Info Wars: How States and Corporations Could Hijack the Open Internet

Uncover the hidden vulnerabilities of the internet's core systems—TLS, BGP, and DNS—and explore how they can be exploited to compromise online security and freedom. Learn about potential threats and the importance of strengthening these protocols to protect the future of open communication.

Imagine an Internet where every click, every search, and every message is controlled by powerful forces—where the free flow of information is replaced by a curated stream of propaganda. Today’s Internet seems open and free, but beneath the surface lie critical vulnerabilities. If state or corporate actors exploit these weaknesses, our digital world could soon be unrecognizable.

1. Introduction: The Modern Digital Landscape

Our digital lives depend on mobile devices and a network of trust systems that, at first glance, ensure our security. However, the reality is more complex:

  • Mobile Usage:
    • 40% of users rely on Apple devices.
    • 50% use Android devices.
    • The rest use platforms like Xiaomi.
  • Trust Stores:
    • Apple’s Trust Store: Over 90% of its certificates come from major Western Certificate Authorities (CAs).
    • Android’s Trust Store: About 25–30% of certificates are sourced from regions such as China, Singapore, and Russia.

These numbers matter because every secure website you visit uses TLS (Transport Layer Security) to protect your data. But if the underlying systems are compromised, so is our privacy.

2. The Global Trust Stores: Who Controls Your Certificates?

Let’s break down who holds the keys to our digital safety:

  • Apple’s Trust Store:
    • Relies mainly on Western CAs.
    • Example: If the U.S. government pressured a CA to issue fake certificates for Chinese websites, it could decrypt all encrypted traffic, breaking TLS’s promise of privacy.
  • Android’s Trust Store:
    • A mix of Western and non-Western CAs.
    • Example: A breach in a non-Western CA could allow hackers to intercept private communications on a global scale.
  • Notable Breaches:
    • DigiNotar (2011): A single weak CA that shattered global trust.
    • Comodo and CNNIC incidents: Demonstrate that if one CA is compromised, millions of users are at risk.

(For more on how TLS can be undermined if one CA goes rogue, check out our previous exposé: “TLS Security: Only as Strong as the Weakest CA in Your Trust Store.”)

3. The Internet’s Hidden Vulnerabilities

TLS: Trust That Can Be Broken

Every secure website uses TLS to keep your data safe, but its security hinges on hundreds of CAs:

  • Key Point:
    • If a trusted CA is compromised or forced to issue fake certificates, encrypted traffic can be decrypted.
  • Real-World Example:
    • Imagine if the U.S. government mandated that all traffic to Chinese websites be monitored—by pressuring a CA to issue fraudulent certificates, they could inspect every encrypted communication.

BGP: The Internet’s Road Map Under Attack

BGP directs global data traffic, but its trust-based system is vulnerable:

  • Key Statistics:
    • North America: ~40 root server locations (32.5%)
    • Europe: ~35 locations (28.5%)
    • South America: ~6 locations (4.9%)
    • Africa: ~3 locations (2.4%)
  • Real-World Example:
    • In 2008, Pakistan Telecom’s attempt to block YouTube accidentally caused a worldwide outage lasting nearly two hours.
  • Hypothetical Scenario:
    • If China decided to block YouTube or ChatGPT for political reasons, it could announce specific BGP routes to divert or block traffic—disrupting global communications and innovation.

DNS: The Internet’s Address Book

DNS translates domain names into IP addresses, but its control is centralized:

  • Key Statistics:
    • North America: ~40 locations (32.5%)
    • Europe: ~35 locations (28.5%)
    • South America: ~6 locations (4.9%)
    • Africa: ~3 locations (2.4%)
  • Real-World Example:
    • A coalition within the EU or NATO could manipulate DNS records to redirect users from genuine news sites to state-sponsored propaganda portals, making it harder to find unbiased information.

4. How Info Wars Could Change the Game

States and corporations are already using digital tools to control narratives. Consider these scenarios:

  • Censorship and Propaganda:
    • In the US, proposals to ban TikTok on national security grounds show that even free societies can censor digital platforms.
    • In the EU, new regulations against hate speech have led to millions of content removal requests, forcing platforms to censor political posts.
    • In China, the Great Firewall blocks nearly 90% of foreign websites, serving as a model of extreme digital control.
  • Election Interference:
    • In the 2024 Pakistani general election, digital tools were allegedly used to manipulate vote counts and censor opposition voices. Such interference undermines democracy and leaves voters in the dark.
  • Covert Operations:
    • In September 2024, “Operation Grim Beeper” saw thousands of pagers rigged with explosives detonate in Lebanon, killing over 40 people and injuring more than 3,500. This operation, reportedly orchestrated by Israel’s Mossad, highlights how easily everyday devices can be weaponized.

5. A Simple, Bold Solution: Blockchain-Based Accountability

Blockchain offers a powerful way to safeguard our digital future:

  • Immutable Transparency:
    • Record every change in CA certificates, DNS servers, and BGP routes on a permanent public ledger.
  • Decentralized Verification:
    • Spread control across multiple trusted parties so no single entity can dominate the system.
  • Real-Time Alerts:
    • Continuous monitoring can quickly flag suspicious changes, enabling swift responses.
  • Empowered Users:
    • Decentralized control ensures that decisions about our digital environment remain in the hands of the public, not just powerful governments or corporations.

6. Conclusion: The Open Internet at a Crossroads

The open Internet we enjoy today is built on systems that appear strong—TLS, BGP, and DNS—but each has critical vulnerabilities. Historical events like the DigiNotar breach, the 2008 YouTube outage, and the explosive pager attack of 2024 reveal that our digital freedom is at risk.

If state or corporate actors exploit these weaknesses:

  • Global traffic could be rerouted or blocked.
  • Encrypted communications might be compromised.
  • Everyday devices could be weaponized to spread fear and propaganda.

The stakes are enormous. Future generations might look back on our era as a time when open communication was a rare privilege—one that, once lost, would be nearly impossible to regain. The solution lies in innovative, decentralized approaches like blockchain-based accountability, which can ensure transparency and empower users to keep the Internet free and open.

The battle for the future of our digital world is here. It’s up to us to expose these vulnerabilities, demand accountability, and fight for an Internet where truth is accessible and free from the control of a few powerful entities.