Twitter, Reddit and Spotify were collateral damage in a major online assault
by LORENZO FRANCESCHI-BICCHIERAI
Twitter, Reddit, Github, Spotify, and many others were knocked offline intermittently on Friday morning as a result of a cyberattack on an large internet infrastructure provider.
The popular websites became the collateral damage of a “global” Distributed Denial of Service — or DDoS attack — on Dyn, a company that provides core internet services for those popular websites. The attack mainly targeted Dyn’s Domain Name System management services infrastructure on the east coast of the United States, as the company explained in a statement.
DNS is essentially the internet’s phone book. When you type “twitter.com” on your browser DNS servers turn that URL into an I.P. address and serve you the site’s content. Due to the fact that Dyn provides DNS management services to a lot of companies on the internet, the attack spread beyond the company and knocked offline other parts of the internet, as collateral damage.
“We are a major DNS service provider,” said Doug Madory, director of internet analysis at Dyn. “When a DNS service provider gets attacked then parts of the DNS system stop working and people can’t access websites.”
Madory also said that there was “no doubt” that Dyn was the primary target of the attack.
At this point, it’s unclear who’s behind the attack or the what were their motives. But as security journalist Brian Krebs noted, Dyn’s researcher Madory teamed up with him on research investigating the “sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet.”
Krebs, however, noted that there’s no data to clearly link Dyn’s previous work with the attack on Friday.
The attack on Dyn came a few weeks after criminals used a massive botnet made of Internet of Things devices infected with malware to target Krebs himself, forcing him to take down his website. At this point, it’s unclear if the DDoS on Dyn was carried out with that botnet, which is powered by malware known as Mirai, but some were already speculating that was the case.
Marshal Webb, the chief technology officer of BackConnect, an anti-DDoS firm that was also investigated by Krebs and Madory, explained that Mirai has capabilities to target and overwhelm DNS servers.
“Someone has probably achieved hegemony with the Mirai source and slapped DYN to either hit them directly or a customer downstream,” Webb said. “Nothing else would have enough legitimate devices to saturate DNS queries.”
At around 9:45 in the morning, U.S. eastern time, Dyn reported that all services were “restored to normal.” But as of this time, no one knows exactly who was behind the attacks or how they did it, and Dyn said they had no other details to provide.
Originally published at motherboard.vice.com.