Cyber attack takes down major websites
An internet outage affected many of the world's biggest online firms yesterday, with websites including Twitter, Netflix, Spotify, Reddit, PayPal and eBay down for long stretches. Other services such as PlayStation Network also appeared to be hit by the outage. Google and Facebook were unaffected.
The widespread disruption was the result of a coordinated assault on some of the underlying infrastructure that powers the Internet. Dyn, one of several companies responsible for hosting the crucial web directory known as the Domain Name System (DNS), suffered a sustained “distributed denial of service” (DDoS) attack, leading many people intermittently to lose access to specific sites or to the internet entirely.
A DDoS attack means hackers hijack vast numbers of internet-connected devices to swamp a victim’s website with so much junk traffic that it is unable to cope. Dyn, based in New Hampshire, said the attack began shortly after 12pm. Twitter, Netflix et al were not directly targeted, but the attack on Dyn – which reportedly serves around 30 Fortune 500 companies – affected users’ access to those sites.
The company indicated that the issue had been fixed by 2.30pm, but that the assault began again a couple of hours later. Just before 7pm the firm said on its status page that the “advanced service monitoring issue” had been resolved, but that its engineers were “still investigating and mitigating the attacks on our infrastructure.”
It still wasn't clear last night where the cyber-attack originated. Kyle York, Dyn’s chief strategist, told The New York Times that the hit on its servers was highly sophisticated. “This was not your everyday DDoS attack,” he told the newspaper, whose own website was affected by the incident. “The number and types of attacks, the duration of attacks and the complexity of these attacks are all on the rise,” Mr York warned.
In a recent essay entitled Someone is Learning How to Take Down the Internet, web security expert Bruce Schneier wrote that someone had been “extensively testing the core defensive capabilities of the companies that provide critical internet services.” Though no culprit has been identified, Mr Schneier suggested “it feels like a large nation state. China and Russia would be my first guesses.”
Lawrence Orans, a vice president at research firm Gartner specialising in web security and DDoS attacks, agreed. “An attack of this magnitude can’t be executed by a kid in his bedroom,” he said. “It’s more sophisticated than that. A nation state would be a prime suspect.”
The US authorities are thought to be concerned that such attacks could be used in an attempt to somehow disrupt the coming presidential election. The US Department of Homeland Security and the FBI were both investigating yesterday’s attack, Reuters reported.
While DDoS attacks “do not cause permanent damage,” Mr Orans explained, they can temporarily affect communications, spread a sense of chaos and in some cases cause economic effects, for example by attacking retailers during a sale season. “It’s a temporary disruption to make a point,” he said. “But it’s highly inconvenient.”