An attack on a major DNS service provider literally broke the internet Friday, impacting more than 80 popular websites, including PayPal, Reddit and Twitter. Here\u2019s how a group of hackers is suspected to have pulled off the takedown.<\/p>\n
A myriad of websites were unavailable Friday as three separate distributed denial of service (DDoS) attacks on a major internet server blocked service to heavily trafficked websites such as Pinterest, Spotify and the New York Times.<\/p>\n
The first attack on the New Hampshire-based server occurred Friday morning, but Dyn DNS Company managed to resolve the issue within a few hours. However, a second attack began in the early afternoon followed by a third. It was not until 6:30 p.m. Eastern Time that all had been\u00a0resolved<\/a>.<\/p>\n To understand why everyone\u2019s favorite sites were unavailable Friday, it\u2019s important to understand the nature of a Domain Name Server (DNS). Imagine a DNS as a telephone operator from the 1950s. By typing in a website\u2019s name, you are asking the DNS to connect you to a specific server.<\/p>\n When an army made up of botnets uses Wi-Fi routers, computers and other devices connected to the internet to create a network that can operate malware without the owner\u2019s knowledge, they overwhelm a DNS server with requests that appear to be normal, so a system like Dyn\u2019s struggles to filter them out.<\/p>\n \u201cThey’re tough attacks to stop because they often get channeled through recursive providers. They’re not cacheable because of the random prefix,\u201d<\/em>\u00a0Matthew Prince, co-founder and CEO of the content delivery and DDoS protection service provider CloudFlare\u00a0explained<\/a>\u00a0to Ars Technica. When they generate requests, they attach random text to the front of domain names \u2013 which is how they appear to be unique requests.<\/p>\n These requests pour in by the tens of millions. Like any operator receiving millions of requests at once, Dyn\u2019s DNS broke down.<\/p>\n Another part of the issue is the kind of malware used in the attack. Internet of Things devices were targeted and that covers anything with an internet connection. This includes everything from a standard computer to cellphones to Google Home to video cameras. In fact, the Prodigo Espresso maker relies on Internet of Things (IoT) technology. Therefore, a fancy coffee maker could have been partially responsible for putting a pause on Spotify.<\/p>\n It certainly doesn\u2019t help that the source code for a vicious type of malware was released on the dark web earlier this month. Known as Mirai, it spreads to IoT devices by scanning the internet for vulnerable devices that are seeded with malicious software. Once that software is in, an Espresso maker or other IoT appliance can become a central control server for a DDoS attack,\u00a0according<\/a>\u00a0to Krebs on Security.<\/p>\n Not exactly. While some companies that handle money transfers, such as PayPal and Amazon, were affected, there is currently no evidence that any information was breached. PayPal\u00a0told<\/a>\u00a0Reuters that its networks had not been hacked.<\/p>\n This is a good question that many are scrambling to answer. New World Hackers has claimed responsibility for the attack, according to activist and web consultant Gissur Simonarson. The shadowy group has prided themselves on their DDoS attacks, such as one that took the BBC\u2019s website down last year.<\/p>\n In an\u00a0interview<\/a>\u00a0with Anon Intel Group, a representative of New World Hackers claimed the attack was \u201can annual power test<\/em>,\u201d and \u201cthis\u00a0is actually against Russia. Testing power is the key. Like that we see how much bandwidth each attack outputs\u2026<\/em>\u201d<\/p>\n They claim that Friday\u2019s attack was something of a warning shot to Russian hackers, saying: \u201cRussia is pretty much saying they are better than the US by hacking into everything, attempting to start a war. We will show them a war.<\/em>\u201d<\/p>\n The attacks came from all around the world, and both the FBI and Department of Homeland Security have said they were investigating, Reuters\u00a0reported<\/a>. The member of New World Hackers told Anon Intel: \u201cWe don\u2019t want federal agents on our ass. That\u2019s why we are in Russia.<\/em>\u201d<\/p>\n WikiLeaks has claimed to be passively involved, tweeting out, \u201cWe ask supporters to stop taking down the US internet. You proved your point.<\/em>\u201d<\/p>\n If New World Hackers is indeed behind the attack, then it was unlikely to have been in the name of aiding WikiLeaks. The Twitter account for New World Hackers told Simonarson: \u201cWikiLeaks and Russia are kind of iffy. Sometimes we are friends, sometimes not. Overall, we are just against Russia because they are against the US.<\/em>\u201d<\/p>\n There\u2019s no way to predict the future, but it is safe to assume that this will happen again. While this is the largest attack, if New World Hackers makes good on their promises to attack other countries it will likely happen again.<\/p>\nHow did a series of cyber-attacks manage to bring large swathes of the internet to its knees?<\/h2>\n
Is this a hack?<\/h2>\n
Who\u2019s behind these attacks?<\/h2>\n
Is this a one-off occurrence?<\/h2>\n