If you were on the east coast of the United States on Friday, October 21, 2016, you probably felt the impact of one of the most serious cyberattacks in recent memory. This one prevented internet users from accessing several popular websites, like Pinterest and Twitter, as well as countless other websites, including many law firm websites. For many, the attack revealed just how susceptible the internet is to a widespread outage.
Here’s what happened in the attack, explained in terms that you don’t need a computer science degree to understand.
Distributed Denial of Service Attacks
When you get online and send your browser – be it Google Chrome, Firefox, Internet Explorer, or whatever you use – to a site, the server that hosts that site spends a period of time responding to your browser. This period of time is very small, but when enough computers are trying to visit the site at once it can overwhelm the server, making the website slow or even impossible to load.
A Distributed Denial of Service (DDoS) attack basically involves hijacking devices that are connected to the internet, sending them all to one place on the internet, and then repeatedly hitting the refresh button, once there. By having so many devices clamoring for attention, it strains the server hosting the targeted site until it gets overwhelmed. DDoS attacks, however, cannot begin until a whole swath of devices gets accessed. Because most computers and smartphones that can get on the internet are protected by passwords and other security mechanisms, however, DDoS attacks have been relatively small-scale.
Enter: The Internet of Things
Nowadays, though, it seems like everything can access the internet, from crock-pots to baby monitors. These all belong to the “Internet of Things,” and tend to have absolutely abysmal security, making them perfect for executing DDoS attacks, including the one on Friday, which reportedly used digital video recorders and cameras made by XiongMai Technologies. These devices were especially vulnerable because they had their passwords coded into them, providing a permanent door into their system for anyone who found the key.
DDoS Attack on Domain Name System Service
After finding the passwords to these devices, the group behind the DDoS attack targeted not just one website, but a crucial link between internet users and the entire internet: Domain name system (DNS) services.
The name of a website, like Myers Freelance, is just a colloquial name. It’s easier to say “myersfreelance.com” than it is to say the real address of the website, which is 126.96.36.199.
Computers and servers, however, use the numerical names of websites. That’s why, when you type “www.myersfreelance.com” into the search bar, your computer has to turn around and find the numerical number for Myers Freelance. To do this, it turns to a domain name system service. There are a handful of DNS services out there. Each is very much like a phone book. With a phone book, you know the name of the person you want to call, you just need their number. With a DNS service, your computer has been given the name of the website it wants to find, it just needs its number.
This makes a DNS service a crucial intersection in the internet. Slow down a DNS service, and you slow down and prevent computers from going from the name of a website to its number.
This is exactly what made the DDoS attack on Friday so devastating. By sending so many devices to Dyn, the targeted DNS service provider, the attackers were able to slow it down so much that it couldn’t function. Every last one of the websites listed on Dyn suffered because internet users couldn’t use the name of a website to get its number. This is why so many sites were affected, and why the attack was so successful.