A single hacker with a "beefy laptop" could severely hamper a significant portion of the internet's traffic, warned a member of the Internet Corporation for Assigned Names and Numbers (Icann) at the group's annual meeting this week.
Concern over the stability and security of the internet's root domain name servers has dominated Icann's gathering held in California.
To meet the concerns, the Corporation turned the focus of the four-day meeting over to what it called the "Security and Stability of the Internet Naming and Address Allocation Systems."
In the wake of the 11 September attacks on the US Icann's attention has been drawn to the very real threats that denial of service (DoS) attacks, and as yet undiscovered vulnerabilities in the Bind DNS software, pose to the stability of the internet.
The entirety of the web's traffic is routed through 13 root DNS servers based in the US, the UK, Sweden and Japan, all running Bind software which has already been found to contain major security vulnerabilities.
The security of the root servers has been addressed before by way of an Internet Engineering Task Force (IETF) RFC released last year which stated: "The servers need both physical and protocol security as well as unambiguous authentication of their responses."
The IETF advised those running root DNS servers that "physical security must be ensured in a manner expected of data centres critical to a major enterprise" and that "each server must run software which correctly implements the IETF standards for the DNS".
But speaking on the panel at the Root Name Server Security debate, Lars-Johan Liman, of NORDUNet, which operates a root server in Sweden, said that "the physical security of the computers is your least worry".
He explained that any of the 13 main servers could be reconfigured without too much trouble by an attacker with a "beefy laptop", citing the potential of Bind bugs as well as the possibility of DoS attacks knocking servers out.
Prior to this week's meeting Icann said that switching the focus to security was necessary because "it would be irresponsible not to conduct an in-depth assessment of the robustness and security of these systems, and to take steps, if necessary, to strengthen the internet in these regards. These are urgent matters and of worldwide importance."
Icann said that the terrorist attacks "underscored the need to address internet stability issues, and security as a key component of stability". But the organisation was quick to acknowledge that it "is not responsible for the overall security of the internet".
The body has no authority to force the root server controllers to modify their systems to make them more secure. Effectively, Icann has been forced to resign itself to an advisory role.
"At this meeting, Icann will be seeking to promote discussion throughout the community on how to reassess areas of potential, how to improve readiness to meet these threats, and what additional policies or other actions should be considered and implemented to facilitate such improvements," the group said.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23