Attacks cause online outages
Motive unknown in what may be largest strike ever
SAN FRANCISCO — For millions of people on Friday, it felt like someone had pulled the plug on the internet.
A series of cyber attacks — known as distributed denial of service, or a DDoS attack — took down Dyn, an internet infrastructure company that, among other things, provides domain name services, online traffic management and email connectivity to hundreds of companies.
That meant that beginning about 6 a.m., web traffic to companies that use Dyn to operate their sites came screeching to a stop.
The list of affected companies included some of the most frequented websites online: Amazon, Netflix, Twitter, Kayak, Spotify, Airbnb, Reddit, SoundCloud, Shopify, GitHub, Etsy. And it stopped traffic to news outlets like the Boston Globe, CNN, Wired and the New York Times.
The White House called the disruption malicious and a hacker group claimed responsibility, though its assertion couldn’t be verified.
The attack may turn out to be among the biggest in history, as mounting evidence pointed to similarities between Friday’s attack and a record-setting assault last month using compromised devices from the so-called Internet of Things.
Malware infections
Any number of devices, including televisions, smart watches, alarm clocks, vacuum cleaners, children’s toys and anything else with an internet connection are vulnerable to being infected with malware and, without their owners’ knowledge, used in that kind of attack.
It was, security experts said, a reminder to many of how vulnerable the internet can be and supported fears that DDoS attacks may be growing stronger in their ability to shut down wide swaths of the internet with a single, targeted strike.
Dyn said the onslaught of junk traffic crippling its servers seemed to be coming from tens of millions of IP addresses from around the world.
Typically in a DDoS attack, hackers will deploy a botnet, or a network of computers infected with malicious software (or malware), to route phony traffic to a certain site or server with the intent of shutting it down.
Security firm Flashpoint reported on Friday that there was evidence that a specific botnet called Mirai had been used in the attack on Dyn.
‘Quite difficult to do’
One thing security experts could say with certainty was that the assault on Dyn was no ordinary DDoS attack. It was much, much bigger.
“It’s not unusual that Dyn was attacked — Dyn, and other DNS providers, are pretty common targets of attack. What’s unusual is that they were able to take Dyn down,” said Jeremiah Grossman, SentinelOne’s chief of security strategy. “That’s actually quite difficult to do.”
“There are a number of reasons why someone might want to do this,” he said. “The easiest one is they’re just jerks — and that’s not uncommon. Reason number two is extortion, though that doesn’t seem to be the case here. Reason number three is maybe you’re just stretching your legs, trying to figure out what you’re capable of.”
Members of a shadowy collective that calls itself New World Hackers claimed responsibility for the attack via Twitter. They said they organized networks of connected “zombie” computers called botnets that threw a staggering 1.2 terabits per second of data at the Dynmanaged servers.
“We didn’t do this to attract federal agents, only test power,” two collective members who identified themselves as “Prophet” and “Zain” told an Associated Press reporter via Twitter direct message exchange.
Dyn officials said they have received no claim of responsibility but are working with law enforcement.
The collective, @NewWorldHacking on Twitter, has in the past claimed responsibility for similar attacks.
The FBI and Department of Homeland Security were monitoring the situation, White House spokesman Josh Earnest told reporters Friday.
Small firms hit hardest
The reach and economic impact of the shutdown was not immediately clear. Many companies have contingency plans in place to offset the damage done by such an outage.
But customers and small businesses that rely on websites like Twitter or Etsy to do business are the most affected. Unless the website or app they use can reroute its operations and get back online, there’s nothing a customer can do but sit and wait.
“I am pulling my hair out trying to figure out what I am going to do because I lost an entire day of work,” said Taylor Nikolai, CEO of Viral Spark, which does social media consulting. “I had a lot of things scheduled out today and I don’t know what’s happening.”
For some, Twitter was down nearly half the day.
While the first attack largely impacted internet users on the East Coast, subsequent assaults appeared wider-reaching, with people in California and other parts of the U.S. reporting connectivity issues, as well as some in parts of Europe and Asia, according to several outage monitoring sites.