Support Provided ByLearn More
Tech + EngineeringTech & Engineering

Sophisticated Attack Takes Down Key Internet Servers

ByTim De ChantNOVA NextNOVA Next
In fall 2016, the Mirai botnet attacked key servers that route traffic around the internet.

This post has been updated.

A massive distributed denial-of-service attack has taken down the servers of Dyn, a company that provides domain name services which route a requests for human-readable addresses to the appropriate server.

Support Provided ByLearn More

Dyn provides routable addresses to major sites and services such as Twitter, Spotify, Etsy, and GitHub, rendering large swaths of the internet inaccessible to web browsers.

The attack began on Friday morning and has been focused on the U.S. East Coast, where a large number of servers are located. Around 9:30 am ET, Dyn briefly recovered, but the attacks resumed within hours. The provider fully restored services in the afternoon.

That hackers could take down a fundamental piece of the internet hints at the power of their capabilities.

These so-called DDoS attacks work by bombarding servers with massive amounts of traffic, overwhelming their ability to reply to valid requests. This latest attack used at least one large botnet known as Mirai, which controls around 200,000 compromised web-connected cameras and other Internet of Things devices. These devices are cheaply built and programmed with extraordinarily lax security ; there’s also no feasible way to patch many of the devices, meaning the only solution is to find and disconnect them from the internet.

The source code which powers this botnet was released a couple of weeks ago, allowing potentially anyone to wield hundreds of thousands of compromised devices for nefarious purposes.

Dyn and affected companies like GitHub are working to undo the damage. Companies can insulate themselves against these attacks by using multiple DNS services.

While it’s still too early to discern the source of the attack or infer a motive, security expert Bruce Schneier reported early last month that someone has been ramping up DDoS attacks, likely probing key portions of the infrastructure of the internet for weaknesses. “We don’t know who is doing this, but it feels like a large nation state,” he wrote. It’s unclear if those probes are related to today’s attack.

Receive emails about upcoming NOVA programs and related content, as well as featured reporting about current events through a science lens.

Photo credit: Victorgrigas/Wikimedia Commons (CC BY-SA)

Funding for NOVA Next is provided by the Eleanor and Howard Morgan Family Foundation.

National corporate funding for NOVA is provided by Draper. Major funding for NOVA is provided by the David H. Koch Fund for Science, the Corporation for Public Broadcasting, and PBS viewers. Additional funding is provided by the NOVA Science Trust.