After two major, allegedly, cyber attacks targeted a little known internet infrastructure company, Dyn, earlier today disrupting access to dozens of websites on Friday, and preventing some users from accessing PayPal, Twitter and Spotify, moments ago the DNS service provider said that a third attack has been launched. From Reuters:
- INTERNET DOMAIN NAME SERVICE PROVIDER DYN SAYS IT IS DEFENDING AGAINST A THIRD WAVE OF COMPLEX ATTACKS
- DYN SAYS ATTACK BEING WAGED FROM DEVICES INFECTED WITH MALWARE, COMING FROM TENS OF MILLIONS OF IP ADDRESSES AROUND GLOBE
The source of the “millions” of malware attacks are so-called “smart” products, or everyday products around the house which are hooked up to the internet. So, while it may be difficult to pin this particular attack on Putin – though we are sure the “17 agencies” will try – one can blame their “smart” toaster, “smart” lightbulb” and “smart” toilet for making Twitter inaccessible.
As Reuters also adds, it was not immediately clear who was responsible for the outages that began in the Eastern United States, and then spread to other parts of the country and Western Europe.
U.S. officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau of Investigation were investigating. The disruptions come at a time of unprecedented fears about the cyber threat in the United States, where hackers have breached political organizations and election agencies.
Here is the punchline: Homeland Security last week issued a warning about a powerful new approach for blocking access to websites – hackers infecting routers, printers, smart TVs and other connected devices with malware that turns them into “bot” armies that overwhelm website servers in distributed denial of service attacks.
So…. your smart doorbell may just be hiding the internet terminator that will collapse the internet and prevent you from accessing your electronic cash in the bank.
* * *
Dyn said it had resolved one morning attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions. Dyn initially said the outage was limited to the Eastern United States. Amazon later reported that the issue was affecting users in Western Europe. Twitter and some news sites could not be accessed by some users in London late on Friday evening.
PayPal Holdings Inc said that the outage prevented some customers in “certain regions” from making payments. But fear not: the money in your bank is “safe.”
* * *
Dyn is a Manchester, New Hampshire-based provider of services for managing domain name servers (DNS), which act as switchboards connecting internet traffic. Requests to access sites are transmitted through DNS servers that direct them to computers that host websites. Its customers include some of the world’s biggest corporations and Internet firms, such as Pfizer, Visa, Netflix and Twitter, SoundCloud and BT.
And the best part: “Dyn said it was still trying to determine how the attack led to the outage but that its first priority was restoring service.”
In other words, the company has no idea how the hackers hacked not just it, but the entire internet.
Last Updated Oct 21, 2016 2:13 PM EDT
Twitter experienced renewed outages Friday afternoon following hours ofthat took down numerous sites earlier in the morning across the U.S. East Coast.
A wave of reports of problems accessing many popular websites came after the servers at a major internet management firm were hit by a.
New Hampshire-based Dyn said its server infrastructure suffered a distributed denial-of-service (DDoS) attack, which occurs when a system is overwhelmed byelectronic traffic.
In a statement provided to CBS News, the U.S. Department of Homeland Security said it was aware of the attack and is “investigating all potential causes.”
The scale of the attack led to suspicions that it might be state sponsored, but ZDNet security editor Zack Whittaker said the evidence is not yet clear. “It may or may not have been sponsored by some state-sponsored actor, at this point it’s simply too early to tell,” he told CBS News.
DDoS attacks are nothing new, but Whittaker said they’ve been getting “worse and worse” recently, and this one “must be off the charts.”
Dyn issued a series of statements about the service disruption early Friday local time, tweeting that as of 9:20 a.m. ET, “services have been restored to normal.”
However, the company detected another wave of DNS attacks just before noon and acknowledged that the problem was not yet solved. “We are continuing to mitigate a DDoS against our Managed DNS network,” it said.
The level of disruption caused was hard to gauge, but Dyn provides internet traffic optimization to some of the biggest names on the web, including, , Airbnb, Spotify, and others, and users of many sites were reporting problems.
Jason Read, the founder of Gartner Inc.-owned internet performance monitoring firm CloudHarmony, said his company tracked a half-hour-long disruption early Friday in which roughly one in two end users would have found it impossible to access various websites from the East Coast.
Read said that Dyn provides services to some 6 percent of America’s Fortune 500 companies, meaning a big potential for disruption.
“Because they host some major properties it impacted quite a few users,” he said.
The site Downdetector.com, which tracks service outages, lit up with reports of problems accessing Twitter and other sites Friday morning.
According to CNET, Twitter initially reported that during a two-hour window, “various Twitter domains including twitter.com may have been inaccessible for users in some regions, due to failures resolving particular DNS hostnames.”
Several hours later, Twitter reported the problems were back: “The earlier issues have resurfaced & some people may still be having trouble accessing Twitter. We’re working on it!”
Several sites, such as coder hangout Github, said they were experiencing problems, although it was not immediately clear whether the issues were linked to the cyberattack.
Security experts have expressed growing concern over denial-of-service attacks. In a widely shared essay titled “Someone Is Learning How to Take Down the Internet,” respected security expert Bruce Schneier said last month that major internet infrastructure companies were seeing a series of worrying denial-of-service attacks.
“Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services,” he said.