Sophisticated Attack Takes Down Key Internet Servers

This post has been updated

A massive distributed denial-of-service attack has taken down the servers of Dyn, a company that provides domain name services which route a requests for human-readable addresses to the appropriate server.

Dyn provides routable addresses to major sites and services such as Twitter, Spotify, Etsy, and GitHub, rendering large swaths of the internet inaccessible to web browsers.

Servers that help route traffic around the internet were attacked this morning.

The attack began on Friday morning and has been focused on the U.S. East Coast, where a large number of servers are located. Around 9:30 am ET, Dyn briefly recovered, but the attacks resumed within hours. The provider fully restored services in the afternoon.

That hackers could take down a fundamental piece of the internet hints at the power of their capabilities.

These so-called DDoS attacks work by bombarding servers with massive amounts of traffic, overwhelming their ability to reply to valid requests. This latest attack used at least one large botnet known as Mirai, which controls around 200,000 compromised web-connected cameras and other Internet of Things devices. These devices are cheaply built and programmed with extraordinarily lax security; there’s also no feasible way to patch many of the devices, meaning the only solution is to find and disconnect them from the internet.

The source code which powers this botnet was released a couple of weeks ago, allowing potentially anyone to wield hundreds of thousands of compromised devices for nefarious purposes.

Edward Snowden discusses why we should be prioritizing defensive cyber capabilities.

Dyn and affected companies like GitHub are working to undo the damage. Companies can insulate themselves against these attacks by using multiple DNS services.

While it’s still too early to discern the source of the attack or infer a motive, security expert Bruce Schneier reported early last month that someone has been ramping up DDoS attacks, likely probing key portions of the infrastructure of the internet for weaknesses. “We don’t know who is doing this, but it feels like a large nation state,” he wrote. It’s unclear if those probes are related to today’s attack.

This developing story will be updated as new information is reported…

As internet connections multiply, so do points of attack and risks to national security.