On October 21, starting at 6:00 a.m. ET, massive waves of cyber DDoS attacks alarmingly shut down major U.S. websites, which include Spotify, Twitter, PayPal, and Amazon. The widespread online security breach kept users on the East Coast from accessing hundreds of domains, prompting the Department of Homeland Security to launch an urgent investigation to apprehend the culprits behind Friday’s crash. (Update: The hack used smart devices to spread the attack)
Although a hacker group already came forward to claim responsibility for the disruption, their assertion has yet to be verified.
Coordinated Series of Attacks
The target of the cyber attacks was the New Hampshire-based company, Dyn, that monitors and routes traffic on the internet. The company manages DNS activity that essentially connects users to several major website servers. The attack successfully crippled thousands of sites in total, including CNN, Box, Etsy, Reddit, Yelp, and many others.
In a report, the internet service company revealed that it first encountered a denial of service (DDoS) attack after 6AM ET. They added that the attack was “well-planned and executed, coming from tens of millions of IP addresses at [the] same time.”
The next wave of attacks came at 1PM ET, with several of those threats coming from servers across the globe. This time, the west coast users were the ones that got badly hit. By Friday evening, Dyn divulged that the large-scale cyber attack along with the third round of DDoS threat had been resolved.
“The complexity of the attacks is what is making it so difficult for us… What they are actually doing is moving around the world with each attack,” said Kyle York, Dyn’s chief strategy officer.
DDoS Explained
Dyn may provide internet traffic optimization to a few of the biggest names on the Web, but they admitted that they couldn’t gauge the level of disruption caused by the most recent string of cyber attacks. They further revealed that their server infrastructure was a victim of a distributed denial-of-service attack (DDoS). This particular cyber threat occurs when malicious electronic traffic shuts down targeted machines.
DDoS attacks flood servers with tons of fake requests for information, so the machines no longer respond to legit ones. “It’s a very smart attack. We start to mitigate; they react. It keeps on happening every time,” Mr. York said in a call with reporters on Friday afternoon. Thankfully, he explains that they’re “learning” from the recent attack.
Although computer experts call DDoS a primitive form of hacking, the recent internet shutdown is proof that it still can be potent in the hands of malicious parties. This kind of cyber threat often begins with users inadvertently downloading corrupted files or software through links in an email among others. From there, hackers can bring a computer, a computer network, or even connected devices (e.g. routers, wireless CCTVs, DVRs, even thermostats) under their control. They then use them to bombard servers with simple, simultaneous information requests that can easily overwhelm servers with the sheer number of requests.
Culprits Remain Anonymous
At the end of it all, Dyn and its staff couldn’t pinpoint who perpetrated the attack. In addition, security experts who have looked into this recent bout of cyber crime revealed a rather troubling fact: even unskilled hackers could’ve done the attack.
It turns out that the attackers used the Dark Web-sourced program, Mirai, to launch the massive DDoS threat. This program is so easy to use that even the most unskilled hackers can use it to take over connected devices and use them to launch an attack. Meaning, the group responsible for the widespread internet shutdown last Friday could virtually be anyone with a basic understanding of computer programming and malware.
Political Agenda at Work?
At the height of the latest cyber meltdown, the U.S. Department of Homeland Security couldn’t immediately point out who was responsible and that they were ‘investigating all potential causes.’
However, WikiLeaks claimed its supporters were responsible. The website urged its users to “stop taking down the US internet” and added that “Mr [Julian] Assange is still alive and WikiLeaks is still publishing.”
Despite WikiLeak’s claims, members of a shady collective that calls itself the New World Hackers, claimed to be behind the scenes on Twitter. “We didn’t do this to attract federal agents, only [to] test [our] power,” two supposed members told an AP reporter.
