October 22 2016
A key part of the internet’s infrastructure was hit by a series of attacks in the past 24 hours, causing major services such as Netflix, Twitter, Spotify, Airbnb and news sites such as The New York Times to be inaccessible for many users.
The attacks targeted Dyn, a company that helps people connect to websites, with a huge amount of traffic in an attempt to knock the service offline, according to Dyn’s director of internet analysis, Doug Madory.
Homeland Security investigating massive US internet outage
White House Spokesman Josh Earnest says the administration is aware of Friday’s internet interruption and that the Department of Homeland Security is investigating.
The first digital assault appears to have started around 7.10am New York time on Friday in the US, and Dyn said it was resolved at roughly 9.20am. A second attack began around 11.50am, according to the company. And a third attack occurred in the afternoon.
The service that Dyn provides is called the Domain Name System or DNS. It works sort of like a phone book for the internet — translating URLs into the numerical IP addresses for the servers that actually host sites so your browser can connect to them.
The type of attacks targeting Dyn are commonly known as distributed denial of service, or DDoS attacks. The effects were intermittent and many of the details remain scarce, although the first attack primarily affected users on the East Coast, according to Dyn.
The second attack appears to be more widespread. People in many parts of the US as well as some areas in Europe and Asia are having difficulty accessing sites that rely on Dyn’s service, according to DNS testing tool TurboByte Pulse.
The Department of Homeland Security said it is looking into the attacks.
“We’re aware and are investigating all potential causes,” DHS deputy press secretary Gillian Christensen said in an e-mailed statement.
A senior US intelligence official, speaking to NBC, described the attacks as “a classic case of internet vandalism” with no sign that it is a state-sponsored attack.
Nevertheless, WikiLeaks posted a tweet that seemed to suggest outage was caused by followers of the group’s leader Julian Assange.
The disruptions come at a time of unprecedented fears about the cyber threat in the United States, where hackers have breached political organisations and election agencies.
Homeland Security last week issued a warning about a powerful new approach for blocking access to websites – hackers infecting routers, printers, smart TVs and other connected devices with malware that turns them into “bot” armies that overwhelm website servers in distributed denial of service attacks.
Dyn, which is based in New Hampshire, is one of a handful of major DNS service providers. Friday’s attacks highlight how that structure can mean an attack on one company can disrupt huge chunks of the internet all at once.
Issues with Amazon Web Services, a cloud hosting provider relied on by many popular sites, also occurred this morning. A status update posted on its website noted disruptions at roughly the same time as the first attack against Dyn.
“The root cause was an availability event that occurred with one of our third party DNS service providers,” the company said, although it did not specifically cite Dyn.
Madory said the attacks against Dyn may be similar to the one that hit journalist Brian Krebs earlier this year. In that case, someone hijacked unprotected internet-connected devices like webcams to bombard his site with record levels of traffic.
Dyn provided assistance to Krebs while he was investigating the attack and recently presented research on the case — which may have caused the service to be targeted, according to Madory.
“We were concerned about some blowback from the stuff about Krebs, but we made a decision that it was important work, and we wanted to be part of the solution for everybody’s sake,” he said.
These kinds of attacks have become more powerful and more frequent.
Last week a DHS cyber defense team warned about new strains of malware that blast sites with traffic from everyday products connected to the internet.
“It’s important for [internet of Things] vendors who haven’t prioritised security to take this escalating series of attacks as a wake-up call,” said Casey Ellis, the founder of crowd-sourcing cybersecurity firm Bugcrowd. “We’re entering a period where this is very real, calculable, and painful impact to having insecure products.”
A recent report from cloud security provider Akamai said it saw a 129 per cent increase in DDoS attacks against its customers in the second quarter of 2016 versus the same period last year.
That combination makes DDoS attacks hard for even major sites to withstand.
“Nobody can take on the scale of these attacks these days,” said Madory.
Washington Post, Reuters