After months of concerns about cyber terrorism, reports have emerged that the internet withstood what appears to have been a major assault on its core infrastructure late on Monday when all 13 of its root servers were attacked, according to a spokesman for VeriSign, which operates two of the servers.
Unknown sources attempts to bring down the web are unsuccessful
The DDOS (distributed denial of service) attack started at about 5pm EDT (10pm GMT) on Monday and lasted for about an hour, said Brian O'Shaughnessy, a spokesman at VeriSign, the largest internet domain name registrar.
The FBI's National Infrastructure Protection Centre "is aware of the matter" and is "addressing" it, said Steven Berry, a supervisory special agent with the FBI's press office.
Root servers are used by the internet's DNS (domain name system), which takes easy-to-remember domain names used by people, such as http://www.pcadvisor.co.uk, and converts them into the numerical IP addresses used by computers.
Four or five of the internet's 13 root servers kept working during the attack and so internet traffic kept moving because the DNS is structured so that eight or more of the servers have to stop working before slowdowns occur, according to a report yesterday evening in the online edition of the Washington Post which was among the first to report the incident.
In fact, no major outages occurred as a result of the attack, according to the Post, meaning internet users were unaware of what had happened. Nevertheless, one source quoted in the report characterised the incident as one of the largest attacks ever against the internet.
"This was the largest and most complex DDOS attack ever against the root server system," an anonymous source at an organisation responsible for the system told the Post.
Matrix NetSystems, which tracks the status of internet traffic, yesterday said that the DDOS actually lasted for as long as six hours and may have slowed down web traffic and the delivery of emails for some users late Monday night.
"What happened was dramatic," said Tom Ohlsson, vice president of marketing for Matrix NetSystems, which compiles reports that detail how much traffic goes through the internet backbone at any given time. "In terms of damage, the worst is probably behind us as of [Tuesday]."
DDOS attacks blast servers with more data than they can handle, which can cause servers to overload or crash and networks to clog with traffic. They are typically very simple to carry out, Ohlsson said.
Officials at organisations that operate the internet backbone told the Post that they did not know yet who is responsible for the attack.
Matrix NetSystems traced the attacks to a number of US internet hosting service providers, as well as one in Europe, which likely acted as "unwitting hosts" to the perpetrators, Ohlsson said. He added that the attack could have originated anywhere.
A spokeswoman for Microsoft MSN internet service yesterday said it had not noticed any slowdown in traffic.
VeriSign said its two root servers kept working during the incident. "VeriSign expects that these sort of attacks will happen, and VeriSign was prepared," O'Shaughnessy said.
Other root server operators include Nasa Ames Research Centre, the US Army Research Lab, Icann (Internet Corporation for Assigned Names and Numbers) and the Internet Software Consortium.