If you were asking yourself on Friday morning, “why can’t I get onto Netflix, Amazon, or Twitter” – not to mention a host of other websites – it wasn’t your computer. A core provider of Internet infrastructure was struck with a large-scale distributed denial of service, or DDoS attack.
Intermittent attacks on the service provider Dyn scrambled service along the East Coast beginning at approximately 7:00 AM. The attack was resolved by Dyn, but the assault commenced again near the noon hour. By late in the day, downdetector.com indicated continuing outages across the United States. The attack was first reported by Hacker News.
A DDoS attack is characterized by the methodic, overwhelming aiming of requests at an internet target, usually a website. The website, or in this case, a service provider, is overwhelmed and either slows or goes down
DDoS techniques usually require a botnet of hijacked computers or devices. While DDoS attacks are not new, they have been more commonly associated with attacks on single websites. In this case, bad actors took aim at Dyn, a company that provides an address service to internet users.
It works like this—when you enter a web address, your request goes through a company like Dyn. The company translates your destination request into a number that can be understood by another computer and your connection is underway.
When a glitch—or in this case—a major DDoS attack—disrupts this switching capability, your destination website does not go down, but the road to get there is washed out, and your connection cannot be completed.
Who did it?
Well-known cyber security writer Brian Krebs notes that the DDoS attack on Dyn began within two days of presentation of a talk on DDoS attacks on internet providers by Doug Madory, Director Of Internet Analysis at Dyn.
As investigation continues, security experts are considering whether the malware used against Dyn was similar to the so-called Mirai malware used to attack the website of Mr. Krebs in September. At the time, the DDoS attack on KrebsOnSecurity was one of the largest ever, and used compromised devices from the Internet of Things (IoT) for its botnet army.
Following the Krebs DDoS event, the Mirai source code was released online, and may be part of the weaponry used against Dyn on Friday.
Media outlet Politico also reports certain members of the collective hacking group Anonymous have taken some credit for the attack, to register displeasure at the severing of the internet connection of Wikileaks provocateur Julian Assange by the Ecuadorian government.
While the Department of Homeland Security (DHS) is monitoring the event, no one as yet understands which actor, or agents, could be responsible for the disruption.
Understanding the terrain
Internet infrastructure attacks are more damaging, and cause more delay than a hack aimed at a specific business or organization. In a report, The New York Times notes experts believe probing activities aimed at U.S. internet infrastructure are on the increase.
Concern over a Russian nation-state hack of the Democratic National Committee (DNC), and tension over the cyber security of the U.S. election process are understandably causing significant worry for cyber security experts around the globe. There remains no evidence though, that hackers could disrupt the results or outcome of the American election in November.
What can you do about this type of service disruption?
As we discussed earlier, businesses with enough scale and budget may consider decentralizing their cloud services over different regional data centers to try and keep some business capability in the event of a larger attack on one geographic internet service area.
Yet despite decentralization, retail and service provider Amazon experienced service disruptions on Friday, possibly as a result of the DDoS.
More information on the hack will be known in coming weeks. We’ll keep you posted.