April 02, 2012, 1:05 PM — On Saturday, March 31, someone claiming to speak for the hacktivist collective Anonymous threatened to take down the Internet temporarily to get the attention of the world and demonstrate their power over cyberspace.
It was not surprising to most security experts that March 31 came and went with no sign of such an attack.
The threat included some detail on how "Anonymous" planned to attack the 13 top-level DNS servers, bring them down and thereby bring the Internet to a halt.
Most experts said the technique was technically possible, but very, very unlikely.
Various unnamed spokesbeings for Anonymous said the attack was complete BS, for reasons ranging from the possibility someone was trying to make Anonymous look bad to the chance a fringe clique of the group wanted to make its own mark with rogue attacks the rest of the organization opposed.
It's not clear which was more true, only that there was no attack and, apparently, no serious attempt to even launch one.
That doesn't mean the DNS servers OpGlobalBlackout threatened to attack are not vulnerable, only that it would take a far more sophisticated attack than the one threatened for Saturday to bring down top-level DNS servers.
A post on the blog NakedSecurity from security vendor Sophos, Ltd. goes in to far more detail about the self-defending nature of the DNS network than I did in either of my posts passing along Anonymous denials that OpGlobalBlackout was real.
DNS servers in general are genuinely vulnerable to attacks with some similarities to the one threatened for March 31, however, according to blog author Alan Woodward, a computer science professor at the University of Surrey in the U.K.
It may be difficult to overwhelm top-level DNS servers because they're so widely distributed (on purpose) that they share no single points of failure. Lower-level servers could certainly be overwhelmed by a big enough DDOS attack, cutting of a local segment of the Internet rather than taking down the whole thing, Woodward wrote.
DNS servers could be a bigger threat than a target
More seriously – or at least more threateningly – DNS servers can actually be co-opted into becoming super-contributors to other DDOS attacks, Woodward wrote.