Skip to main content

On the inside, looking out… at a tornado

Usually it’s very rude to cut someone off in the middle of a conversation, but when the excuse is an email saying the foundation of the Internet is under attack, and the recipient is the CEO of the Internet Corporation for Assigned Names and Numbers, well, then it’s understandable. This was my second day working for ICANN.

If you follow Internet issues, or, more accurately, Internet foundation issues, you will no doubt have read one of the 600 or so news articles that covered the attack on the Internet’s root servers last week. What does that mean in reality? It means that someone has gone to a great deal of trouble to get control of a great deal of computers and then, at a given moment, asked them to “fire” data requests at particular parts of the Internet in an effort to overwhelm it.

Graham Cluely (security expert and a call-a-quote genius) likened the attack to squeezing 14 fat men in a lift. I’d say it’s more like finding Mardi Gras has been diverted past your house. Either way, it’s not exactly helpful and a bunch of engineers across the globe, having beaten back the attack, were very tired the next day.

Despite its size, however, the attack had little impact on actual users because – at least as I understand it at the moment – the new Anycast technology that was designed and introduced after the last big attack in 2002 did the job it was designed to do. The frustrating thing – and which it is partly my job to help solve – is that none of this information was readily available when it was most needed to explain what was happening. I am going to work on this and hope to talk to the root server operators so I can produce a clear and concise document that explains how this part of the Internet works and what people do when the Internet itself comes under attack.

Workdays

Here’s what I also did on my second day with ICANN (on my first day I met up with new boss Paul Levins and the people from the One World Trust who are looking at ICANN’s processes and advising the organisation on what changes could be made to make ICANN more transparent and accountable):

* Met up with ICANN’s policy people who outlined who they were and what they were in charge of, at which point New Kid (me) started mouthing off about how the processes can be improved using online tools. I have been pushing for the idea of a single webpage per issue, with a calendar outlining graphically what has just happened and what is going to happen in each process. That appeared to be well-received.

* Then a meeting with Paul Twomey, the CEO, which was rudely interrupted by billions of data packets. This was important as up to this point I have mostly been forming my own ideas about how to get people to participate in ICANN and I knew from experience that Twomey would have formed his view of the job. As it happened, most of what we had both thought coincided. One thing he and Paul Levins want me to do, which I hadn’t considered enough, is push information to people. Most of my thinking had been in setting up areas and then trying to persuade people to visit. But the fact is that a lot of people want to know what you’re doing and then if something comes along that interests them, *then* they want to get involved. Because, let’s be honest, most people don’t want to be constantly interacting with ICANN. They’re too busy doing other things. So long as they know what’s going on, they can then make choices about getting involved.

During all this, it was phonecalls and emails trying to figure out how big this attack was, where it was coming from, where it was aimed, and so on. By the time that was over, a three-hour meeting had to be condensed into 30 minutes.

Making a meal of it

At dinner that night, Paul Levins started taking the first press calls about the DDoS attack. But the difficulty, as I quickly found out, was figuring out what could and could not be said while the very people that deal hands-on with the servers – the operators – got on with the real work.

Root server operators work together but are also fiercely independent (which is probably a good thing considering what we are talking about here) and even though the first port of call for a journalist covering the DDoS attack is likely to be ICANN, if a quote from ICANN suggested the organisation is somehow *in charge* of root servers (which it most certainly isn’t), then we were going to have some very unhappy engineers.

The reality though is that even if you go on and on about how ICANN only is only part of a wider system, a journalist will not outline the complexities of the situation for the very simple reasons of space and news: “The Internet is being attacked and you’d like me to explain the multi-layered relationship that underpins the functioning of the server system… yes of course, I’ll be certain to stick that in the first paragraph.” I know this because I have been a journalist for 10 years. And the truth of it is that you only care when it is your specialist field – if a story about a cat up a tree went into great detail about the type of cat it was, its Latin name, and its long and interesting personal history and then noted that it has got stuck up a particularly interesting tree, one that had been imported into the country during the Victorian era…

As it turned out, there were a number of people happy to talk about the DDoS attack so the quotes got mingled together and it all went pretty smoothly.

And that is something that I have noticed there is a lot of in ICANN: worry that its role will be misinterpreted. The constant refrain that ICANN should only cover technical aspects is so heavily imprinted in the staff’s minds, it risks growing scar tissue.

The visible spectrum

But just while we were getting bogged down in complex relationships and tensions, something happened that put it into perspective. Paul Twomey arrived at the dinner and gave a brief speech in which he outlined what he had learnt so far about the attacks and reflected on the security of this huge global network. And in discussions afterwards, Anne-Rachel Inné, ICANN’s liaison for Africa pointed out that the big Internet issue in Africa wasn’t so much fighting back against a huge, sophisticated electronic attack as getting the networks up and working in the first place.

And suddenly I was reminded again – it happens occasionally – of the enormous spectrum of issues that the Internet is throwing up. And what an increasingly important role the Net is playing both in our lives and in society. But this is the thing – you *know* this is all true. You know it in a kind of detached intellectual way. But when the people talking about these issues there in the room are dealing with it first hand, and are among the relatively few people across the globe who will actually make the changes, well then you get the hair-back-neck-up, the sense that this isn’t just idle chit-chat. And then you find you’re listening with an odd intensity, and can’t think of anywhere else you’d rather be.

Comments

    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."