Main Internet Servers Come Under Attack

Hackers briefly overwhelmed at least three of the 13 computers that help manage global Internet traffic this week, in what it is considered one of the most powerful attacks since 2002. They lasted as long as 12 hours, experts say — but most computer users didn't notice them. The FBI is investigating.

Copyright © 2007 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

MICHELE NORRIS, host:

The FBI and other law enforcement agencies are investigating an unusual and sophisticated cyber attack that took place yesterday. It was apparently aimed at taking down the entire Internet.

As NPR's David Kestenbaum reports, it's unclear who was behind the attack, or what they were after.

DAVID KESTENBAUM: The Internet is web of computers, so if you go down it doesn't usually matter. But it turns out there are 13 critical computer servers around the world to keep the Internet functioning smoothly. Each hold the copy of a kind of master database for converting Web site names, like NPR.org, to an actual numerical address called an IP address. Yesterday, some of those 13 computers came under attack.

Mr. BEN PETRO (Senior Vice President, NeuStar Ultra Services): What we were seeing is that three of them were mostly browned out and close to failure.

KESTENBAUM: This is Ben Petro, senior vice president for services at a company called NeuStar that helps direct some 20 percent of traffic on the Internet. The servers were getting bombarded by bogus requests from computers around the Internet. Usually these types of attacks target a company or a government's Web page, trying to overwhelm them and shut them down. They're called denial of service attacks, and they're common. But the 13 route servers on the Internet have pretty sophisticated defenses.

Mr. PETRO: This attack, being at the root - very, very dangerous. When you take the roots down, you take the Internet down. You start to affect global commerce. You start to affect the global economy.

KESTENBAUM: The attack didn't hit enough of the 13 root servers for long enough to slow the Internet down. But he says the attack was impressive. As it's usually the case, the attackers exploited security holes to slip their software on to computers all over the world. Then, when the time came for the attack, those computers snapped into action. In this case, they flooded the root servers with requests. Petro says his group and others worked to filter the bad traffic out, but it was hard.

Mr. PETRO: This one, as soon as you'd find its origin, it would change. It would morph into a different origin. As soon as you felt like you were getting close to filtering it, it would change its IP scheme and you could not follow it.

KESTENBAUM: Petro says he has no idea who is behind the attack. A similar one occurred in 2002.

Mr. PETRO: This is a very expensive, very organized, highly detailed organization behind an attack like this.

KESTENBAUM: Do you think it might be a foreign government, maybe a terrorist group?

Mr. PETRO: You know, I really don't know. I don't know it - again, it's one of those things that is boggling. Who would go after such a large piece of infrastructure? We honestly have, other than in 2002, have never seen something quite like this.

KESTENBAUM: Who is behind the 2002 attack? Do we know?

Mr. PETRO: We've never found out. It was never found out.

KESTENBAUM: The FBI today said it was investigating the new attack. Johannes Ullrich says he thinks it's unlikely this was the act of terrorist or a foreign government. He is chief technology officer with the Internet Storm Center, a non-profit group of security professionals.

Mr. JOHANNES ULLRICH (Chief Technology Officer, Storm Center): And, really, foreign government, typically try to be more stealthy, more targeted than that. They don't really want to draw the attention of everybody to their effort.

KESTENBAUM: He says often denial of servers attacks are used to extort money. Ullrich says hackers have sometimes targeted offshore gambling Web sites, threatening to shut them down with an attack if they don't pay up.

Mr. ULLRICH: And it could be essentially somebody showing off to their victim, hey, we got that much power to our disposal. You better pay us up because you'll never be able to defend against us.

KESTENBAUM: As Internet attacks go, he's not sure how this new one ranks. Last week, hackers broke into the Web site for Dolphin Stadium, where the Super Bowl was held. Visitors to the Web site who didn't have the latest antivirus software installed picked up a malicious program aimed at capturing actual passwords. It did seem particularly interested in passwords for an online game, "World of Warcraft."

David Kestenbaum, NPR News.

(Soundbite of music)

SIEGEL: Little Big Town, a country band that's had some hard times, goes big time with multiple Grammy nominations. That's just ahead on ALL THINGS CONSIDERED.

Copyright © 2007 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.