Or far more likely, six weeks and one day from today, the hackers will announce via a very-much-still-working Internet that it was all a highly provocative April Fool's joke, another example of the dare-you-to-react trolling that Anonymous has refined to an art form.
Earlier this week, the loose movement of hackers announced in an online statement a new collective action it's calling "Operation Global Blackout." On March 31, it says it plans to attack the thirteen root Domain Name Service (DNS) servers that act as the Internet's authority on how domain names (like Google.com) are translated to the IP addresses (like 74.125.157.99) of the computers that host those sites and mail servers. If Anonymous can successfully take those root servers down for long enough, DNS could cease to function, and the Web would become at least temporarily inaccessible for most users.
"To protest [the Stop Online Piracy Act], Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down," reads the statement. "Remember, this is a protest, we are not trying to 'kill' the Internet, we are only temporarily shutting it down where it hurts the most...It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known."
But the security industry's DNS gurus say it's not time to start downloading your backup archive of Icanhazcheezburger just yet. Rob Graham, a researcher for the security consultancy Errata Security, lists in a blog post a slew of reasons why Anonymous' DNS attack plan won't work. Anonymous plans to use a technique it's calling Reflective DNS Amplification to flood the root servers with spoofed requests from the lower-level DNS servers that look to the root servers for updates. But the thirteen DNS root servers, which are hosted variously by the Pentagon, Verisign, ICANN, Maryland University, NASA and others, each use different policies and hardware, and would each respond to that technique differently, Graham says.
"A technique that might take out one of them likely won't affect the other twelve. To have a serious shot at taking out all 13, a hacker would have to test out attacks on each one," he writes. "But, the owners of the systems would notice the effectiveness of the attacks, and start mitigating them before the coordinate attack against all 13 could be launched."
Moreover, there are actually many more than 13 physical servers acting as the DNS root system. A load-balancing system called Anycast means that as many as thousands of computers share the load of those servers. Taking them all out will be extremely difficult, says Graham. And since most DNS servers cache the information they receive from the root servers for as long as a day, the root servers would have to be kept offline for many hours to have any effect on users.
By announcing its attack so far in advance, Anonymous has given the administrators of the DNS system plenty of time to prepare for the attack and react as it occurs, adds Dan Kaminsky, a well-known researcher who found and helped fix a major flaw in DNS in 2008. "Most denial of service attacks aren’t proceeded by a warning," he says. "I’ve talked to various network engineers who are responsible for keeping these servers up, and they’re aware of the threat. They have resources already in place. Anyway, [Anonymous'] disclosure is appreciated."
Anonymous isn't the first to try to take down DNS--in fact, it seems to happen every five years or so. In 2002, a similar denial of service attack hit the DNS root servers. A portion of the 13 were taken offline, but without visible results for users. In 2007, a pair of attacks on the root servers struck back-to-back, affecting six servers and taking two offline. But the other servers' load-balancing technology stood up to the attacks.
All of this isn't to say Anonymous has no chance of taking out DNS for any period of time--only that it's extremely unlikely. It's far more probable, says Kaminsky, that the announcement of "Operation Global Blackout" is simply the kind of highly provocative, attention-grabbing stunt that often characterizes Anonymous' actions. "It doesn’t go unnoticed that Anonymous is talking about this the day before April Fool's," he says.
He compares the hackers' announcement to the flurry of attention around the Conficker Worm, which infected 10 million computers in 2009 and was widely reported to be set to launch some sort of attack on the Internet on April 1st of that year. The fact that Anonymous chose nearly the same date may be more than a coincidence. "When you set a deadline, the press gets all 'doomsday is coming,' and that’s more disruptive than any actual outage," says Kaminsky. "Anonymous doesn’t need to do anything on March thirty-first. The mere threat is enough to keep people talking about them and what they represent."
