Anonymous' 'Global Blackout': The odds against an Internet shutdown
- By William Jackson
- Mar 30, 2012
UPDATE: The Domain Name System’s root servers experienced no interruptions on March 31, and according to the @YourAnonNews Twitter account, the group didn’t try an attack. But the question remains: How likely is such an attack to be successful?
Observers expressed doubt that Anonymous could make good on its threat to take down the Internet on March 31, but even skeptics advised caution.
“They are making a sweeping, grandiose claim,” David Smith, a senior fellow at the Potomac Institute for Policy Studies said March 30. He said the threat was not credible, but “can they have an impact? Yes.”
Agencies way behind in using DNSSEC to secure .gov domains
SOPA undercuts Internet security, experts say; lawmakers float alternative
Carl Herberger, vice president for security at Radware, has more respect for the ingenuity of the hacktivist collective, which he says has proven resourceful in directing new and nuanced techniques against familiar vulnerabilities. That, plus a lack of attention to vulnerabilities in the Domain Name System that Anonymous says it will target, makes the group dangerous, he said.
“If they do it, I’ll be surprised,” Herberger said. “But not majorly surprised. I would be shocked if there were no outages.”
Anonymous announced plans for Operation Global Blackout in a February post featuring its usual fractured spelling and syntax. “To protest SOPA, Wallstreet [sic], our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down,” it said.
Their goal is not really to take down the Internet but to disable its 13 root DNS servers through a distributed denial-of-service attack. With the ability to resolve URLs to IP addresses disrupted, users would not be able to access online resources.
This is not exactly shutting down the Internet, but it is “close enough,” Anonymous says. “Remember, this is a protest, we are not trying to 'kill' the Internet, we are only temporarily shutting it down where it hurts the most.”
As it has done it the past, Anonymous is recruiting help from the public in carrying out the attack, and its weapon of choice is Ramp, a Reflective DNS Amplification tool that will use spoofed IP addresses to redirect DNS query responses to the root servers, hopefully overwhelming them with the volume of traffic being generated.
This is unlikely to “take down” the Internet for several reasons, experts say. First, the Domain Name System is hierarchical, and although the root servers are the ultimate authoritative source of address information, most queries are not referred that high in the system. The root servers would have to be offline for quite an extended period before major disruptions occurred, and it would be difficult to maintain an effective denial-of-service attack on this infrastructure for the necessary length of time.
Secondly, the root servers are geographically dispersed and built for resiliency.
“Attacking the 13 root serves is easier said than done,” Smith said. “They are a system of servers, independently owned and operated.”
Only two of the servers, the A and the J, are owned by the same company, VeriSign Inc. VeriSign declined to comment for this article.
This does not mean that taking the root servers offline is impossible, Herberger said. Significant attacks were made against them in the late 1990s and early 2000s, he said, and Anonymous in January demonstrated an ability to take robust content delivery networks offline in Israel.
“I don’t think a lot of people take it seriously,” he said of threats to the DNS infrastructure. “That bothers me.” There are solutions available to avoid IP address spoofing to DNS servers, “but nobody has them in place. There’s a reason for that — they cause technical problems.”
Although the root servers are the announced target of Global Blackout, other targets of opportunity also are likely to come under fire, including major Internet service providers and authoritative cloud services. The Ramp tool has proven itself effective against targets on that scale, Herberger said, and if Anonymous is successful in recruiting enough help — either witting or unwitting — disruptions at this level it could cause blackouts that are less than global but still troublesome.
“There is going to be a low threshold of success” for Anonymous, he said, and they are likely to come away from the operation with some bragging rights.
Even Smith admits to the possibility of a blackout. “Maybe we’ll all be surprised Sunday morning,” he said. “But I’ve got to tell you, I’m very skeptical.”
William Jackson is freelance writer and the author of the CyberEye blog.