Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Hackers’ Threatened Internet Shutdown Unlikely to Work, Experts Say

A threat to target the Internet’s root Domain Name System (DNS) servers and knock the Internet offline may be more difficult than the hackers think.

Hackers reputedly associated with Anonymous made the threat to launch what they dubbed “Operation Global Blackout” March 31 in response to actions by Wall Street, the Stop Online Piracy Act (SOPA) and “irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs.”

A threat to target the Internet’s root Domain Name System (DNS) servers and knock the Internet offline may be more difficult than the hackers think.

Hackers reputedly associated with Anonymous made the threat to launch what they dubbed “Operation Global Blackout” March 31 in response to actions by Wall Street, the Stop Online Piracy Act (SOPA) and “irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs.”

Knocking the Internet offline however is not easy.

Internet Servers“The root operators are well aware of the threat, and it’s nothing new – such attacks have been mounted previously with limited affects,” Rod Rasmussen, president and chief technology officer of security firm IID, told SecurityWeek. “There are many indications that the original Pastebin post was a hoax or “troll” by an individual rather than any collective/consensus operation. Regardless of the authenticity of this specific threat, the root operators are continuously working on mitigating issues, most of which being unintentional, that could potentially impact the core DNS, and doing a pretty good job overall.”

According to the Pastebin post, the group claimed to have compiled a “Reflective DNS Amplification DDoS tool” for the attack based on AntiSec’s DHN tool.

“The principle is simple; a flaw that uses forged UDP packets is to be used to trigger a rush of DNS queries all redirected and reflected to those 13 IPs (of the targeted root DNS servers),” the post notes. “The flaw is as follow; since the UDP protocol allows it, we can change the source IP of the sender to our target, thus spoofing the source of the DNS query.”

Still, Robert Graham, CEO of Errata Security, noted it would be difficult for attackers to take down all of the Internet’s servers for any serious length of time.

“To have a serious shot at taking out all 13, a hacker would have to test out attacks on each one,” he blogged. “But, the owners of the systems would notice the effectiveness of the attacks, and start mitigating them before the coordinate attack against all 13 could be launched.”

“The #Anonymous hackers can [certainly] cause local pockets of disruption, but these disruptions are going to be localized to networks where their attack machines are located, or where their “reflectors” are located,” he continued. “They might affect a few of the root DNS servers, but it’s unlikely they could take all of them down, at least for any period of time. On the day of their planned Global Blackout, it’s doubtful many people would notice.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...