Operation Global Blackout: Real danger or irrelevant?

Will the hacker group Anonymous make good on its threat to take down the Internet Saturday? Probably not. But it could slow it down, according to a number of security experts. And it may depend in part on how unified Anonymous is about the attack -- there are some indications of divisions within the group.

Anonymous has threatened retaliation for the arrests of about 25 of its members last month, and is also focused on what its members believe is a continuing threat by Congress to censor the Internet through revised versions of the Stop Internet Piracy Act (SOPA) and the companion Senate bill called the Protect IP Act (PIPA), even though the legislation was put on hold in January.

And it is essentially daring anyone to stop Operation Global Blackout -- the group announced March 31 as the date of the attack, along with the method they intend to use -- disabling the Domain Name Service through distributed denial of service attacks on the root servers of the DNS with an attack tool called "ramp," which stands for "reflective amplification." While two of the basic rules of hacking are: Don't tell your target in advance and don't give away your methods, Radware security vice president Carl Herberger says the announcement is a classic Anonymous tactic.

"They are not financially motivated," he says. "They're after behavioral changes -- things like trying to stop SOPA. In that case, you almost by definition have to file your grievance -- tell them you're angry with them. They also like to boast of how effective they are, and how the rest of the world is not worthy of their technical talents."

Even with the advance warning, Alan Woodward, a professor in the Department of Computing at the University of Surrey, thinks Anonymous could do some damage. In an opinion piece for BBC News, Woodward notes that the top-level DNS systems are in different countries, are monitored by different organizations and run on different technologies.

"We can be as sure as one can ever be when dealing with the Internet, that the top level of DNS can be kept secure," he wrote.

Still, he says Anonymous could bring a server down with ramp, in which an army of bots spoof the IP address of a target system and, "cause the DNS to flood the very network it is supposed to be serving."

He cites Brian Honan, Information security expert for BH Consulting, as saying DNS vulnerabilities to such an attack do exist, even though they shouldn't.

"Unfortunately, despite this vulnerability being widely known for many years, a large proportion of DNS servers are still not configured correctly to prevent this type of attack," Honan said.

Herberger says he is surprised that a number of his colleagues are not taking the threat seriously. He lists several DNS vulnerabilities, some of them due to design flaws and social engineering vulnerabilities, but also from insiders interested in "ideological payback."

"Lately, there is a disturbing trend of current or former information security professionals who have joined the hackers' cause in pursuit of 'justice,'" he writes. And he says Anonymous has the advantage of passion for their cause and endless resources from followers worldwide. "History being the judge, I will always place safe bets with the passionate fighters for a cause over the comfortable defenders of a fortress," he says.

Of course, there is damage and then there is catastrophic damage.

Kevin McAleavey, chief architect of the KNOS Project, says while Anonymous could cause some mayhem if enough people are involved, they have only targeted 13 root servers, "and there are many more, and backups to backups ready to serve. There are plenty of 'spares' available if needed."

Herberger agrees, but says if the attack "metastasizes, that may make the number of servers irrelevant. The structure could fall down on itself."

Then again, it is possible that nothing will happen. Anonymous threatened to take down Facebook and didn't. Herberger says some members of the group, "worry about losing the high moral ground," if they launch an attack without populist support."

In an audio statement on The best of the Internets, purporting to be from Anonymous, a digitized voice says, "this proposed idea doesn't have a set time of when it will go into effect, as it is an ongoing operation."

The voice says the group does not want to damage the economy at a time of depression. But, it says, "If you think Operation Global Blackout has been withdrawn, you are mistaken."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

More about BBC Worldwide AustralasiaetworkFacebookRadware

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place