On October 21, computer users in the United States experienced widespread issues when trying to access a variety of websites. Those on the East Coast had the most problems, as websites like Twitter, PayPal, Spotify, and GitHub were all unreachable for several hours.
What caused this outage was a DDoS attack on DNS provider Dyn. If you don’t know what any of those “d” words mean, that’s what we’re here to explain. Let’s take a look at what happened in October, and what we can learn from it.
Anatomy of a DDoS Attack
DDoS stands for distributed denial-of-service. This type of attack occurs when a resource is so overwhelmed with requests and activity from malicious users that it can’t work as normal.
For example, a DDoS attack against PayPal might involve one person controlling thousands of machines. Each of these computers sends thousands of requests to PayPal every second, until PayPal can’t keep up and simply goes down from the influx of traffic. Then, you see an error message when you attempt to reach the page.
As an offline example, consider a protest where folks sit in front of a business to prevent actual customers from shopping there. The people blocking the entrance are analogous to the influx of bogus requests to a website, and the customers who can’t enter the store correspond to normal website visitors who finds their favorite website is down.
Why Many Sites Were Affected
We’ve learned that a DDoS attack can take down a website, but why were so many sites affected in October? For that, we turn to our next acronym — DNS.
DNS, or Domain Name System, is one of the protocols that makes up how the Internet works. Its main function is to translate human-friendly website names (like msn.com) with computer-friendly IP addresses (like 13.82.28.61). Without DNS, we would have to remember a lot of numbers!
https://www.youtube.com/watch?v=IsgKcMOJcGw
There isn’t just one DNS provider. An Internet Service Provider like Comcast usually handles DNS for home users, while your business likely has a server that handles DNS for your systems. One of the largest DNS providers, a company called Dyn, was the target of the DDoS attack in October.
Dyn provides DNS and other Internet services for plenty of big-name websites, like LinkedIn and Salesforce. Since Dyn was the one attacked, instead of a single website going down, dozens were affected.
How Was the Attack Powered?
After some review, security experts have identified that the Internet of Things had a major part in this attack. If you’re not familiar, Internet of Things (IoT) refers to the rapidly increasing number of smart home and other items that can be connected to the Internet. Refrigerators, door locks, thermostats, and more can all get online.
Many of these (especially the Chinese-made security cameras used in this attack) have generic username and passwords that are easy to compromise. Coupled with a nasty piece of malicious software called Mirai, the attackers were able to hunt down these weak devices and turn them into slaves that sent the bogus traffic to take Dyn offline.
While the Internet of Things is exciting from a consumer standpoint, it definitely comes with security concerns, too. It’s a good reminder to change default passwords on all your devices, as they’re widely available online.
Were you affected by the October 21st outage?