Updated at 7:30 p.m. ET
Hackers attacked a major Internet infrastructure company Friday, causing intermittent disruptions to websites and services including Twitter, Amazon, Spotify and Airbnb most of the day. It wasn’t until shortly after 6 p.m. ET, that the company said that the “incident” had been resolved.
Friday’s disruptions were the result of a massive DDoS, or “distributed denial of service,” attack. That’s when hackers overwhelm a website with fake traffic to cause breakdowns. Except in this case, it wasn’t just one website. The victim of the attack is a company called Dyn (pronounced “dine”).
Dyn is one of the companies that sit between you and some of the biggest websites and services — and help make sure that when you type in a Web address, your traffic is properly routed. That’s why the ripples of the attack on Dyne spread across the Internet and affected the performance of many sites throughout the day.
The full day of attacks began around 7 a.m. ET. Dyn says the attacks came in three waves and rolled around the world: After Dyn cleared its East Coast data centers, the attackers moved their targets across the country and the world.
The most notable element of this attack is its origin. Typically, DDoS attacks are done through a ton of computers that hackers hijack and use to barrage websites. But this time, Dyn officials say it wasn’t computers — it was “tens of millions” of Internet-connected things, like CCTV cameras, DVRs and routers.
“We see dozens of attacks over the period of weeks and months. … We’re always seeing DDoS attacks,” says Dyn Chief Strategy Officer Kyle York. But the use of Internet-enabled devices results in a whole new scale of an attack.
“It’s just so darn distributed,” York told reporters. “Literally, picture tens of millions of things attacking a data center. No matter the size and scale of the independent things, tens of millions of anything make up something large. And that’s the complexity of this.”
As The Washington Post explains, Dyn is one of just a few companies in its industry:
“The service that Dyn provides is called the Domain Name System, or DNS. It works sort of like a phone book for the Internet — translating URLs into the numerical IP addresses for the servers that actually host sites so your browser can connect to them. …
“Dyn is one of a handful of major DNS service providers. Friday’s attacks highlight how that structure can mean an attack on one company can disrupt huge chunks of the Internet all at once.”
The attack on Dyn targeted DNS servers, which as Bloomberg aptly puts it “is like taking away all the road signs on a country’s highway system.” The White House says the Department of Homeland Security is monitoring the attack — and Dyn says it has received support from the entire industry, including not only its own clients, but even competitors.
Dyn General Counsel Dave Allen says some of the devices used in the attack were infected by malicious code known as the Mirai botnet. Here’s how computer-security journalist Brian Krebs explains its impact on the universe of Wi-Fi-connected devices, known as the Internet of things, or IoT:
“Mirai scours the Web for so-called IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.”
Krebs says Mirai is the same malware strain used in another large attack, on his own site, in September — and the hacker who created it has now published its code on the Internet, “effectively letting anyone build their own attack army using Mirai,” Krebs writes.
The attack on Dyn comes a day after the company’s director of Internet analysis, Doug Madory, gave a presentation about DDoS attacks at an industry conference. Krebs says he and Madory had teamed up on research into “the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen.”