The FBI has begun an investigation into a massive denial of service attack, which aimed to bring down the key root servers responsible for directing communications on the internet.
The attack, which threatened to disrupt communication on the internet in the early hours of Tuesday morning, prompted a co-ordinated effort by law enforcement agencies in the US to shut down the attack and trace those behind it.
Mike Witt, director of operations at the US Computer Emergency Readiness Team, part of the Department of Homeland Security, said his team took action following a surge in traffic directed at three of the 13 key servers used to control the internet.
“We co-ordinated with the owners and operators of the root servers and the North American Operators Group, the people that actually run the backbone of the internet, and worked with them and the DNS owners to see where the attacks were coming from,” he told Computer Weekly.
The attackers targeted three DNS servers, which are responsible for directing people browsing the web to the correct sites on the internet.
Security teams worked to identify the source of the attacks and to cut them off from using the internet.
“We had to make sure we [distinguished between] those that are attacking and genuine traffic. That is what takes time and effort. That is why denial of service attacks sometimes go on longer than we would like,” said Witt.
Although attacks against DNS servers rarely receive publicity, they are an almost everyday occurrence, Witt revealed. “This one was simply a litter bit louder than normal,” he said
The attacks, known as distributed denial of service attacks, lasted about two hours. They were thwarted before they had a chance to cause disruption to internet users, said Witt.
Distributed denial of service attacks make use of networks of infected PCs, known as zombies, to bombard the targeted computer systems with messages designed to bring them to a halt.
Witt said the FBI was now investigating the incident.
Comment on this article: [email protected]