Since 2011, users of the Internet have gotten used to Anonymous threatening to take numerous highly trafficked websites offline—as they successfully do so to many political websites for a few hours at a time—but many of these threats have been for naught. Recently, it’s come to light that a cell of the hactivist collective published a manifesto about how to shut down the entirety of the Internet by aiming a distributed denial-of-service attack at the DNS root servers. This, they claim, would occur March 30.
The FBI, on the other hand, has a kill switch that could disrupt the entire Internet with the wave of a hand over a keyboard, and that may happen March 8.
“To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, [A]nonymous will shut the Internet down,” wrote an unknown manifesto author on Pastebin. The document entitled “Operation Blackout” then continues with instructions as to how this shutdown would be accomplished (with the names of tools and targets.) “In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet…”
Unlike Anonymous, the Federal Bureau of Investigation (FBI) doesn’t need to solicit the aid of thousands of Internet users to disrupt millions of computers. The FBI essentially has a kill switch, and they may intend to use it as soon as to beginning of March… Although for far more altruistic reasons than stated in the “Operation Blackout” manifesto—the DNS shutdown the FBI plan will only affect computers infected with a particularly pernicious Internet virus.
An article on BetaBeat outlines what the FBI intends to do and why, it involves a sordid tale of malware most foul and a drastic measure needed in order to bring it under control,
The Federal Bureau of Investigation may yank several crucial domain name servers (DNS) offline on March 8, blocking millions from using the Internet. The servers in the FBI’s crosshairs were installed in 2011 to deal with a nasty worm dubbed DNSChanger Trojan. DNSChanger can get an innocent end-user in trouble; it changes an infected system’s DNS settings to shunt Web traffic to unwanted and possibly even illegal sites.
Needless to say, the FBI will not be shutting down the entire Internet and the moved servers are only those pointed to by the DNSChanger Trojan (not the root servers). However, the moment they go offline, so will anyone who is currently infected by the Trojan. Ordinarily, this wouldn’t be such a big deal, except for the breadth and width of the Trojan’s infection across the enterprise sector of the Internet.
Krebs on Security tells the tale on his blog, it all starts with the story of six men in Estonia who were arrested in early November, suspected to be part of a crime ring who used the DNSChanger Trojan to slurp sensitive information from a multitude of Fortune 500 companies from around the world. An estimated four million computers had been infected with probably more than 100,000 in the United States alone. To combat this, the courts order the replacement of the DNS servers used by the DNSChanger Trojan with clean, fully-functional DNS servers; this was done, but now the deadline for turning them off entirely is quickly running out.
Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan’s DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web.
Rasmussen said there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”
The DNSChanger Trojan essentially redirects essential and legitimate traffic from a computer to a location of the controllers choosing, allowing a mastermind to watch everything that computer does on the Internet. It can even transparently route the data to the right places (to hide in plain sight) only to activate when asked in order to siphon data when it’s needed.
Needless to say, when the servers that run this malware go away, any computer infected with it will suddenly lose DNS access and be unable to use the Internet.
Home users can discover if they’ve been infected by following up at the DNS Changer Working Group’s website.