Will the hacker group Anonymous make good on its threat to take down the Internet Saturday? Probably not. But it could slow it down, according to a number of security experts. And it may depend in part on how unified Anonymous is about the attack -- there are some indications of divisions within the group.
Anonymous has threatened retaliation for the arrests of about 25 of its members last month, and is also focused on what its members believe is a continuing threat by Congress to censor the Internet through revised versions of the Stop Internet Piracy Act (SOPA) and the companion Senate bill called the Protect IP Act (PIPA), even though the legislation was put on hold in January.
And it is essentially daring anyone to stop Operation Global Blackout -- the group announced March 31 as the date of the attack, along with the method they intend to use -- disabling the Domain Name Service through distributed denial of service attacks on the root servers of the DNS with an attack tool called "ramp," which stands for "reflective amplification." While two of the basic rules of hacking are: Don't tell your target in advance and don't give away your methods, Radware security vice president Carl Herberger says the announcement is a classic Anonymous tactic.
"They are not financially motivated," he says. "They're after behavioral changes -- things like trying to stop SOPA. In that case, you almost by definition have to file your grievance -- tell them you're angry with them. They also like to boast of how effective they are, and how the rest of the world is not worthy of their technical talents."
Even with the advance warning, Alan Woodward, a professor in the Department of Computing at the University of Surrey, thinks Anonymous could do some damage. In an opinion piece for BBC News, Woodward notes that the top-level DNS systems are in different countries, are monitored by different organizations and run on different technologies.
"We can be as sure as one can ever be when dealing with the Internet, that the top level of DNS can be kept secure," he wrote.
Still, he says Anonymous could bring a server down with ramp, in which an army of bots spoof the IP address of a target system and, "cause the DNS to flood the very network it is supposed to be serving."
He cites Brian Honan, Information security expert for BH Consulting, as saying DNS vulnerabilities to such an attack do exist, even though they shouldn't.
"Unfortunately, despite this vulnerability being widely known for many years, a large proportion of DNS servers are still not configured correctly to prevent this type of attack," Honan said.
Herberger says he is surprised that a number of his colleagues are not taking the threat seriously. He lists several DNS vulnerabilities, some of them due to design flaws and social engineering vulnerabilities, but also from insiders interested in "ideological payback."
"Lately, there is a disturbing trend of current or former information security professionals who have joined the hackers' cause in pursuit of 'justice,'" he writes. And he says Anonymous has the advantage of passion for their cause and endless resources from followers worldwide. "History being the judge, I will always place safe bets with the passionate fighters for a cause over the comfortable defenders of a fortress," he says.
Of course, there is damage and then there is catastrophic damage.
Kevin McAleavey, chief architect of the KNOS Project, says while Anonymous could cause some mayhem if enough people are involved, they have only targeted 13 root servers, "and there are many more, and backups to backups ready to serve. There are plenty of 'spares' available if needed."
Herberger agrees, but says if the attack "metastasizes, that may make the number of servers irrelevant. The structure could fall down on itself."
Then again, it is possible that nothing will happen. Anonymous threatened to take down Facebook and didn't. Herberger says some members of the group, "worry about losing the high moral ground," if they launch an attack without populist support."
In an audio statement on The best of the Internets, purporting to be from Anonymous, a digitized voice says, "this proposed idea doesn't have a set time of when it will go into effect, as it is an ongoing operation."
The voice says the group does not want to damage the economy at a time of depression. But, it says, "If you think Operation Global Blackout has been withdrawn, you are mistaken."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.
This story, "Operation Global Blackout: Real danger or irrelevant?" was originally published by CSO.