[LINK] Pop article on DNS Fallback Measures

Roger Clarke Roger.Clarke at xamax.com.au
Sat Sep 4 13:47:30 EST 2010

[The provenance of this article is interesting:
The [UK] Independent, <when?>
The NZ Herald, 18 August 2010 (mentioning The Independent)
The SMH, 4 September 2010 (not mentioning either of the earlier papers)

[But the original isn't found on The Independent's site, nor Google News]

Who will save the world when the web goes down?
By Jerome Taylor

2:00 PM Wednesday Aug 18, 2010

----  The fate of the world wide web rests on the shoulders of seven 
men, should the pivotal DNS system fall over.  ----

On a Thursday evening in December a remarkable attack by a shadowy 
group of hackers briefly paralysed Twitter. For two hours anyone who 
typed www.twitter.com into their Internet Explorer's address bar was 
re-routed to a simple black screen showing a green flag and the words:
"This site has been hacked by the Iranian Cyber Army."
Beneath the flag was a line of Persian poetry which read: "We shall 
strike if the leader orders, we shall lose our heads if the leader 

The attack caused ripples of excitement within the online community 
but it was largely thought to be a one off.

Yet a month later the same group launched an equally bold assault on 
Baidu, China most popular search engine. For more than four hours a 
website with handles 60 per cent of the world's most-populous 
nation's web searches was completely inaccessible.

Both instances employed a specific type of hack known as a "DNS 
attack" and together they provoked an avalanche of discussion among 
cyber security experts.

DNS stands for Domain Name System and in many ways it is the beating 
heart of the internet. Computers are only able to read numbers, which 
means that every website address is given an individual numerical 
code (known as an IP address) which is stored on two vast servers at 
opposing ends of the United States.

When we type in a web address, the DNS acts like an enormous digital 
phone book, matching up website names to the correct numbers and 
ensuring that we actually reach the website we want to get to rather 
than an impostor site.

Without it, trust in the internet - the most important concept in 
cyber security - would be broken. A world without DNS would create 
online anarchy because we would never know whether the website we 
were visiting - be it a bank account, Facebook, our email or a 
government site - was real or a fake.

The Iranian Cyber Army's attacks were significant because they had 
successfully broke into the DNS system and rerouted traffic away from 
Twitter and Baidu.

The assaults only targeted two websites and the damage was quickly 
rectified. But it begged a series of frightening hypotheticals: what 
if cyber criminals were able to take control of DNS? What if they 
took the whole system offline?

For a number of years such a prospect had been causing sleepless 
nights at the internet Corporation for Assigned Names and Numbers 
(Icann), the non-profit independent body which effectively regulates 
internet addresses.

A significant attack on the DNS system could cripple the internet, 
sending the world back to a pre-digital dark age. In the words of 
Bryon Holland, CEO of the Canadian internet Registration Authority: 
"If DNS were to stop working, it would render the internet 
effectively non-responsive."

Icann realised that if the DNS system was ever brought down, someone 
would have to be given the job of bringing the world back online.
You couldn't entrust that responsibility to a single group of experts 
based in one facility because the internet was supposed to be a truly 
global entity, universally accessible and outside the reach of a 
single sovereign state. It would also be much easier to steal the 
tools needed to rebuild the internet if they were all hanging up in 
the same shed.

So last month, in an announcement that could have come straight out 
of a Dan Brown novel, Icann announced that the internet would be 
protected by seven "guardians" on three different continents whose 
job would be to reboot the internet if the DNS system was ever 
critically impaired.

The announcement sent bloggers and conspiracy theorists into 
apoplexies of feverish speculation - here is a secret Lord of the 
Rings-style fellowship of gallant internet knights poised to protect 
the internet from total annihilation. The reality might be a little 
less sexy but it goes right to the heart of whether the internet 
could ever fail.

Icann itself describes the key holders as "an elite international 
circle of trust charged with restarting the internet in the event of 
a global catastrophe".

Seven people, including Paul Kane, a British cyber expert from Bath, 
have been given smart cards in tamper-proof evidence bags which they 
must keep safe at all costs. Each card contains a portion of coding 
which will enable technicians to restart the DNS system should it be 
taken over. The other card holders are based in Canada, Trinidad and 
Tobago, Burkina Faso, the Czech Republic, China and the United States.

In the event of a catastrophic attack on the Domain Name System, at 
least five of the seven card holders would need to travel to one of 
two secure facilities in the US to reboot the system.

The exact locations of the facilities are not published but it is 
thought one of them is in a heavily guarded compound in Virginia 
whilst the other is on the west coast somewhere in the desert, 
possibly Nevada.

Speaking about his newfound responsibility, Mr Kane says he has 
placed his card in a secure facility. But he is keen to stress that 
the chances of him ever needing to use it are very small.

"It is so unlikely that I'll ever be called upon but at least the 
process has been thought through for a full disaster recovery 
mechanism being in place," he told the BBC.

But how vulnerable is the internet? Would it even be possible to 
bring down the DNS servers? Tim Stevens, an expert in cyber security 
at the Centre for Science and Security Studies, King's College 
London, says conspiracy theorists and cyber security hawks often 
overstate the vulnerabilities of the internet. But he adds that it is 
always worth planning for the worst-case scenario.

"In the States you'd have to bring down the west coast and the east 
coast DNS servers to remove total functionality and to do that would 
take an enormous amount of planning, not to mention insider knowledge 
of how these systems operate," he says.

"It's so unlikely. But given this is all part of security planning 
you do prepare for the worst. Security is not perfect and it never 
will be, but generally speaking these new keys seem to be quite 

The most salient question to ask is what could be gained from 
bringing down the internet. Criminal groups may specialise in DNS 
hacking to steal money but they need the internet to be fully 
functional if their schemes are to work.

Equally, a stealth attack from a sovereign state on the DNS servers 
in the US would inevitably cripple that country's own ability to use 
and trust the web.

"At the moment it's highly unlikely that a nation state would launch 
an attack like that against the United States," says Stevens. "I know 
there's an awful lot of concern in DC about the Chinese, about the 

But really neither Russia nor China want the internet to go down either.

We would only be talking about exceptional circumstances, you'd be 
looking at a situation where relations between two states have broken 
down to such a degree that war is inevitable."

Two years ago this month Russian and Georgian forces fought a brief 
but bloody battle over the breakaway republic of South Ossetia.

Cyber security experts watched the conflict with interest because it 
provided a window into how future wars will be fought in cyberspace 
as well as on the battlefield.

As Russian tanks poured into South Ossetia they were accompanied by a 
sustained cyber assault on Georgia's internet, crippling the 
country's communication network at a crucial time.

Russia has not admitted responsibility for the hack attacks but it is 
widely accepted that at least one of its internal security services 
and possibly the military was behind it.

A full-scale war between two superpowers is perhaps the only event 
that would herald a major attack on the internet itself. In which 
case, we should heed the words of Norm Ritchie, Canada's internet key 
card holder, who says that in such a scenario, "we probably have 
bigger things to worry about than the internet".

By Jerome Taylor

Roger Clarke                                 http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list