Eleven hours after a massive online attack that blocked access to many popular websites, the company under assault has finally restored its service. Dyn, a New Hampshire-based company that monitors and routes Internet traffic, was the victim of a massive attack that began at 7:10 a.m. ET Friday morning, 10/21/2016. The issue kept some users on the East Coast from accessing Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and other sites. At 6:17 p.m. ET, Dyn updated its website to say it had resolved the large-scale distributed denial of service attack (DDoS) and service had been restored. Noticed Paypal was one of the sites affected? Yes its a big baking site. This could spell trouble for users in the future. Just saying, ok back to the facts…
This is what happened:
DDoS attacks flood servers with so many fake requests for information that they cannot respond to real ones, often crashing under the barrage. It’s unclear who orchestrated the attack.
“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning though,” said Kyle York, Dyn’s chief strategy officer said on a conference call with reporters Friday afternoon.
Troubling to security experts was that the attackers relied on Mirai, an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch DDoS attacks. The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance.
These devices are in turn used to create a robot network, or botnet, to send the millions of messages that knocks out victims’ computer systems.
The source code for Mirai was released on the so-called dark web, sites that operate as a sort of online underground for hackers, at the beginning of the month. The release led some security experts to suggest it would soon be widely used by hackers. That appears to have happened in this case.
Effects felt nationwide:
Dyn first posted on its website at 7:10 a.m. ET that it “began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure.”
These resolved towards 9:30 a.m.. Then more waves began. “It’s been a hectic day,” said York.
The attack comes at a time of heightened public sensitivity and concern that the nation’s institutions and infrastructure could face large-scale hacking attacks. The most recent example has been the release of emails stolen from the servers of the Democratic National Committee, which U.S. intelligence sources say was the work of Russia. The topic has come up frequently during the fall’s hard-fought presidential campaign.
White House Press Secretary Josh Earnest said the Department of Homeland Security was “monitoring the situation” but that “at this point I don’t have any information about who may be responsible for this malicious activity.”
So far Dyn has not been able to ascertain whether the attack is aimed at any specific customer. “We have no reason to believe it is at this point,” said Dave Allen, the company’s general counsel.
The attack is “consistent with record-setting sized cyberattacks seen in the last few weeks,” said Carl Herberger, vice president of security at security company Radware.
A post on Hacker News first identified the attack and named the sites that were affected. Several sites, including Spotify and GitHub, took to Twitter Friday morning to post status updates once the social network was back online.
How the attack works
As part of its business, Dyn provides DNS services for a given swath of the Internet, effectively its address book. DNS stands for Domain Name System, the decentralized network of files that link the domain names human beings use, such as usatoday.com, with their numeric Internet Protocol addresses, such as 126.96.36.199, which is how computers look for websites.
“If you go to a site, say yahoo.com, your browser needs to know what the underlying Internet address that’s associated with that URL is. DNS is the service that does that conversion,” said Steve Grobman, chief technology officer for Intel Security.
The attack hit the Dyn server that contains that address book, a service Dyn provides to multiple Internet companies. For anyone attempting to link to a site that used the Dyn service, when they entered an address such as twitter.com or tumblr.com it was unable to link them to the proper numerical IP address, so to their computer it appeared the site was unavailable.
DDoS attacks flood servers with millions of illegitimate requests, so many that very few real requests can get through, or get through only intermittently.
Remember when Obama gave up the internet to foreign powers to regulate? On Oct 1, 2016 Obama handed the internet to ICANN a foreign organization similar to the United Nations except for the internet. July of last year he made the decision and Oct 1 of this year it was finalized and handed over. This type of hacking could become common place. Thanks Obama.
*** Please share this page on Facebook, Twitter, Email and other social media with the share tools on this page because OUR voice is YOUR voice! ***