Is Anonymous making empty threats to (briefly) kill the Internet?

OpGlobalBlackout and the on-again/off-again intention to take down DNS and thereby the Internet


Here is the DNS vulnerability and exploit the attack will use, as described by Anonymous:

"While some ISPs uses DNS caching, most are configured to use a low expire time for the cache, thus not being a valid failover solution in the case the root servers are down. It is mostly used for speed, not redundancy. We have compiled a Reflective DNS Amplification DDoS tool to be used for this attack. It is based on AntiSec's DHN, contains a few bugfix, a different dns list/target support and is a bit stripped down for speed.

The principle is simple; a flaw that uses forged UDP packets is to be used to trigger a rush of DNS queries all redirected and reflected to those 13 IPs. The flaw is as follow; since the UDP protocol allows it, we can change the source IP of the sender to our target, thus spoofing the source of the DNS query.

The DNS server will then respond to that query by sending the answer to the spoofed IP. Since the answer is always bigger than the query, the DNS answers will then flood the target ip. It is called an amplified because we can use small packets to generate large traffic. It is called reflective because we will not send the queries to the root name servers, instead, we will use a list of known vulnerable DNS servers which will attack the root servers for us."Pastebin post from presumed members of Anonymous, Feb. 12, 2012

Possible or not? Fake or not? No to one, probably yes to the other.

Twitter postings from Anonymous members don't give much indication whether the attack is for real or not. @OpBlackout doesn't mention it. @YourAnonNews retweeted someon else's warning that the whole thing is a fake: "Deception! Bad news for participating anons," the tweet, from @ultramegaman read.

Others flame it as a bad idea or as a "false flag" attack by national governments or security groups trying to make Anonymous look bad.

Security consultancy ErrataSecurity posted an explanation in detail why it believes the attack described either can't happen or wouldn't work. Too quick a response by defenders, too much bandwidth and backup.

An ameliorative video posted Feb. 9 – by someone other than the one who posted the other videos, claimed all the OpBlackout and OpGlobalBlackout threats were attempts to raise awareness "of what we can do, not what we will do."

Photo Credit: 

Anonymous, from YouTube

Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Answers - Powered by ITworld

Ask a Question