Many of the most visited websites including Twitter, Spotify, SoundCloud, Shopify, Airbnb, Vox Boston Globe among other were down following a wave of cyber-attacks against an internet directory service. The outrage was as a result of several distributed denial of service (DDoS) attacks on the DNS provider Dyn.
Dyn and other DNS provider’s usually provide a link between URLs that you type in a browser and the corresponding IP addresses. DDos attacks are mostly used to censor certain websites by overwhelming them with junk traffic and knocking them offline. By attacking Dyn it is possible to overwhelm that directory function, results being large outrage of some website. Steve Grobman, chief technology officer at Intel Security compared an outrage at a domain name service company to turning off GPS or tearing up a map before driving to the department store. It does not matter whether the store is full open and operation if you have no idea how you will reach there.
The DDoS attacks on Dyn started early Friday morning. The services were temporally restored around 9:30 but a second attack that began around noon knocked sites offline again. Dyn responded by noting that engineers were working on mitigating the issue though a third wave of attack started at around 4:30 ET before it fully resolved about two hours later.
Dyn noted that the complexity of the attacks made it complicated for them to handle instantly. The attacks were distributed, coming from millions of source IP addresses distributed around the world. Dyn’s York explained that what the hackers were doing is moving around the world with each attack. York noted that DDos attack was initially targeting company’s data centers on the East Coast, before it moved to international data centers. The attack contained ‘specific nuance to parts of the infrastructure’.
Dyn’s general counsel Dave Allen noted that with the help of other infrastructure companies Flashpoint and Akamai they had determined that some traffic used in the attack came from Mirai botnet, a network of infected Internet of Things device that is used in other very recent large-scale DDoS attacks. IoT devices are cheaply manufactured and highly vulnerable making them easy to target.
In most instances, DDoS attacks are usually followed by extortion letters that asks the company to hand over bitcoin in exchange for ceasing an attack. However in this case Dyn noted that it had not received any messages from its attacker.
Featured Image Credit: Wired