'Massive' Cyberattack Hits U.S. Servers, Affects Twitter, Reddit and Other Sites
Update, 6 p.m. PDT:
Dyn has now posted a “Preliminary Findings Report” on its website. It states:
On Friday October 21, 2016 at approximately 11:10 UTC, Dyn came under attack by a large Distributed Denial of Service (DDoS) attack against our Managed DNS infrastructure in the US-East region. Customers affected may have seen regional resolution failures in US-East and intermittent spikes in latency globally. Dyn’s engineers were able to successfully mitigate the attack at approximately 13:20 UTC, and shortly after, the attack subsided.
At roughly 15:50 UTC a second DDoS attack began against the Managed DNS platform. This attack was distributed in a more global fashion. Affected customers may have seen intermittent resolution issues as well as increased global latency. At approximately 17:00 UTC, our engineers were again able to mitigate the attack and service was restored.
“The complexity of the attacks is what is making it so difficult for us,” Kyle York, the company’s chief strategy officer, told The New York Times. “What they are actually doing is moving around the world with each attack.”
The New York Times also provided additional details on the method used to attack Dyn. “The data flood came from tens of millions of different Internet-connected machines — including increasingly popular but highly insecure household devices such as web-connected cameras,” the newspaper reported. “It was an onslaught whose global shifts suggested a sophisticated attacker, though Dyn said it had neither suspect nor motive.”
According to The Associated Press, “a shadowy collective that calls itself New World Hackers claimed responsibility for the attack” and engaged with AP reporters directly. “We didn’t do this to attract federal agents, only test power,” New World Hackers told one reporter via a direct message on Twitter. The claim has not yet been verified, although the hacker group said more than 10 of its members were responsible for shutting down Dyn.
Update, 1:19 p.m. PDT: Dyn has posted the following update on its website:
“Our engineers are continuing to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.”
12:30 p.m. PDT: A large-scale cyberattack hit one of America’s largest Domain Name System (DNS) providers Friday morning, temporarily shutting down websites such as Reddit, Twitter and Spotify.
Dyn, a New Hampshire Internet services company, reported around 4 a.m. Pacific time that a large-scale yet unsophisticated attack temporarily overwhelmed its servers. By 6:30 a.m., the company said service was back to normal, but around 9 a.m. Pacific time, Dyn again said it was experiencing such an attack. Around 11 a.m., Dyn said it was investigating and mitigating “several attacks.”
that the attack was “mainly affecting users on the U.S. East Coast.” It continues:
Dyn said it had resolved one attack, which disrupted operations for about two hours, but disclosed a second attack a few hours later that was causing further disruptions.
In addition to the social network Twitter and music-streamer Spotify, the discussion site Reddit, hospitality booking service Airbnb and The Verge news site were among companies whose services were disrupted on Friday.
Amazon.com Inc’s web services division, one of the world’s biggest cloud computing companies, also reported a related outage, which it said was resolved early Friday afternoon.
Gizmodo provides a brief explanation of DNS technology:
In order to understand how one DDoS attack could take out so many websites, you have to understand how Domain Name Servers (DNS) work. Basically, they act as the Internet’s phone book and facilitate your request to go to a certain webpage and make sure you are taken to the right place. If the DNS provider that handles requests for Twitter is down, well, good luck getting to Twitter. Some websites are coming back for some users, but it doesn’t look like the problem is fully resolved.
Gizmodo also includes a running list of websites that internet users aren’t able to access.
Stay tuned for updates on this story.
—Posted by Emma Niles