ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers

By | February 17, 2012, 5:53am PST

Summary: The Anonymous hacktivist movement is planning to launch a distributed denial of service attack (DDoS) on the Internet’s root DNS servers, using a Reflective DNS Amplification DDoS tool.

According to a note left by members of the Anonymous hacktivist movement on Pastebin.com, the group is planning to launch a distributed denial of service attack (DDoS) on the Internet’s root DNS servers, using a Reflective DNS Amplification DDoS tool specifically created for ‘Operation Global Blackout’.

More details:

We have compiled a Reflective DNS Amplification DDoS tool to be used for this attack. It is based on AntiSec’s DHN, contains a few bug fix, a different dns list/target support and is a bit stripped down for speed.

The principle is simple; a flaw that uses forged UDP packets is to be used to trigger a rush of DNS queries all redirected and reflected to those 13 IPs. The flaw is as follow; since the UDP protocol allows it,we can change the source IP of the sender to our target, thus spoofing the source of the DNS query.The DNS server will then respond to that query by sending the answer to the spoofed IP. Since the answer is always bigger than the query, the DNS answers will then flood the target ip. It is called an amplified because we can use small packets to generate large traffic. It is called reflective because we will not send the queries to the root name servers,instead, we will use a list of known vulnerable DNS servers which will attack the root servers for us.

Since the attack will be using static IP addresses, it will not rely on name server resolution, thus enabling us to keep the attack up even while the Internet is down. The very fact that nobody will be able to make new requests to use the Internet will slow down those who will try to stop the attack. It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known.

Based on a message update issued by Anonymous, the group has said that it still has the capability to target the Root Internet Servers.

Despite the fact that current Internet infrastructure allows the execution of DNS amplification attacks, the Anonymous hacktivist movement is surely lacking the capabilities to execute such an attack, despite the high number of recruited users that may be participating in the attack.

For the time being, the Low Orbit Ion Cannon (LOIC) ICMP flooder, and the RefRef web script remain the primary attack tools used by the Anonymous hacktivist collective.

Learn more about DNS Amplification attacks, what they are, how they work, and how can Internet Service Providers mitigate the threat posed by them.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Internet, Distributed Denial Of Service, Internet Server, DDos And DoS, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter
68
Comments
Add Your Opinion

Join the conversation!

Just In

Think Twice before you throw in the towel sir...
Jbutler9555 Updated - 2nd Apr
This is exactly what the government wants to hear...Their actions under this Anonymous umbrella have been a success in your case and one more set of freedoms will be removed from the people and given to the government as an additional control mechanism. The pattern is very clear..we have slowly but surely lost various freedoms over the years, and they just continue to add up. Slavery was abolished long ago, but is on the horizon for the near future...open your minds, analyze, and think....it't hard to do, but very important...
View in thread
0 Votes
+ -
Anonymous suck
People 17th Feb
Scourge of the earth, right there with Assad.
0 Votes
+ -
were you breastfeed?
goteamgo 23rd Feb
just saying..
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
Aerowind 17th Feb
Any word on what's motivating them to do this?
0 Votes
+ -
Media attention
William Farrel 17th Feb
@Aerowind

They're no different then your typical vandals that break mailboxs and car windows. They feel a sense of empowerment, even though nobody knows their names.

They watch it on the news telling themselves "I'm so cool"
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
mepallow 17th Feb
@William Farrel no different...........except the fact that mailboxes cost $20 and these guys are doing millions of dollars of damage. At some point I would imagaine they are going to piss off the wrong people and bad things are going to happen. They better quit while they are ahead.
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
xamountofwords 17th Feb
@Aerowind If you would have clicked on the pastebin link and read the actual note from Anonymous, you would've seen it's an anti-SOPA anti-Wall Street protest.
0 Votes
+ -
@Xamounto
mrgeek33 5th Mar
Who cares why? They are trying to shutdown ROOT servers! That has nothing to do with SOPA or Wall Street! These guys are crooks! I don't like a lot of things in this world but I am not going to go hack their website or throw a rock thru their windows. You don't see PETA Hacking the NRA or any other group for that matter. Who do these losers think they are? They don't speek for me! They are are a lot of other ways to protest!
0 Votes
+ -
yup
goteamgo 23rd Feb
squeeze cheese

and because they CAN, and there isn't squat can be done about it
0 Votes
+ -
@Gote
mrgeek33 5th Mar
Really, Well I think you are an Idiot so should I come over and spay paint your house because I can and there is nothing you can do about it? God that was a dumb reason!
0 Votes
+ -
Why would they do that?
bmeacham98@... 17th Feb
They will just make lots of people angry at them, and it would not help their cause.
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
timspublic1@... 17th Feb
@bmeacham98@... What cause? It's all just ego.
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
luckyducky7@... 17th Feb
@timspublic1@... Pretty much.

Sometimes they give people, er, corporations what they full well deserve (Sony and the MAFIAA group, as well as some members of this group demolishing that Tor CP repository which was probably the most good they've done though not intending to do 'good'); but otherwise it's just garbage "Ops" that they run around doing just because.

I doubt that this will succeed, though; mainly because of caching and other stuff that local (and company) DNS servers do while the attack, if it is indeed enough to knock the core around- though you can't cache it all.

I think they'd do a better job demolishing, say, Iran's infrastructure than our own, though; if you're going to destroy something, why not destroy something that's worth destroying?
0 Votes
+ -
???
goteamgo 23rd Feb
what waffles got to do with it? wink
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
masonwheeler 21st Feb
@bmeacham98@... Agreed. They need to stick to attacking people who are doing real harm, like the MPAA and the Church of Scientology. Going after stuff like root Internet servers is just vandalism, pure and simple.
0 Votes
+ -
What?
mrgeek33 5th Mar
I just get this crap? Who the hell maid them God to hack anyone? I sure didn't, any when they do hack the FCC and other US Govt sites it cost me money! I don't make much as it is, So paying Millions to keep them out and fixing the site is really not something I am into. I like my money so stop!

I hate Wall Street as much as anyone but I don't think hacking is going to help one damn thing!
0 Votes
+ -
psst
goteamgo 23rd Feb
there is NO cause.. you just think there is, because if there wasn't you might go insanse try to understand it ... OMG you still might go insanse! LOL
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
mjbernier 17th Feb
Other than announcing their attacks, has Anonymous ever published a manifesto or agenda for the existence?
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
annamouse 18th Feb
@mjbernier yes, and it works beautifully. it's not a model of any sort of utopia or government or political movement, although many (mostly foreign and some American) anons are waging a pretty wild cyber war in the middle east, at the moment.

if you look, you can find a video on youtube "what is anonymous" or something like that.

most people that work under the flag of anonymous are good people with good intentions. some are not. there are evil people everywhere.

then we hear the BITCHING. you all admit that you don't know what they do, yet you have an opinion. stop it! no one is out to get you. no one wants your stuff. so, go ahead and relax; someone is watching out for you, and have been for years. sleep well. we got it.
0 Votes
+ -
goteamgo 23rd Feb
YAY! somebody gets it!
0 Votes
+ -
yup
goteamgo 23rd Feb
and it clearly states: we have no manifesto or agenda

seriously?
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
themarty 17th Feb
Thank you Anonymous for blocking the voice of the people. Every dictatorship salutes you.
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
timspublic1@... 17th Feb
Insert lead projectile here >
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
MoeFugger 17th Feb
I just sent them an Email via my toilet.
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
yipsalon 17th Feb
I hate that Anonymous is raising security awareness.
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
mepallow 17th Feb
@yipsalon That's like saying killing people raises violence awareness.
1 Vote
+ -
Well... it certainly would...but
Cayble 23rd Feb
@mepallow

I think one big difference is in the vast chasm in the difference in my preference of choice between either someone disrupting my internet for awhile to raise security awareness or killing me to raise violence awareness.

If you want to make an analogy thats going to create some real impact you have got to make some effort to keep it close to the same ballpark the underlying issue is in.

Try to stay away from the following kind of thing:

"They tore down an old rotten house to rid a neighborhood of termites? Isn't that like blowing up the world to get rid of disease?"

No. Its not.

And shutting down the internet for a brief period to raise security awareness is not like killing a bunch of people to raise violence awareness.

Feel free to try again.
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
annamouse 18th Feb
@yipsalon i know, right? yet no one has become aware. if you make your system secure, you have nothing to be afraid of. isreal and iran are having a cyber war, as we speak. it's been going on and getting hotter and hotter, and no one that watches the "news" knows about it until now? or does anyone know yet?

get mad now, thanks will be accepted later.

may i use your space to point out that Anonymous is not an American thing? the USA didn't invent it. thank you.
0 Votes
+ -
oh noes
goteamgo 23rd Feb
somebody is gonna be outa J-O-B

news flash! your kids can prolly hack your so called secure network in a matter o seconds, laddy
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
CobraA1 17th Feb
They're not "hacktivists". More like cyber terrorists. Although with this latest move, I'd say common thugs.
0 Votes
+ -
you Sir r trying to insight fear
goteamgo 23rd Feb
relax G.I. Joe. the boogie man isn't gonna get you
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
dagodevas 17th Feb
Complete douche bags.
0 Votes
+ -
F-
goteamgo 23rd Feb
no education
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
StillLearnin 17th Feb
This article seems premature with the launch not scheduled until March 31.
0 Votes
+ -
getting warmer
goteamgo 23rd Feb
LOL
1 Vote
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
getacluezd 17th Feb
They have said this is a hoax just like the Facebook takedown that never happened. Why would they take down their playground. I hope you don't refer to yourself as a journalist. Research, try it!
0 Votes
+ -
BINGO!
goteamgo 23rd Feb
wink
0 Votes
+ -
Confident
kidtree 17th Feb
Anonymous seems pretty confident in their anonymity. A specific announcement like this of an upcoming terrorist attack invites people who may know more than anon. thinks to invest in a few dollars' worth of hollowpoints.
No objection here.
0 Votes
+ -
says to the cold war junkie
goteamgo 23rd Feb
u can't shoot what u can't see

'plays earie music'
0 Votes
+ -
Hackers, right spoiled brats ion mothers basement
guitarest 17th Feb
Just a bunch of brats in their moms basement that normally get their butts beat in the real world. To kill their movement all you have to do is turn off their mommy's internet. There was a comment about what would happen if they went against or upset the wrong people. They did the Cartels, you see how thet went down they disappeared like scared children they are. On a final note being able to down load software and put it on your mothers computer does not make you other than a child who has knowledge to hit start; thus does not make a hacker or what ever these spoiled brats really are. The Secret service and FBI need to play by the same rules that the cartels do, no more attacks. Who wants to bet most of these "hackers" are on welfare and social security.
0 Votes
+ -
lol
goteamgo 23rd Feb
@guitarest what's funnt to me is just how clueless alot of people really are. true enough some of them are kids. true enough some prolly live with your mom. but you have no idea as to the insurmountable might these 'kids' can harness and smack you down with .... of wait for it ... your response will surely be: if that's the case, then why not just do it? i'll tell you why. it's the same reason you won't sneak outa your mom's house to grab a bottle of beer or a joint, because it's too easy, and b-o-r-i-n-g. think it over. my suggestion .. don't piss em off. while most of those 'kids' are calm and rational, i wouldn't say they ALL are. lol
0 Votes
+ -
an awful lot of...
michaellashinsky@... 28th Feb
@guitarest

That post was an awful lot of "I think..." and "probably..." and "Who wants to bet..." You don't know Jack. (I don't know Jack either, but I'm not the one shooting his mouth off as if he knew something. You are.) You have not met any of them, nor do you have any real knowledge of their motives, ages, professions, skills, living arrangements, etc...

You have an opinion. That's great! Don't confuse an opinion with actually knowing something.
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
Anynamesleft 17th Feb
Well, I hope anonymous becomes Notsononymous and the millions and millions of the rest of us will get REALLY ticked off and tell their Mothers to tell them they are grounded with NO computer, NO phone and NO TV .....
-1 Votes
+ -
Errrr......
Gisabun 17th Feb
Anonymous aren't smart [as we know already]. If they go after the Root Internet servers, then they can't hack anymore.
0 Votes
+ -
seriously
goteamgo 23rd Feb
@Gisabun just stares at how stupid u are
0 Votes
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
thedjphenomenon 17th Feb
I love that these guys are making me money. My company is the reason that the FBI stayed up through their DDoS attack and the meetings just keep on comming. twitter @thedjphenomenon
0 Votes
+ -
OPSEC anyone?
goteamgo 23rd Feb
'puts two coins in your ego jar'
1 Vote
+ -
RE: Anonymous launches 'Operation Global Blackout', aims to DDoS the Root Internet servers
RobertMoore12@... 17th Feb
Another try at stupidity. What a joke Anonymous is becoming. They can't even keep a website down long enough for someone to know it's down unless zdnet tells us it was.
2 Votes
+ -
Smells like Government lead False Flag operation and not a Hacker attack
BlueCollarCritic 17th Feb
The US Federal Government badly needs some single event it can use to motivate the public into letting it take over and control the internet and I can think of no better option than a false Flag operation in which the governments agents pose as a well identified hacker group like Anonymous, and take down the internet, or as much of it as a possible, under that hacker groups name.

And no that???s not an impossible Conspiracy Theory either. Governments throughout history including the US government are known to have used false flag attacks to justify war. The Gulf Of Tonkin incident which was used to justify our entrance into the war at that time was recently revealed via FOI Request ( Freedom Of Information Request) to have not actually occurred. In other words the government actively lied to the public and was able to keep it secret until recently. This proves the govern can and will lie to justify military action and that it can keep such a secret for a long time. Tonkin may not have technically been a false flag but our government has been caught attempting and or planning false flag attacks elsewhere in history.
-1 Votes
+ -
yah .... NO!
goteamgo Updated - 23rd Feb
that's the stupidest crap i've ever heard. i know some the govt's cyber warriors. as long as WOW and sugar based caffiene drink hold out, i wouldn't count on it
0 Votes
+ -
Think Twice before you throw in the towel sir...
Jbutler9555 Updated - 2nd Apr
This is exactly what the government wants to hear...Their actions under this Anonymous umbrella have been a success in your case and one more set of freedoms will be removed from the people and given to the government as an additional control mechanism. The pattern is very clear..we have slowly but surely lost various freedoms over the years, and they just continue to add up. Slavery was abolished long ago, but is on the horizon for the near future...open your minds, analyze, and think....it't hard to do, but very important...

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix