The worst attack in years on the Internet's infrastructure, which
slowed traffic but failed to bring down the Web, used infected
computers around the world as "zombies," security experts said.
The US Department of Homeland Security meanwhile confirmed that its
cybersecurity arm had been monitoring "anomalous" activity on the
"The nature of the traffic has not been confirmed, and the servers
which are overseas remain operational," DHS spokesman Russ Knocke
"There are no indications of any direct nexus to the United States
at this time. Also, there is no credible intelligence to suggest an
imminent threat to the homeland or our computing systems at this
Graham Cluley, senior technology consultant at the London-based
firm Sophos, said Tuesday's incident "seems to have been the most
serious attack against these domain name servers" since late 2002.
Cluley said three of the 13 domain name system (DNS) servers that
control global Internet traffic were hit with a so-called "denial
of service" attack, which means they were bombarded with
information requests in an effort to bring them down.
Cluley noted that the attack was coming from PCs taken over by
hackers to create zombie networks or "botnets" to bombard the
servers with traffic.
"These zombie computers could have brought the Web to its knees,
and while the resilience of the root servers should be commended,
more needs to be done to tackle the root of the problem -- the lax
attitude of some users towards IT security," he said.
He said that since the 2002 attacks, "the system has become more
resilient and is well set up to bounce back from these attacks."
The US-based SANS Internet Storm Center said experts at the
computer security institute were "aware of the attacks," and trying
to get more information about them.
"We're still hunting for some technical details," said center
director Marcus Sachs.
Cluley said some reports traced the attacks to South Korea, but
added that "it doesn't mean the hackers are based there ... the bad
guys could be based anywhere in the world."
"It could be that your grandmother's computer in the bedroom,
unbeknownst to her, may have been trying to bring down the
The attack was on three of the 13 Internet root servers, which
manage the domains from various locations around the world and
convert website names such as Amazon.com to their numeric IP
(Internet Protocol) address.
"If the DNS servers were to fall over then pandemonium would ensue,
emphasizing the importance of properly defending all PCs from being
taken over by hackers," said Cluley.
In October 2002, another major attack targeted the 13 root servers
and slowed traffic. But experts said at the time that the Internet
would still operate with at least one of the servers functioning.