The threat from the hacktivist group is unlikely to be successful, said an expert An upcoming campaign announced by the hacking group Anonymous directed against the Internet’s core address lookup system is unlikely to cause much damage, according to one security expert.In a warning on Pastebin, Anonymous said last Thursday it would launch an action on March 31 as part of “Operation Global Blackout” that would target the root Domain Name System (DNS) servers.Anonymous said the attack has been planned as a protest against “our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun”.The DNS translates a Web site name, such as www.idg.com, into a numerical IP (Internet Protocol) address, which is used by computers to find the Web site. The 13 authoritative root servers contain the master list of where other nameservers can look up an IP address for a domain name within a certain top-level domain such as “.com.”The group said it had built a “Reflective DNS Amplification DDOS” (distributed denial-of-service) tool, which causes other DNS servers to overwhelm those root servers with lots of traffic, according to the Pastebin post. But there are several factors working against the Anonymous campaigners, wrote Robert Graham, CEO of Errata Security.“They might affect a few of the root DNS servers, but it’s unlikely they could take all of them down, at least for any period of time,” Graham wrote. “On the day of their planned Global Blackout, it’s doubtful many people would notice.”Although there are 13 root servers, an attack on one would not affect the other 12, Graham wrote. Additionally, an attack would be less successful due to “anycasting,” which allows traffic for a root server to be redirected to another server containing a replica of the same data.There are hundreds of other servers worldwide that hold the same data as the root servers, which increase the resiliency of DNS.ISPs also tend to cache DNS data for a while, Graham wrote. ISPs may cache data for a day or two before needing to do a fresh lookup, a time period that can be set on servers known as “time-to-live.” It means that even if a root server was down, it would not necessarily immediately affect an ISP’s customers.Lastly, root DNS servers are closely watched. If trouble started, the malicious traffic to the root servers would likely be blocked, with disruptions lasting a few minutes, Graham wrote. “Within minutes of something twitching, hundreds of Internet experts will converge to solve the problem,” he wrote.Send news tips and comments to jeremy_kirk@idg.com Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe