A major cyberattack against an internet directory knocked dozens of popular websites offline today, with outages continuing into the afternoon.
Twitter, SoundCloud, Spotify, Shopify, and other websites have been inaccessible to many users for most of the morning. The outages are the result of a distributed denial of service (DDoS) attack on the DNS provider Dyn, the company confirmed. The outage was first reported on Hacker News.
Dyn and other DNS providers operate as a link between the URLs you type into your browser and the corresponding IP addresses. By attacking Dyn, it’s possible to overwhelm that directory function and cause outages and loading problems across a large swath of the internet.
Other sites experiencing issues include Box, Boston Globe, New York Times, Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Users in Europe and Asia may experience fewer problems than those in the U.S. — according to DownDectector’s outage map, the DDoS attack is primarily impacting U.S. users.
The DDoS attack on Dyn began this morning. Service was temporarily restored around 9:30 a.m. ET, but a second attack began around noon, knocking sites offline once again. The DNS provider says engineers are working on “mitigating” the issue.
The White House press secretary has also said that the Department of Homeland Security is looking into the attacks.
The DDoS attack on Dyn follows on the heels of one of the largest DDoS attack in history, which targeted the website of independent cybersecurity journalist Brian Krebs. Although DDoS attacks have historically used large networks of compromised computers called botnets to send junk traffic to sites, overwhelming them and making them inaccessible to legitimate users, the Krebs attack expanded in scale by using compromised Internet of Things devices like security cameras to build a botnet. IoT devices are cheaply manufactured and notoriously insecure, making them easy to compromise.
After the attack on Krebs’ website, the code used to build the botnet leaked online, making more massive DDoS attacks all but inevitable. Although it’s not clear yet whether an IoT botnet is behind the attack on Dyn, it certainly would not be surprising. Security researcher Bruce Schneier reported in September that several internet infrastructure companies had been targeted with DDoS attacks, although they had not caused the kind of widespread outages experienced today. Shneier wrote that the attacks seemed designed to test companies’ defensive capabilities:
“These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.”
“Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services,” Schneier added.
If you’re experiencing connection problems, you can try changing your DNS settings (instructions for how to do this on Mac and Windows are here). Anecdotally, our staff has used OpenDNS (208.67.222.222 and 208.67.220.220) and OpenNIC servers and seen connectivity improve.
Developing…