Published January 13, 2015
Hackers briefly overwhelmed at least two of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.
Experts said the unusually powerful attacks, which were also noticed on three more of the 13 "root servers," lasted as long as 12 hours but passed largely unnoticed by most computer users, a testament to the resiliency of the Internet.
[The attacks appear to have been distributed denial-of-service attacks, in which countless computers bombard servers with bogus "handshake" requests, essentially forcing the servers to waste time and energy trying to respond to machines that don't exist.]
Behind the scenes, computer scientists worldwide raced to cope with enormous volumes of data that threatened to saturate some of the Internet's most vital pipelines.
The motive for the attacks was unclear, said Duane Wessels, a researcher at the Cooperative Association for Internet Data Analysis at the San Diego Supercomputing Center.
"Maybe to show off or just be disruptive; it doesn't seem to be extortion or anything like that," Wessels said.
Other experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.
The attacks seemed partly designed to test the resiliency of servers operated by UltraDNS, a company that operates servers managing traffic for some Web sites ending in ".org" and some other suffixes, experts said.
Officials with NeuStar Inc. (NSR), which owns UltraDNS, confirmed only that it had observed an unusual increase in traffic.
Among the targeted "root" servers that manage global Internet traffic were ones operated by the Defense Department and the Internet Corporation for Assigned Names and Numbers, the Internet's primary oversight body.
[The DoD and ICANN servers — the "G" and "L" machines, respectively — appear to have been swamped by the load, while three "virtual" servers — "F," "I" and "M" — that actually distribute their tasks to other machines worldwide fared much better. Click here to view charts of traffic on all 13 root servers Tuesday.]
"There was what appears to be some form of attack during the night hours here in California and into the morning," said John Crain, chief technical officer for the Internet Corporation for Assigned Names and Numbers. He said the attack was continuing and so was the hunt for its origin.
"I don't think anybody has the full picture," Crain said. "We're looking at the data."
Crain said Tuesday's attack was less serious than attacks against the same 13 "root" servers in October 2002 because technology innovations in recent years have increasingly distributed their workloads to other computers around the globe.