The Dyn DDoS Attack, Explained


By Jayne MillerOct 25, 2016


What happened during Friday’s massive internet outage on the East Coast?

You know by now that sites like Twitter and Spotify were down and out for several hours along the Eastern seaboard. You also know that it was the company Dyn whose servers experienced a distributed denial of service (DDoS) attack.

Here’s more about what we know, as well as a look at what makes this a truly unprecedented attack.

A “Very Sophisticated, Highly Distributed Attack”

Let’s look closer at what actually went down on Friday.

Dyn is an internet infrastructure company that reroutes internet traffic. When you type a url into your address bar, Dyn’s domain name services are employed to look at that address and connect you to the appropriate servers so you get the content requested.

Example: when you type “http://www.nytimes.com/” into the address bar, Dyn is the type of company that ensures you’ll be properly routed to the NYT’s homepage.

Starting at around 7 a.m. a serious DDoS attack was aimed at Dyn.

The attack continued in waves, with the second attack beginning around noon. Another came shortly after 4 p.m.

This DDoS attack – the go-to cyber attack du jour – essentially flooded Dyn’s servers with requests until they folded under the sheer volume, keeping users from their requested content.

Here’s what’s important: as several outlets have already mentioned, by targeting a domain name system instead of an individual site with this attack, hackers were able to interrupt some users' access to the internet for a chunk of time.

And as mentioned, DDoS attacks aren’t new. They aren’t unfamiliar. The difference on Friday was the scale and impact of the attack. Instead of causing a minor disruption for a single site, we saw major websites down for an extended chunk of time.

Dyn has since released an official statement on the attack, calling it a “sophisticated, highly distributed attack involving 10s of millions of IP addresses.”

Internet-Connected Devices Played a Major Role

On that note, what makes this attack extraordinary was that the attackers used internet-connected devices to generate the massive amount of traffic that caused Dyn’s servers to bend and break.

We’re talking about the whole internet of things here. Hacked cameras, routers, and even home security systems with an internet connection caused the congestion vital to the DDoS attack.

There’s still much to learn here about how these devices were hijacked. One Chinese firm has already come forward to report that they inadvertently played a role in the cyberattack via malware known as Mirai.

Simply put, Mirai takes computer systems that are running Linux and turns them into botnets that can be used in large-scale network attacks like this one.

This is big.

Security flaws within the internet of things have been long-discussed, but always hypothetical. Building an army out of connected devices has always read more like a plot point from the latest Sam Esmail project and less as an actual headline. (Well, that is until Friday’s attack.)

And understanding how many internet-connected devices are out there is unclear.

Forecasts vary wildly. Reports like this one and this one suggest that machine-based connections to the internet number several billion. Even conservative estimates double that figure by 2020.

Services Have Been Restored and All Eyes Are on Cybersecurity

While Dyn overcame the attack by the end of the day on Friday, the scale of the attack greatly increased discussion on cybersecurity measures.

Expect more stories like this in your newsfeed. And this. And this.

While users might have gotten back to tweeting and browsing by Saturday, our collective interest in preventing future attacks is only just warming up.


New call-to-action