Friday is usually a great day to surf the web, check your twitter feed or update your social media status. But a major cyberattack this past Friday broke the internet, or at least parts of it, and affected users access to hundreds of websites, including the New York Times, Reddit, Twitter, Spotify, and eBay.
The Friday morning attack against Dyn, an Internet infrastructure company headquartered in New Hampshire, started around 7 am ET. That first attack was resolved after about two hours. And then a second attack began just before noon. Later that day, Dyn reported a third wave of attacks. In all cases, traffic to Dyn’s Internet directory servers throughout the US—primarily on the East Coast but later on the opposite end of the country as well—was stopped by a flood of malicious requests from tens of millions of IP addresses disrupting the system. Although the company reported the issues to be resolved by Saturday morning, Dyn’s CSO, Kyle York, described the events as “unprecedented” in its complexity and scope.
Dyn’s DNS service acts as a bridge between human-readable domain names and IP addresses that the internet is able to understand, and it was customers of this managed DNS service that were impacted. A distributed denial-of-service (DDoS) is an attack where the target is overwhelmed with a deluge of data to cause the network to crash. In the case of this Dyn’s hack, it prevented users from accessing certain websites. Also a number of video cameras were manipulated to repeatedly ping Dyn’s network to prevent other traffic from accessing their clients’ sites. For this reason, initial reports have stated that the Internet of Things (IoT), or the growing network of physical objects assigned IP addresses without manual computing power, was manipulated to produce the repeated threats.
While this type of DDoS attack is not unprecedented, the scope and sophistication of the attack is extraordinary, with tens of millions of hacked IP addresses involved. Each time Dyn engineers would mitigate the attack, it would move to a different data center location around the world.
Experts have long warned that DNS is vulnerable to attack and needs better security. A DDoS attack may not compromise sensitive information, but the interruption of services alone has significant financial impact on online entities.
Does anyone think this will be the last such incident? Now that we’re entering the busiest online shopping season of the year, DDoS events could be the most benign attacks we’re likely to see for a while.