Last Friday Dyn Inc. was the target of a Distributed Denial of Service (DDoS) attack. Dyn is an internet company and one of the largest providers of DNS on the internet. This attack effectively blocked access to many popular websites – Twitter, Amazon, Spotify and Netflix. It was a sophisticated and significant cyber battle. It was not the first – and it will not be the last.
There are several theories on why this happened; none have been proven so far, but cyber analysts will figure this out and someone will likely take responsibility for the attack. Importantly, this incident illustrates why it is critical to lock down our devices and keep them patched with security updates.
Here are three terms to understand:
- DNS – Domain Name System – Every website has a name and a numerical address. DNS provides the translation of website names to numerical addresses called IP addresses. The numerical addresses ensure data gets to the correct website. The internet uses DNS so people can type in www.onebeacontech.com instead of the numerical address, which makes it easier to use the internet. Can you imagine trying to remember all those numbers?
- DDoS – Distributed Denial of Service – An attack where millions of electronic requests are sent to overwhelm the target infrastructure causing it to crash. This is like the postman continuously stuffing junk mail into your mailbox until it overflows. Eventually, all your mail would fall to the ground and get blown away. During a DDoS attack, the servers cannot keep up with the requests generated by the hacker; the websites never receive the legitimate requests.
- Botnet –Millions of infected devices under a hacker’s control – phones, cameras, DVRs, computers – anything that connects to the internet. The hacker uses the botnet to launch the attack.
Here is what happened last Friday:
- A hacker amassed a botnet comprised of tens of millions of devices, woke up that morning and decided to wreak havoc on the internet using their botnet.
- Starting at 7:00 am ET, a DDoS attack was launched against Dyn affecting mostly U.S. east coast websites. The Dyn engineers fought off the attack for hours until they were finally successful in winning the cyber battle against the hackers around 9:00 am ET. Service to customers was restored.
- Shortly before 12:00 noon ET – a second attack was launched and the battle resumed targeting websites around the world, not just the US east coast. This battle lasted an hour until Dyn was again successful in defeating the attack.
- Around 1:00 pm ET a third attack was launched against Dyn but they were able to shut the attack down without impact to their customers.
Do you part; be seccurity smart!