Mysterious Hackers Are Trying to Take Down the Entire Internet

Whoever is behind this knows what they’re doing.

There are just 13 servers around the world that act as a core directory for the rest of the internet, and someone—or a group of someones—recently tried to knock them out of commission. If they succeed, this would be the end of the internet as we know it.

Let me explain. If you type the easy-to-remember “” into your browser, this cluster of servers makes sure that this simple name points to a more complicated Internet Protocol (IP) address. Collectively these root servers form what Ars Technica calls “one of the most vital organs of the internet anatomy.”

At the end of November, those organs were under attack. A dryly-worded report at stated that the servers began taking a “high rate” of queries for one domain name on November 30th. The attack lasted over two hours, started again on December 1st, lasting for about an hour. “The observed traffic volume due to this event,” reads the report, “was up to approximately 5 million queries per second.”

This is evidence of a DDoS attack, a technique generally used by hackers to disable a system by overwhelming it with traffic.  Remarkably, while the servers that form the core of the internet were perhaps shaken enough to slow down a bit, there were “no known reports of end-user visible error conditions during, and as a result of, this incident.”

So no harm, no foul, right? The internet’s spine took a couple of blasts from an unusually large DDoS attack and kept on ticking. Turns out, reports Ars Technica, this was a big, big deal:

Despite the minimal impact on end users, however, the attack was by no means a non-event. A torrent of five million queries a second that hits most of the root servers for an hour or more represents a formidable amount of computing power and bandwidth. The volume represents as much as a 250-fold increase over the normal load placed on a typical root server, Keith Mitchell, president of the Domain Name System Operations Analysis and Research Center, told Ars. Mitchell cited slide six of this presentation showing root servers receiving from 20,000 to 50,000 queries per second.

All those hits were widely distributed, originating from many different computers which together formed a massive “botnet”— computing zombies with one mission in that moment: rattling the internet at its core. Tech Times reported that this was just the third time the root servers have been DDoSed in this manner, and that no single nation or hacking collective has ever been fingered by name. 

So far, it looks like any attempt to deny service from these vital servers is doomed to fail, based on safety protocols meant to cushion the blow for the big 13. Let’s hope for the sake of everyone who uses the internet — which is basically the entire world — that the fourth time doesn’t end up being the charm.

Photos by John Lund / Blend Images / Getty