Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Anonymous plans to go after DNS root servers. What will be the US’s response?

Anonymous plans to go after DNS root servers. What will be the US’s response?

Rate This
  • Comments 6

The other day on pastebin, snippets of an email conversation were posted with members of the hacking group Anonymous discussing plans to conduct DOS attacks against the Internet’s root name servers:

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, the Internet will go Black.

In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet. Those servers are as follow:

A 198.41.0.4
B 192.228.79.201
C 192.33.4.12
D 128.8.10.90
E 192.203.230.10
F 192.5.5.241
G 192.112.36.4
H 128.63.2.53
I 192.36.148.17
J 192.58.128.30
K 193.0.14.129
L 199.7.83.42
M 202.12.27.33

By cutting these off the Internet, nobody will be able to perform a domain name lookup, thus, disabling the HTTP Internet, which is, after all, the most widely used function of the Web. Anybody entering "http://www.google.com" or ANY other url, will get an error page,thus, they will think the Internet is down, which is, close enough.  Remember, this is a protest, we are not trying to 'kill' the Internet,  we are only temporarily shutting it down where it hurts the most.

Going after the Internet’s root servers is a very bold move by Anonymous.  Whereas before they were “merely” breaking into companies that they believed were acting contra to the hacker ethic, going after the Internet infrastructure is another thing altogether.

Why?

The United States considers its cyber grid a critical component of US infrastructure.  In a post entitled "Military asserts right to return cyber attacks”:

WASHINGTON -- The U.S. should counter computer-based attacks swiftly and strongly and act to thwart or disable a threat even when the attacker's identity is unknown, the director of the National Security Agency told Congress. Lt. Gen. Keith Alexander, who is the Obama administration's nominee to take on additional duties as head of the new Cyber Command;

He added that while "this right has not been specifically established by legal precedent to apply to attacks in cyberspace, it is reasonable to assume that returning fire in cyberspace, as long as it complied with law of war principles ... would be lawful."

In a follow up articled called “The military and the right to respond with force”:

The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.

In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.

One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation.

In the articles that I quoted, it is ambiguous whether or not the military considers the Internet at the same level as the power grid.  But if the power grid was shut down as a result of hacker attack on the Internet, would the military consider this an act-of-war?

This is where it becomes legally murky because hackers that shut down the Internet are not a traditional military force associated with a country.  Therefore, who could the military declare war on?  But on the other hand, the US military has a “war on terror” where the enemy combatants are not members of another state, but instead are transnational actors acting without the sanction of the countries they are located.  This has not stopped the US government from engaging in a battle against these stateless players.

The FBI has stated that its number one priority is stopping terrorism. The military has said that if a cyber attack causes a high level disruption that a traditional military attack would cause, then that could merit retaliation.  After the events of September 11, the US mobilized its resources and threw tremendous weight towards apprehending the people behind it.

If Anonymous were to succeed in shutting down the Internet, or even try really hard to do it, they are risking elevating their profile from a playful nuisance to the target of international law enforcement with billions of dollars in resources behind it.  The FBI only has so many resources right now to fight cyber crime.  They’d see their budgets go up in a hurry if the Internet went down because of a cyber attack.

The US spent 10 years hunting down bin Laden, relentlessly giving chase.  The Anonymous hackers would do well not to raise the ire of the American military.

Leave a Comment
  • Please add 6 and 2 and type the answer here:
  • Post
  • Would DNS cache items expire when their TTL gets hit, even if there isn't a DNS server to resolve the name?

  • This would actually prove the governments point. This would also prove the US governments point as why they should host them and not some non government group.

    Anonymous wouldnt be stupid enough to actually do this would they ?

  • They will point and laugh at the fact that Anonymous are clueless.

  • The DNS root infrastructure uses anycast technology to provide vastly superior resistance to these types of attacks. I think anonymous are underestimating the strength of the root server infrastructure. There may be only 13 IP addresses but there are currently 259 servers sitting behind those IPs and they are spread globally. They will have to take out a large portion of these for the attack to be effective, and that could be difficult as it's the routing topology that determoines where the attacks will end up, hence it's difficult to target a particular server. See this link for more info: http://www.root-servers.org/

  • Jesus. Who thinks this is going to work? Like the gov is going to go "oh, sorry about that, our baaad!" instead of going into FULL SECURITY FREAKOUT MODE for ten years, dump 30 billion dollars into "securing" the internet and reducing it to something resembling broadcast television that requires biometic ID to use.

  • The 31st March came and went. Can't say I noticed a thing.

Page 1 of 1 (6 items)