Thousands of Americans suffered from serious internet difficulties on more than a dozen major sites on Friday as a result of a massive cyber-attack. This attack from unknown sources comes one week after US Vice President Joe Biden threatened Russia with a cyber-attack in retaliation for their alleged hacking of the Democratic Party.
According to user reports and the web-tracking site downdetector.com, the affected sites included The New York Times, CNN, Disqus, some Amazon sites, Yelp, Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, EA, the Playstation network, and others.
The cyber attack targeted the domain-name system, or DNS, the technical network that redirects users from user-friendly, human understandable website addresses to actual web servers. The attack took the form of a distributed denial-of-service attack (DDoS) against Dynamic Network Services Inc. (Dyn), one of the major companies that provides access to DNS. Security researcher Brian Krebs explained in a blog post on Friday that a DDoS attack occurs when “the attacker uses a large number of hacked or ill-configured systems to flood a target site with so much junk traffic that it can no longer serve legitimate visitors.”
“We have been aggressively mitigating the DDoS attack against our infrastructure,” Scott Hilton, a vice president at Dyn said in a statement provided by a spokesman Friday morning. It took Dyn 11 hours to restore service after three separate attacks.
The cyber-attack used Mirai, a readily available program released a month ago that is relatively easy to use, allowing even unskilled hackers to launch DDoS attacks. The software uses malware from phishing emails to infect a computer or home network, spreading to everything on that local network, taking over any connected device, whether it is a computer, tablet, cellular phone, webcams and digital video recorders, security cameras, or any gadget that is on the network. These devices are used to create a robot network, to send the millions of messages to attack other computer systems.
Dyn Chief Strategy Officer Kyle York explained that Friday’s attack came from“tens of millions” of addresses on machines that had been infected with the malicious code.
“It’s a very smart attack,” York said. “Literally, picture tens of millions of things attacking a single data center.”
White House Press Secretary Josh Earnest said the Department of Homeland Security was “monitoring the situation” but that “at this point I don’t have any information about who may be responsible for this malicious activity.”
The source of the attack is still unknown and no one has claimed responsibility, though cyber-attacks have become a potential battleground between Russian and America recently.
Last week, NBC News quoted U.S. intelligence officials as saying that the Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election. Also, one week before Friday’s cyber attack, Vice President Joe Biden threatened Russia with a “clandestine” cyber-attack during an interview with Meet the Press.
