February11, 2007:
On February 6th, there was another major attack on one of the core
elements of the Internet, two of the 13 root server computer systems. The
attack failed, but it did temporarily show down the two root servers. A
successful attack on the root servers would disrupt world wide use of the
Internet. The 13 DNS (Domain Name Server) root servers around the world are a
key element of the net. There is one master root server that updates the
information on the other 12 root servers once or twice a week. These root
servers contain the master list of registered domain names and their numerical
addresses that all other DNS databases consult. Hacking a root server could,
for example, redirect Internet traffic to a false site posing as a bank and,
say, collect credit card information. With regard to a cyberwar, if all the
root servers were physically destroyed , the Internet could actually continue
to function, as the vast majority of domain names don't change. You wouldn't be
able to add new Internet addresses until the root servers were
reconstructed.
The
February 6th attack was a denial of service (DOS) attack, attempting to shut
down the root server by flooding it with junk data. Most of the junk was coming
from zombie (taken over by hackers) PCs in South Korea. The last time anyone
attempted such an attack was in 2002. That one had more impact, by disrupting
the functioning of several root servers. Both attacks occurred during the
annual meeting of the North American Network Operators' Group, but no one has
yet found a connection.
It's
unclear what this latest attack was all about. It may have been simply a test
of the root server defenses, which have been much improved since the 2002
attacks. Then again, the recent attack may have been a cover for an attempt to
hack the root servers, and do some real mischief. The attacked root servers are
still being examined to see what, if any, lasting damage was done.
Investigators are more concerned with hacks that would assist common
criminality, like bank robbery, not international terrorism.