March 28, 2012, 4:49 PM — Will the hacker group Anonymous make good on its threat to take down the Internet Saturday? Probably not. But it could slow it down, according to a number of security experts. And it may depend in part on how unified Anonymous is about the attack -- there are some indications of divisions within the group.
Anonymous has threatened retaliation for the arrests of about 25 of its members last month, and is also focused on what its members believe is a continuing threat by Congress to censor the Internet through revised versions of the Stop Internet Piracy Act (SOPA) and the companion Senate bill called the Protect IP Act (PIPA), even though the legislation was put on hold in January.
And it is essentially daring anyone to stop Operation Global Blackout -- the group announced March 31 as the date of the attack, along with the method they intend to use -- disabling the Domain Name Service through distributed denial of service attacks on the root servers of the DNS with an attack tool called "ramp," which stands for "reflective amplification." While two of the basic rules of hacking are: Don't tell your target in advance and don't give away your methods, Radware security vice president Carl Herberger says the announcement is a classic Anonymous tactic.
"They are not financially motivated," he says. "They're after behavioral changes -- things like trying to stop SOPA. In that case, you almost by definition have to file your grievance -- tell them you're angry with them. They also like to boast of how effective they are, and how the rest of the world is not worthy of their technical talents."
Even with the advance warning, Alan Woodward, a professor in the Department of Computing at the University of Surrey, thinks Anonymous could do some damage. In an opinion piece for BBC News, Woodward notes that the top-level DNS systems are in different countries, are monitored by different organizations and run on different technologies.
"We can be as sure as one can ever be when dealing with the Internet, that the top level of DNS can be kept secure," he wrote.
Still, he says Anonymous could bring a server down with ramp, in which an army of bots spoof the IP address of a target system and, "cause the DNS to flood the very network it is supposed to be serving."
He cites Brian Honan, Information security expert for BH Consulting, as saying DNS vulnerabilities to such an attack do exist, even though they shouldn't.