Trying to watch Netflix’s new season of “Black Mirror” but can’t connect? You’re not alone.
Early Friday, hackers struck the New Hampshire-based web company Dyn, which controls one of the cornerstones of America’s internet infrastructure. The ongoing attack has spawned outages for major websites such as Twitter, Spotify, Amazon, Reddit, Airbnb, Tumblr, the Boston Globe and The New York Times.
Details are still unraveling, but here’s what we know so far.
At 7:10 am EDT, hackers performed a DDoS attack against Dyn’s Domain Name System services. Domain names are essentially the internet’s version of telephone numbers. So without these services, your computer cannot “call up” or connect to a website.
“Anytime you send an e-mail or browse a website, your machine is sending a DNS look-up request to your Internet service provider to help route the traffic,” cybersecurity expert Brian Krebs wrote of today’s outage.
Dyn (pronounced “dine”) rectified this first attack after a couple hours, but by lunchtime, the hackers had hit again. Computer engineers continue to battled the hackers who employed a DDoS attack to cripple Dyn’s servers throughout the day, though an update at 5:17 pm EDT said the issue had been resolved.
A DDoS attack is akin to an electronic blitzkrieg. Hackers attempt to overwhelm one or more online servers by redirecting huge swaths of fake traffic to it. Eventually, the server runs out of bandwidth to handle bonafide requests, in essence suffocating the system.
The DDoS weapon of choice right now is the botnet. To create a botnet, a hacker installs malicious software on as many devices as possible. The software can then execute commands, like send boatloads of traffic to companies like Dyn, unbeknownst to the device’s owner.
Security experts suspect that today’s attack on Dyn involved a sophisticated botnet called Marai. The program preys on the widespread but often understated vulnerabilities laced across the internet of things, IoT. The internet of things represent every new-aged, WiFi-enabled gadget in a household, business, car and classroom with access to the web. Marai can siphon an unprecedented amount of web traffic and cripple even the best cybersecurity systems. Brian Krebs’ website, for instance, got slammed by the largest DDoS attack in history in September. The instigator: Marai.
And Marai’s blueprint is now public.
“The source code for the botnet was released last month by a hacker by the name of Anna_Senpai,” James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology, ICIT, wrote in an email to NewsHour. “And since then, cybercriminals have begun to threaten attacks against organizations in extortion schemes.”
Though the culprit behind the Dyn hack remains unknown, DDoS strikes are ever popular among cybercriminals. The BBC and Donald Trump’s campaign website were targeted by massive DDoS attacks last winter. WordPress-backed sites are constant victims.
Over the last year, these attacks have increased by 130 percent, according to Akamai, a global leader in internet content delivery. Computers in China were responsible for most — 56 percent — of the phony traffic behind these offenses. The U.S. was next closest competitor at 17 percent.
Scott said today’s attack may be just the beginning. Bruce Schneier, one of the nation’s top cybersecurity experts, spotted signs that someone was probing for weaknesses among the companies responsible for critical pieces of the internet.
“The magnitude, precision, and methodology of the attack campaign indicates a level of sophistication and resourcefulness indicative of a nation state-sponsored threat; likely originating in Russia or China,” Scott said. “The adoption of Mirai or of a similar tool by an advanced persistent threat group is troubling because when combined with a disciplined methodology, the targeted attacks are significantly more devastating.”
Editor’s Note: The attribution for an internet outage map was previously cited as “Level3 communications” as the source. It has been changed to Downdetector.