DDoS and DNS
Yesterday was a particularly tough day to enjoy internet browsing. A huge online disruption bothered users of popular sites like Netflix, Twitter, Spotify, Reddit, PayPal, and Pinterest. Even news outlets weren’t exempt, with the New York Times, the Wall Street Journal, the Guardian, and even WIRED experiencing the same disruption.
So what happened?
It was a distributed denial of service (DDoS) attack targeting Dyn, one of the big internet infrastructure companies that run the web’s domain name system (DNS). The first bout of attacks began at around 7 am ET and lasted for two hours. A second wave hit around noon and a third round began at 4 pm ET.
And because Dyn offers DNS services, Friday’s attack was particularly more disruptive. “DNS registrars typically provide authoritative DNS services for thousands or tens of thousands of domain names, and so if there is a service-impacting event the collateral damage footprint can be very large,” Roland Dobbins, a principal engineer at Arbor Networks, explains.
Dyn reports it has resolved the problem by 6:17 pm ET (Friday).
“This attack highlights how critical DNS is to maintaining a stable and secure internet presence,” NSFOCUS VP of technology, Richard Meeus, wrote in an email. It also highlights how fragile and vulnerable the internet remains to be.
The Guardian confirms that the Department of Homeland Security has already begun investigations. “The fact that this [caused] Dyn so many problems is pretty good evidence that this [was] an extremely large attack,” Cloudfare CEO Matthew Prince said. “There’s nothing really new about [this type of DDoS attack], he added.
A DDoS attack is not the worst form of hacking out there, but it can certainly be disruptive in a modern world that relies heavily on networking systems. This puts a great deal of pressure for us to develop better cybersecurity measures and defensive measures against similar or worse forms of internet attacks in the future.