Warned of an Attack on the Internet, and Getting Ready

By SOMINI SENGUPTA

SAN FRANCISCO — On a quiet Sunday in mid-February, something curious attracted the attention of the behind-the-scenes engineers who scour the Internet for signs of trouble. There, among the ubiquitous boasts posted by the hacking collective Anonymous, was a call to attack some of the network’s most crucial parts.

The message called it Operation Global Blackout, and rallied Anonymous supporters worldwide to attack the Domain Name System, which converts human-friendly domain names like google.com into numeric addresses that are more useful for computers.

It declared when the attack would be carried out: March 31. And it detailed exactly how: by bombarding the Domain Name System with junk traffic in an effort to overwhelm it altogether.

There was no way to know for sure whether this was a pre-April Fool’s Day hoax or a credible threat. After all, this was Anonymous, a decentralized movement with no leaders and no coherent ideology, but a track record of considerable damage. The call to arms would have to be treated as one would treat a bomb threat called in to a high school football game. The engineers would have to prepare.

Those preparations turned into a fast-track, multimillion-dollar global effort to beef up the Domain Name System. They offer a glimpse into the largely unknown forces that keep the Internet running in the face of unpredictable, potentially devastating threats.

Among those leading the effort was Bill Woodcock, whose nonprofit based in San Francisco, Packet Clearing House, defends vital pieces of Internet infrastructure. By his calculation, the Anonymous threat was as good a reason as any to accelerate what might have been done anyway over the next several months: fortify the network, chiefly by expanding the capacity of the root servers that are its main pillar.

“Whether or not Anonymous carries out this particular attack, there are larger attacks that do happen,” Mr. Woodcock said. “A forewarning of this attack allowed everyone to act proactively for a change. We can get out in front of the bigger attacks.”

In an attack, the hackers would in effect point virtual cannons at the name servers and blast them with data in what is called a distributed denial of service attack, or DDoS. The only effective way to mitigate such an attack is to expand capacity — so much so that the system can absorb the extra traffic thrown at it, while still accommodating the normal load.

“DDoS is very much a numbers game,” Mr. Woodcock said. “If the target has more than the sum of the attackers’ capability and normal day-to-day traffic, then it is fine.”

In the last few weeks, in a campaign financed mostly by companies that maintain Internet infrastructure, several huge 40-gigabit routers and hundreds of servers have been shipped across the world and hooked into the network, giving the Domain Name System additional computing power. It was part of what is often called an arms race between attackers and defenders on the Internet.

On Saturday, if an attack takes place, it is likely to be imperceptible, at least initially, to the bulk of the world’s Internet users, though service could slow down in places that have narrow bandwidth to begin with — much of sub-Saharan Africa, for instance. In the improbable event of a huge attack that goes unabated for several days, the ability to connect to Web sites could be impaired.

But if the defenses are effective, the result will be something akin to what happened with the Y2K bug: advance warning, plenty of preparation and then barely a blip on the Internet.

Still, it will be anything but a normal Saturday for the people who run the Domain Name System. They plan to be glued to their monitors, looking out for signs of unusual network traffic, communicating with one other through encrypted, digitally signed e-mails or through a private telephone hot line maintained just for this purpose.

“For us, it’s not going to be another day at the office,” said Paul Vixie, whose nonprofit Internet Systems Consortium in Redwood City, Calif., runs a root server known as the F-root. “We are going to be on alert.”

There are 13 root servers worldwide, run by government institutions, universities and private companies. The operators of several of them declined to talk about the threat, including VeriSign, which runs two root servers. Some insisted that they routinely expand capacity to guard against attacks that come from different quarters all the time.

Mr. Vixie, for his part, warned against what he called “panic engineering” in the face of any particular threat. “We are using the threatened attack,” he said, “to go kick the tires on everything, make sure there’s no loose dangly parts.”

Part of the challenge here is the mercurial and leaderless nature of the Anonymous movement. Just after one so-called Anonymous member called for the attack to protest, among other things, “our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun,” another unnamed member of the movement pushed back. “I don’t think this is a good idea,” this person wrote on an Anonymous-affiliated site. “The collateral damage is not worth it.”

A pragmatist wondered how participants would know when to end the attack, if indeed the Domain Name System was overwhelmed. Another suggested that they attack only “the 10 most used sites.” Yet another reckoned that root servers would be so heavily protected that an Anonymous attack could only disrupt them for “a few minutes.”

Since late February, there has been little to no chatter about Operation Global Blackout on Twitter, which Anonymous often uses to spread the word about its campaigns.

Even so, computer security professionals point out, anyone can act in the name of Anonymous, and Anonymous has certainly swung its wrecking ball around in the last few years: its denial of service attacks have impaired private sites like that of PayPal, and some of its offshoots have penetrated the e-mail communications of global law enforcement agencies.

Dan Kaminsky, a security researcher who pointed out the inherent vulnerabilities of the Domain Name System several years ago, put the probability of an effective attack this way: as unlikely as a shark descending from the sky, jaws open.

Nevertheless, on the Internet, no warning should go unheeded, he said: “It is belt-and-suspenders stuff: Is everything where it should be? You have to be ready for disaster.”

Be the first to comment on "Warned of an Attack on the Internet, and Getting Ready"

Leave a comment

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.