Why Anonymous can't shut down the internet

There are several issues with this statement:

• Followers of Anonymous' news will remember that, in late January, the group threatened to bring popular social networking website Facebook to its knees, with Operation Blackout - so the name is nothing new.
  
• The group is apparently leaderless, so any statement from Anonymous should be taken with a pinch of salt. After the news broke of their attempted Facebook takedown, users familiar with the group quickly refuted claims and said they would never bring down the website - so their statements can never really be trusted.
  
• The main form of communication for Anonymous is via Twitter and the use of Pastbin. With the Pastebin website, the group uploads text documents detailing their plans for attack. The problem with the latest Pastebin entry is the fact that the Operation Global Blackout post was uploaded by a "Guest" - so the user and the validity of the post cannot be verified.
  
• In the post, the group claim that they will take out the 13 root servers that supposedly hold everything together. Well, in case Anonymous has not heard, there are more than 13 servers. According to an ICANN blog, there are over 100 servers in about 130 different locations worldwide. "There are 12 organisations responsible for the overall coordination of the management of these servers," the blog notes.

It seems as though the group (or at least the person who wrote it) got their mathematics mixed up. In terms of servers, 13 is a very practical number maximum to the number of named authorities in the delegation data zone. "These (13) named authorities are listed alphabetically, from a.root-servers.net through m.root-servers.net. Each is associated with it an IP address."

Where the problem with taking down the 13 root servers come in, is that "the 'I' root, for example, is located in 25 different countries. Therein lays the problem itself, coupled with the fact that 12 organisations are responsible for the management of the servers.

Previous threats refuted

It has also happened on many occasions on which Anonymous supposedly make a veiled threat, only to be refuted by some form of "higher power". The same happened with the latest Operation Global Blackout - while the Twitter account for @Anonops was quiet on the matter, @youranonnews reported over the weekend that they were not aware of any attacks.

"FYI - We have no idea about this 'Operation Global Blackout' rumour that's spreading around. Sounds like another #opFacebook fail-op," referring to the previous Operation Global Blackout, that aimed to take out Facebook. It only takes one "official" organisation or outlet to rubbish the claims, and the whole operation is questioned.

So, semantics and rumour-mongering aside, it will not actually be possible for the group to shut down the Internet - or at least, it will be incredibly difficult.

Nearly impossible says security expert

Security expert Robert David Graham puts no stock in Anonymous' threat to take down the Internet, highlighting several issues that will make it nearly impossible for them to achieve their goal.

"Typical hacks work because it often takes a day for the victim to notice. Not so with critical Internet resources, like root DNS servers. Within minutes of something twitching, hundreds of Internet experts will converge to solve the problem."

The hacking collective seems to be aware of this fact, saying in their Pastebin entry that the attack might last only an hour, or last for days.

The group wrote in high detail as to how they will go about their plan, but Graham adds that any disruption will be quickly located and fixed. "The easiest active response is to black out the sources of the offending traffic. Defenders can quickly figure out where the attacks are coming from and prevent packets from those sources from reaching the root DNS servers. Thus, people might see disruptions for a few minutes, but not likely any longer."

The security expert has also taken aim at their intention to hit the 13 servers. While it's highlighted above why it will be incredibly difficult, Graham said that the same technique for taking out one server won't work on the other 12.

"To have a serious shot at taking out all 13, a hacker would have to test out attacks on each one. But, the owners of the systems would notice the effectiveness of the attacks and start mitigating them before the co-ordinated attack against all 13 could be launched."

Advice offered

While it is highly unlikely that the group will attempt to bring the Internet to its knees, Graham offered the group some advice on how to do it more effectively than their planned version.

"The best way to cause a 'global blackout' would not be to attack the root servers themselves, but the 'gtld-servers' the next level down, or even the individual domain-specific servers (like those for Google or Facebook) at the next level.

If people cannot get to their Google, Twitter, and Facebook, the Internet is down as far as they are concerned."