Someone attacked a key part of the Internet's infrastructure Friday morning, causing some major services such as Twitter, Spotify and Airbnb to be inaccessible for some users.
The attack targeted Dyn, a company that helps people connect to websites, with a huge amount of traffic in an attempt to knock the service offline, according to Dyn's director of Internet analysis, Doug Madory.
Dyn said in a series of statements that it first became aware of the attack around 6 a.m. and that services were restored about two hours later. The company said it was working to mitigate another attack. A Dyn spokesman didn't respond to questions seeking further information.
The service that Dyn provides is called the Domain Name System. It works sort of like a phone book for the Internet -- it translates URLs into the numerical Internet protocol addresses for the servers that actually host sites so your browser can connect to them.
This type of attack is commonly known as a distributed denial of service, or DDoS attack. The effects of the attack were intermittent, and many of the details remain scarce, although it appears to have primarily affected users on the East Coast, according to Dyn.
The U.S. Department of Homeland Security is monitoring the situation, White House spokesman Josh Earnest told reporters Friday. He said he had no information about who may be behind the disruption.
Madory said that the company may have been the target of a similar type of attack as the one that hit journalist Brian Krebs earlier this year. In that case, someone hijacked unprotected Internet-connected devices like webcams to bombard his site with record levels of traffic.
Dyn provided assistance to Krebs while he was investigating the attack and recently presented research on the case -- which may have caused the service to be targeted, according to Madory.
"We were concerned about some blowback from the stuff about Krebs, but we made a decision that it was important work, and we wanted to be part of the solution for everybody's sake," he said.
The potential power of denial of service attacks has increased dramatically in recent years. Even Dyn, which also provides services to help people mitigate denial of service attacks, struggled under the load of the Friday traffic assault.
"Nobody can take on the scale of these attacks these days," said Madory.
Analysts say the Domain Name System has a design flaw: Sending a routine data request to a Domain Name System server from one computer, the hacker can trick the system into sending a monster file of Internet protocol addresses back to the intended target. Multiply that by tens of thousands of computers under the hackers' control, and the wall of data that floods back is enormous.
A small server may be capable of handling hundreds of simultaneous requests, but thousands every minute cause overload and ultimately shut down, taking the websites it hosts offline with it.
The practice often is employed by groups of hackers. In 2012, a DDoS attack forced offline the websites of Bank of America Corp., JPMorgan Chase & Co., Citigroup Inc., Wells Fargo & Co., US Bancorp and PNC Financial Services Group Inc.
A denial of service attack can be achieved in a number of ways, but commonly involves a distributed network of so-called "zombie" machines, referred to as botnets. A botnet is formed of personal computers in homes or offices infected with malicious code which, upon the request of a hacker, can start flooding a Web server with data. One or two machines wouldn't be an issue, but when tens or hundreds of thousands fire such data simultaneously it can be enough to cripple even the most sophisticated of Web servers.
In the case of the Dyn incident, the computers targeted were Domain Name System servers. Without a such servers, those translations cannot take place, potentially rendering large numbers of websites inaccessible by users across a country or even the world. In other words, taking away the Domain Name System servers is like taking away all the road signs on a country's highway system.
"I would suspect there was a single company being attacked, and everybody else who was on the same service also experience outages," said Carl Herberger, vice president for security solutions at Radware, an Israeli-based internet security company. "That would explain attack why other authoritative services were not being attacked."
Information for this article was contributed by Andrea Peterson of The Washington Post, Molly Schuetz of Bloomberg News and Raphael Satter of The Associated Press.
Business on 10/22/2016