United States instead of Syria. This is too simplistic of a view.
Technically, the BGP attack described in the above post wouldn't even work. BGP announcements in the United States would only disrupt traffic to/from the United States. Traffic between Turkey and ISIS would remain unaffected. The Internet is based on trust -- abusing trust this way could only work temporarily, before everyone else would untrust the United States. Legally, this couldn't work, as the United States has no sufficient legal authority to cause such an action. Congress would have to pass a law, which it wouldn't do.
But "routing" is just a logical layer built on top of telecommunications links. Syria and Iraq own their respective IP address space. ISIS doesn't have any "ASN" of their own. (If you think otherwise, then simply tell us the ASN that ISIS uses). Instead, ISIS has to pay for telecommunications links to route traffic through other countries. This causes ISIS to share the IP address space of those countries. Since we are talking about client access to the Internet, these are probably going through NATs of some kind. Indeed, that's how a lot of cellphone access works in third world countries -- the IP address of your phone frequently does not match that of your country, but of the country of the company providing the cellphone service (which is often outsourced).
Any attempt to shut those down is going to have a huge collateral impact on other Internet users. You could take a scorched earth approach and disrupt everyone's traffic, but that's just going to increasingly isolate the United States while having little impact on ISIS. Satellite and other private radio links can be setup as fast as you bomb them.
In any event, a scorched earth approach to messing with IP routing is still harder than just cutting off their land-line links they already have. In other words, attacking ISIS at Layer 3 (routing) is foolish when attacking at Layer 1 (pysical links) is so much easier.
You could probably bomb fiber optic cables and satellite links as quickly as they got reestablished. But then, you could disable ISIS by doing the same thing with roads, bridges, oil wells, electrical power, and so on. Disabling critical infrastructure is considered a war crime, because it disproportionately affects the populace rather than the enemy. The same likely applies to Internet connections -- you'd do little but annoy ISIS while harming the population.
Indeed, cutting off the population from the Internet is what dictators do. It's what ISIS wants to do, but don't, because it would turn the populace against them. Our strategy shouldn't be to help ISIS.
Note that I've been focused on clients, because ISIS's servers they use to interact with the rest of the world are located outside of ISIS controlled areas. That's because Internet access is so slow and expensive, they use it for only client browsing, not for services. Trump tried to backoff his crazy proposal by insisting it was only in ISIS controlled areas, but that's not how the Internet works. ISIS equipment is world wide -- the only way to shut them down is a huge First Amendment violating censorship campaign.
Here's the deal. The Internet routes around censorship. Of the many options we have, censoring the Internet in ISIS controlled territories is neither something we can do or would want to do. Simply null routing AS numbers in BGP and bombing satellite uplinks would certainly not do it. Cutting the physical links is certainly possible, but even ISIS's neighbors, all of whom oppose ISIS, have not taken that step.
Update: In response to Weev's comment below, I thought I'd make a few points. The Pakistan goof did not disable all of YouTube, just areas with a shorter route to Pakistan than the United States, such as Europe. Also, while it's possible to create disruption, it's impossible to do so for a long period of time, as the Pakistan incident showed when after a bit everyone just ignored Pakistan. It hurt Pakistan more than YouTube. Lastly, ISIS has no ASN to null route. If you disagree with me, then name the ASN. Instead, the ASNs in ISIS controled areas are those from Syria, neighbors like Turkey and Iran, and possibly other countries like China. Trying to block them all would cause huge collateral damage.
Update: If you think you can wage war by spoofing BGP, then it means ISIS-friendly ISPs can retaliate by spoofing back. It's not a precedent you want to establish.