This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider. Details of how the attack happened remain vague, but one thing seems certain. Our internet is frightfully fragile in the face of increasingly sophisticated hacks.
Some think the attack was a political conspiracy, like an attempt to take down the internet so that people wouldnt be able to read the leaked Clinton emails on Wikileaks. Others think its the usual Russian assault. No matter who did it, we should expect incidents like this to get worse in the future. While DDoS attacks used to be a pretty weak threat, were entering a new era.
What Is DNS and Why Does It Make the Internet Break?
Today, half of Americas internet shut down when hackers unleashed a large distributed denial of
Read more
DDoS attacks, at the most basic level, work like this. An attacker sends a flurry of packets, essentially just garbage data, to an intended recipient. In this case, the recipient was Dyns DNS servers. The server is overwhelmed with the garbage packets, and cant handle the incoming connections, eventually slowing down significantly or totally shutting down. In the case of Dyn, it was probably a little more complex than this. Dyn almost certainly has advanced systems for DDoS mitigation, and the people who attacked Dyn (whoever they are) were probably using something more advanced than a PC in their moms basement.
Recently, weve entered into a new DDoS paradigm. As security blogger Brian Krebs notes, the newfound ability to highjack insecure internet of things devices and turn them into a massive DDoS army has contributed to an uptick in the size and scale of recent DDoS attacks. (Were not sure if an IoT botnet was what took down Dyn this morning, but it would be a pretty good guess.)
We are nevertheless getting a taste of what the new era of DDoS attacks look like, however. As security expert Bruce Schneier explained in a blog post:
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We dont know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.
This sort of attack is deeply different than the headline-grabbing DDoS attacks of years past. In 2011, hacker collective Anonymous rose to fame with DDoS attacks that pale in comparison to todays attack on Dyn. Instead of taking out an individual website for short periods of time, hackers were able to take down a major piece of the internet backbone for an entire morningnot once but twice. Thats huge.
If hackers are more easily able to amass extensive DDoS botnets, that means the internet as we know it becomes more vulnerable. Attacking major internet infrastructure like Dyn has always been a possibility, but if it becomes easier than ever to launch huge DDoS attacks, that means we might be seeing some of our favorite sites have more downtime than usual. These attacks could extend to other major pieces of internet infrastructure, causing even more widespread outages.
This could be the beginning of a very bleak future. If hackers are able to take down the internet at will, what happens next? Its unclear how long it could take for the folks at Dyn to fix this problem, or if they will ever be able to solve the problem of being hit with a huge DDoS attack. But this new breed of DDoS attacks is a scary problem no matter how you look at it.