Why Anonymous can’t shut down the internet

Over the last couple of months, a number of internet threats have emerged that seem to be originating from hacker collective Anonymous. In their latest threat, the group intimidated the public into believing that they will shut down the internet on 31 March, in an operation termed Global Blackout.

Whether Anonymous will follow through with their threat, is anybody's guess (image: http://www.digmlm.com)

There are several issues with this statement:

* Followers of Anonymous’ news will remember that in late January the group threatened to bring popular social networking website Facebook to its knees, with Operation Blackout — so the name is nothing new.

* The group is apparently leaderless, so any statement from Anonymous should be taken with a pinch of salt. After the news broke of their attempted Facebook takedown, users familiar with the group quickly refuted claims and said they would never bring down the website — so their statements can never really be trusted.

* The main form of communication for Anonymous is via Twitter and the use of Pastbin. With the Pastebin website, the group uploads text documents detailing their plans for attack. The problem with the latest Pastebin entry, is the fact that the Operation Global Blackout post was uploaded by a ‘Guest’ — so the user and the validity of the post cannot be verified.

*In the post, the group claims that they will take out the 13 root servers that supposedly holds everything together. Well, in case Anonymous has not heard, there are more than 13 servers. According to an ICANN blog, there are over a hundred servers in about 130 different locations worldwide. “There are twelve organisations responsible for the overall coordination of the management of these servers,” the blog notes.

It seems as though the group (or at least the person who wrote it) got their mathematics mixed up. In terms of servers, 13 is a very practical number maximum to the number of named authorities in the delegation data zone. “These (13) named authorities are listed alphabetically, from a.root-servers.net through m.root-servers.net. Each is associated with it an IP address”.

Where the problem with taking down the 13 root servers come in, is that “the ‘I’ root, for example, is located in 25 different countries”. Therein lays the problem itself, coupled with the fact that twelve organisations are responsible for the management of the servers.

It has also happened on many occasions where Anonymous supposedly make a veiled threat, only to be refuted by some form of ‘higher power’. The same happened with the latest Operation Global Blackout — while the Twitter account for @Anonops was quiet on the matter, @youranonnews reported over the weekend that they were not aware of any attacks.

“FYI – We have no idea about this ‘Operation Global Blackout’ rumour that’s spreading around. Sounds like another #opFacebook fail-op,” referring to the previous Operation Global Blackout, that aimed to take out Facebook. It only takes one ‘official’ organisation or outlet to rubbish the claims, and the whole operation is questioned.

So semantics and rumour-mongering aside, it will not actually be possible for the group to shut down the internet — or at least, it will be incredibly difficult.

Security expert Robert David Graham puts no stock in Anonymous’ threat to take down the internet, highlighting several issues that will make it nearly impossible for them to achieve their goal.

“Typical hacks work because it often takes a day for the victim to notice. Not so with critical Internet resources, like root DNS servers. Within minutes of something twitching, hundreds of Internet experts will converge to solve the problem.”

The hacking collective seems to be aware of the fact, saying in their Pastebin entry that the attack might last only an hour, or last for days.

The group wrote in high detail how they will go about their plan, but Graham adds that any disruption will be quickly located and fixed. “The easiest active response is to blackout the sources of the offending traffic. Defenders can quickly figure out where the attacks are coming from, and prevent packets from those sources from reaching the root DNS servers. Thus, people might see disruptions for a few minutes, but not likely any longer.”

The security expert has also taken aim at their intention to hit the 13 servers. While it’s highlighted above why it will be incredibly difficult, Graham said that the same technique for taking out one server won’t work on the other 12.

“To have a serious shot at taking out all 13, a hacker would have to test out attacks on each one. But, the owners of the systems would notice the effectiveness of the attacks, and start mitigating them before the coordinate attack against all 13 could be launched.”

While it is highly unlikely the group will attempt to bring the internet to its knees, Graham offered the group some advice on how to do it more effectively than their planned version.

“The best way to cause a ‘global blackout’ would not be to attack the root servers themselves, but the ‘gtld-servers’ the next level down, or even the individual domain-specific servers (like those for Google or Facebook) at the next level.

If people can not get to their Google, Twitter, and Facebook, the Internet is down as far as they are concerned.”

Charlie Fripp – Online editor