Huge cyber attack breaks the internet for millions
HUNDREDS of popular websites were taken offline for hours yesterday after a critical internet point was hit by multiple cyber attacks.
Hackers brought sites including Twitter, eBay and The Telegraph offline for millions of users after targeting Dyn, a New Hampshire-based company responsible for routing internet traffic.
The attacks created blackouts for millions of internet users yesterday afternoon. Nobody claimed responsibility but experts said they were simple enough to have been carried out by an individual teenager.
There was no evidence that any personal data of internet users had been stolen or that individuals’ security had been compromised.
Dyn is one of a handful of “domain name server” (DNS) providers that operate the internet’s address book, ensuring the web addresses people type into their computers make it to the correct website. If the provider goes offline, then computers do not receive directions to a website, meaning they fail to load pages.
A first attack on the company shortly after noon sent websites offline for more than two hours, and a second less than three hours later caused a further outage.
It affected many of the biggest websites in the UK and the US, including several major news outlets, the music service Spotify and Reddit, the social network.
Dyn said the attackers had used a socalled distributed denial of service attack, in which they remotely take control of thousands of unsecure internet routers and computers and flood the target with traffic.
When an internet server is dealing with an overload, it is unable to respond to most normal queries, making it impossible for internet browsers to connect with websites. Attacks on DNS hosts are typically much more effective than targeting a single website because hundreds of sites rely on them to direct traffic.
“DNS providers are central to the operation of the internet,” said Dave Larson, chief technology officer of Corero, an internet security company. “So denial of service attacks targeted specifically against DNS providers can be especially damaging.”
Denial of service attacks are simple but notoriously difficult to defend against, making them a favourite of internet pranksters. Using easily available software, hackers can scan for vulnerable computer systems and turn thousands of them against a single target.
“The relative ease at which [the] attacks are executed suggests that the perpetrators are most likely teenagers looking to cause mischief rather than malicious state sponsored attackers,” said Robert Page, of Redscan, a security testing company.