Popular sites such as Twitter, Netflix and PayPal were unreachable for part of the day
Oct. 21, 2016
Attackers controlling a vast collection of internet devices unleashed several massive attacks on Friday that left dozens of popular websites, including Twitter Inc. and NetflixInc., unreachable for parts of the day.
Web-technology provider Dynamic Network Services Inc., known as Dyn, said its domain-name-system services were subject to a massive denial-of-service attack starting at 7:10 a.m. EDT on Friday. After the first onslaught was resolved, Dyn reported another wave of attacks that caused disruptions through the day.
Distributed denial-of-service attacks can knock websites offline by flooding them with junk data, blocking the way for legitimate users. Dyn’s DNS services are a key part of the digital supply chain that allows web addresses—Twitter.com, for instance—to take users to their destinations.
Dyn Chief Strategy Officer Kyle York said the attack came from “tens of millions” of addresses on machines that had been infected with malicious software code. The code—known as Mirai—takes advantage of a weakness in internet-connected devices and forms them into a collection of attacking machines, called a “botnet.” Mr. York said the attacks focused on different computers in Dyn’s network through the day.
“It’s a very smart attack,” Mr. York said. “Literally, picture tens of millions of things attacking a single data center.”
The Mirai botnet that formed the backbone of this attack is thought to be made up of several hundred thousand devices, but criminals are able to make their attacks appear to come from an even larger number of devices, using a technique called “source spoofing,” security experts say.
A similar attack in September, harnessing hundreds of thousands of connected cameras and other “smart” devices against security researcher and blogger Brian Krebs, was the largest recorded attack, security experts said at the time.
Friday’s attack highlighted how the internet, which is designed to ensure its own stability by distributing control of the network across millions of computers, can still prove vulnerable to a targeted assault. Dyn, based in New Hampshire, is among a handful of companies operating DNS systems that help direct traffic across the internet.
Other sites temporarily disrupted by the attacks included PayPal Holdings Inc., Shopify,Airbnb, Kayak and GitHub, a service used by programmers and major technology firms to create software. Data-storage provider Box Inc. also was affected, and parts of the websites of The Wall Street Journal and the New York Times also were down for periods on Friday morning.
Some of the sites affected were customers of Amazon.com Inc.’s giant cloud-computing business, which uses Dyn as one of several providers of DNS services, though Amazon said it was able to quickly restore normal service.
Dyn is still “digging into the root cause” of the attacks, Dyn spokesman Adam Coughlinsaid.
Denial-of-service attacks have been around for decades, but the attack on Dyn was made particularly severe by an influx of new, poorly secured devices onto an increasingly complex and interdependent global internet, said Craig Labovitz, co-founder and chief executive of Deepfield Inc., a network-analytics company.
“The problem is still here,” Mr. Labovitz said. “And it may be worse than it was before.”
Hours after the first attack, outages flared up again in more regions. Users from California to Malaysia had problems accessing more than 1,200 web domains, according to network research firm ThousandEyes.
The Department of Homeland Security and the Federal Bureau of Investigation are aware of the attacks and “investigating all potential causes,” a DHS spokeswoman said on Friday.
Amazon said the problems affected East Coast cloud customers of its Amazon Web Services unit, which runs a broad array of websites, between 7:31 a.m. and 9:10 a.m. EDT. Amazon uses several DNS providers, including its own Route53.
When Dyn was attacked, Amazon’s service was briefly unavailable for some customers that use two of its massive data centers, one in northern Virginia and the other near Dublin, Ireland. So it shut down that DNS use, and rerouted it to alternative providers, restoring full service.
Cloud-services provider Heroku Inc. also said it saw “widespread” DNS issues related to a denial-of-service attacks against one of its DNS providers, but that it had resolved the issue.
Two other major cloud-computing providers, Microsoft Corp.’s Azure and Alphabet Inc.’s Google Cloud Platform, both of which are smaller than Amazon Web Services, said they didn’t experience any service disruptions on Friday.
This article appeared in wsj.
Categories: Cyber Security, Technology Risks
noTheNORM 