On October 21, 2016, access to a wide array of popular websites was disrupted several times throughout the day by several waves of cyber-attacks. The target was Dyn, a global internet routing company that serves as a Domain Name System (DNS) for of popular sites, including Twitter, Spotify, Reddit, Netflix, The New York Times, and others.

DDOS Attack
A Distributed Denial of Service (DDoS) attack uses a network of machines as a computer army to overload the target and cripple its functionality (Flickr/Christiaan Colen)

DNS’s like Dyn are important to the functionality of the internet because they serve as a virtual address book, linking commonly recognized domain names – like “www.twitter.com” – to a sites’ Internet Protocol (IP) address on its server. When the DNS is not working properly, users’ browsers are unable to locate the site in question. Dyn is a particularly large DNS, thus the outages were wide-reaching. Dyn engineers first detected the attack at 7:10 am EST; Dyn reported that they had resolved all incidents by 8:17 pm.

The perpetrators (as of yet, unidentified) were able to restrict access to domain names under Dyn through a Distributed Denial of Service (DDoS) attack. This type of attack is based around the principle that a target (sometimes a single server, but in this case, a DNS) is designed to handle a certain amount of regular traffic. A DDoS attack exploits this by employing a large number of “bots” to flood the target with requests, disrupting the flow of legitimate requests. For users, this translates into the DNS being unable to forward them to the correct server when the user types “www.twitter.com.”

However, what was particularly interesting about this attack was how the hackers utilized the “bots.” A significant portion of the illegitimate traffic used to conduct the attack came from a growing network of internet-connected objects known as the “Internet of Things.” Hackers infected many of these devices – which includes internet-connected thermostats, cameras, appliances, and other electronics – with a type of malware known as Mirai. Mirai is specifically designed to infect objects and leverage them as conduits for an overwhelming amount of traffic directed at the target.

Dyn reported that “tens of millions” of IP addresses were involved in this computer army, many of which originated with infected devices. Chinese electronics company Hangzhou Xiongmai issued a recall of some of its web cameras which were involved in the attack. The cameras’ simple default passwords made them easy targets for the Mirai malware. The attack raises larger questions about the security of IoT devices, which are expected to number around 20.8 billion by 2020. And the issue surrounding passwords is not limited to one company; a recent survey by IT security firm ESET and the National Cyber Security Alliance found that 30 percent of respondents had not even changed the default password on their router. Another 20 percent could not remember if they had. All of this points to the fact that technological illiteracy may soon compromise security unless a change in practices begins at the consumer level.

Sources and Further Reading:

What We Know About Friday’s Massive East Coast Internet OutageWired

WikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skepticalPolitico

Webcams involved in Dyn DDoS attack recalledTech Crunch

Internet of Things: Have We Bitten Off More Than We Can Chew?NBC News

Americans uneasy with IoT devices like those used in Dyn DDoS attack, survey findsTech Crunch

DDoS Attack Against Dyn Managed DNS: Incident Report for Dyn, Inc.Dyn Status