Jump to content

DDoS attacks on Dyn: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
you messed up on grammar
Tag: blanking
Undid revision 809473534 by 85.12.84.1 (talk)
Line 1: Line 1:
{{Infobox event
I was reading the list of upcoming business meetings in a weekly email from The Seattle Times, when a meeting announcement caught my attention. The presenter was going to speak on a topic that interests me--the steps in growing one's business. I often weigh the advantages of getting bigger vs. staying small as a business, so I thought I would register for her talk.
| title = Dyn cyberattack
| image = Level3 Outage Map (US) - 21 October 2016.png
| image_size =
| image_alt =
| caption = Map of areas most affected by attack,<br />16:45 [[UTC]], 21 October 2016.<ref>{{cite web|url=http://downdetector.com/status/level3/map/|title=Level3 outage? Current problems and outages|author=|date=|work=downdetector.com|accessdate=23 October 2016}}</ref>
| native_name =
| native_name_lang =
| english_name =
| time = 12:10 – 14:20 [[UTC]]<br />16:50 – 18:11 UTC<br/ > 21:00 – 23:11 UTC<br />{{citation needed|date=October 2016}}{{update after|2016|10|23}}
| duration =
| date = {{start date|2016|10|21}}
| venue =
| location = [[Europe]] and [[North America]], especially the [[East Coast of the United States|Eastern United States]]
| coordinates = <!-- {{coord|LAT|LON|region:XXXX_type:event|display=inline,title}} -->
| also_known_as =
| type = [[Denial-of-service attack#Distributed attack|Distributed denial-of-service]]
| theme =
| cause =
| first_reporter =
| budget =
| patron = <!-- or |patrons= -->
| organisers = <!-- or |organizers= -->
| filmed_by =
| participants = Unknown
| outcome =
| casualties1 =
| casualties2 =
| casualties3 =
| reported deaths =
| reported injuries =
| reported missing =
| reported property damage =
| burial =
| inquiries =
| inquest =
| coroner =
| arrests =
| suspects = New World Hackers, [[Anonymous (group)|Anonymous]]<br />(self-claimed)
| accused =
| convicted =
| charges =
| trial =
| verdict =
| convictions =
| sentence =
| publication_bans =
| litigation =
| awards =
| url =
| blank_label = <!-- or |blank_data= -->
| blank1_label = <!-- or |blank1_data= -->
| blank2_label = <!-- or |blank2_data= -->
| website = <!-- {{URL|example.com}} -->
| notes =
}}
The '''2016 Dyn cyberattack''' took place on October 21, 2016, and involved multiple [[Denial-of-service attack#Distributed DoS|distributed denial-of-service attacks]] (DDoS attacks) targeting systems operated by [[Domain Name System]] (DNS) provider [[Dyn (company)|Dyn]], which caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America.<ref name=":0">{{Cite web|url=https://techcrunch.com/2016/10/21/many-sites-including-twitter-and-spotify-suffering-outage/|title=Many sites including Twitter, Shopify and Spotify suffering outage|last=Etherington|first=Darrell|last2=Conger|first2=Kate|website=TechCrunch|access-date=2016-10-21}}</ref><ref>{{Cite news|url=https://www.bloomberg.com/news/articles/2016-10-21/internet-service-disrupted-in-large-parts-of-eastern-u-s|title=The Possible Vendetta Behind the East Coast Web Slowdown|newspaper=Bloomberg.com|access-date=2016-10-21}}</ref> The groups [[Anonymous (group)|Anonymous]] and New World Hackers claimed responsibility for the attack, but scant evidence was provided.<ref name="politico1"/>


As a DNS provider, Dyn provides to end-users the service of mapping an Internet [[domain name]]—when, for instance, entered into a [[web browser]]—to its corresponding [[IP address]]. The [[denial-of-service attack#Distributed attack|distributed denial-of-service]] (DDoS) attack was accomplished through a large number of DNS lookup requests from tens of millions of IP addresses.<ref name="wired"/> The activities are believed to have been executed through a [[botnet]] consisting of a large number of [[Internet of things|Internet-connected devices]]—such as [[printer (computing)|printers]], [[IP camera]]s, [[residential gateway]]s and [[baby monitor]]s—that had been infected with the [[Mirai (malware)|Mirai]] malware.
But I wanted to know more about the presenter, so I clicked the link to her blog. That's when things went wrong.


==Timeline and impact==
Her latest blog entry was one huge paragraph 41 lines long. Can you imagine her 325 words in one big block? You don't have to--I have created a 325-word block of text below. Don't bother to read the words. They're just the text you are already reading.
According to Dyn, a distributed denial-of-service (DDoS) attack began at 7:00&nbsp;a.m. ([[Eastern Time Zone|EDT]]) and was resolved by 9:20&nbsp;a.m. A second attack was reported at 11:52&nbsp;a.m. and Internet users began reporting difficulties accessing websites.<ref>{{cite web|url=http://mashable.com/2016/10/21/sites-across-internet-struggle-after-cyberattack/#GhV2k1eYmOqV|title=Sites across the internet suffer outage after cyberattack|website=mashable.com|publisher=Mashable|accessdate=October 21, 2016}}</ref><ref name=":02"/> A third attack began in the afternoon, after 4:00&nbsp;p.m.<ref name="wired">{{Cite news|url=https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/|title=What We Know About Friday’s Massive East Coast Internet Outage|last=Newman|first=Lily Hay|newspaper=WIRED|language=en-US|access-date=2016-10-21}}</ref><ref name="CNBC">{{cite news|last1=Lovelace Jr.|first1=Berkeley|title=After cyberassault KOs Amazon, Twitter, Spotify, third attack reported|url=https://www.cnbc.com/2016/10/21/major-websites-across-east-coast-knocked-out-in-apparent-ddos-attack.html|accessdate=21 October 2016|work=CNBC|date=21 October 2016}}</ref> At 6:11&nbsp;p.m., Dyn reported that they had resolved the issue.<ref name="resolve">{{cite web|title=Dyn, Inc. Status - Update Regarding DDoS Event Against Dyn Managed DNS on October 21, 2016|url=https://www.dynstatus.com/incidents/5r9mppc1kb77|website=dynstatus.com|accessdate=21 October 2016}}</ref><ref name="Dyn">{{cite web|title=Red Stag Fulfillment - Can Hackers Shut Down Your Ecommerce Business?|url=http://redstagfulfillment.com/wordpress/wp-content/uploads/DYN-infographic-01.jpg|website=redstagfulfillment.com|accessdate=21 October 2016}}</ref>


Dyn Chief Strategy Officer and spokesperson [[Kyle York (entrepreneur)|Kyle York]] led the communication response with customers, partners and the market.
Don't read this sample big, bad paragraph--just notice it.
I was reading the list of upcoming business meetings in a weekly email from The Seattle Times, when a meeting announcement caught my attention. The presenter was going to talk on a topic that interests me--the steps in growing one's business. I often weigh the advantages of getting bigger vs. staying small as a business, so I thought I would register for her talk. But I wanted to know more about the presenter, so I clicked the link to her blog. That's when things went wrong. Her latest blog entry was one huge paragraph 41 lines long. Can you imagine her 325 words in one big block? You don't have to--I have created a 325-word block of text here. I forced myself to read her paragraph. Hiding in it was some good information, but that info could not undo the negative impression. If that big, bad paragraph represents the woman's communication skills, I would be much better off finding another resource.I was reading the list of upcoming business meetings in a weekly email from The Seattle Times, when a meeting announcement caught my attention. The presenter was going to talk on a topic that interests me--the steps in growing one's business. I often weigh the advantages of getting bigger vs. staying small as a business, so I thought I would register for her talk. But I wanted to know more about the presenter, so I clicked the link to her blog. That's when things went wrong. Her latest blog entry was one huge paragraph 41 lines long. Can you imagine her 325 words in one big block? You don't have to--I have created a 325-word block of text here I forced myself to read her paragraph. Hiding in it was some good information, but that info could not undo the negative impression. If that big, bad paragraph represents the woman's communication skills, I would be much better off finding another resource.


===Affected services===
I forced myself to read her paragraph. Hiding in it was some good information, but that info could not undo the negative impression of thoughts stuffed into one big paragraph. If that big, bad paragraph represents the woman's communication skills, I would be much better off finding another resource. I won't be attending that meeting.
Services affected by the attack included:


{{Div col|5}}
A huge block of text, even when well organized, intimidates readers and turns off skimmers. Most of us know this, but if you work with people who are still churning out thick wads of text, talk with them about what works in today's messages. You will be doing your coworkers--and their readers--a huge favor.
* [[Airbnb]]<ref name="adweek">{{cite web|last1=Heine|first1=Christopher|title=A Major Cyber Attack Is Hurting Twitter, Spotify, Pinterest, Etsy and Other Sites|url=http://www.adweek.com/news/technology/major-cyber-attack-hurting-twitter-spotify-etsy-shopify-and-other-sites-174214|website=AdWeek|accessdate=21 October 2016}}</ref>
* [[Amazon.com]]<ref name="CNBC"/>
* [[Ancestry.com]]<ref name="gizmodo"/><ref name="Fusion"/>
* ''[[The A.V. Club]]''<ref>{{cite web|last1=Chavez|first1=Danette|title=Here’s why half the internet went down today|url=http://www.avclub.com/article/heres-why-half-internet-went-down-today-244611|website=The A.V. Club|accessdate=21 October 2016|date=21 October 2016}}</ref>
* [[BBC]]<ref name="Fusion">{{cite web|last1=Chiel|first1=Ethan|title=Here Are the Sites You Can't Access Because Someone Took the Internet Down|url=http://fusion.net/story/360952/which-sites-affected-ddos-attack/|website=Fusion|accessdate=21 October 2016}}</ref>
* ''[[The Boston Globe]]''<ref name="adweek"/>
* [[Box (company)|Box]]<ref name="ibtimes">{{cite web|last1=Murdock|first1=Jason|title=Twitter, Spotify, Reddit among top websites knocked offline by major DDoS attack|url=http://www.ibtimes.co.uk/twitter-spotify-reddit-among-top-websites-knocked-offline-by-major-ddos-attack-1587646|website=International Business Times UK|accessdate=21 October 2016|date=21 October 2016}}</ref>
* ''[[Business Insider]]''<ref name="Fusion"/>
* [[CNN]]<ref name="Fusion"/>
* [[Comcast]]<ref name="atlantic">{{Cite news|url=https://www.theatlantic.com/technology/archive/2016/10/when-the-entire-internet-seems-to-break-at-once/504956/|title=What’s Going On With the Internet Today?|last=Meyer|first=Robinson|date=|work=|last2=LaFrance|first2=Adrienne|newspaper=The Atlantic|language=en-US|access-date=2016-10-21|via=}}</ref>
* [[TechCrunch#CrunchBase|CrunchBase]]<ref name="Fusion"/>
* [[DirecTV]]<ref name="Fusion"/>
* ''[[The Elder Scrolls Online]]''<ref name="Fusion"/><ref>{{cite tweet|user=TESOnline|number=789545206228156416|date=21 October 2016|title=We are still investigating intermittent login issues some players are experiencing across all megaservers.}}</ref>
* [[Electronic Arts]]<ref name="atlantic"/>
* [[Etsy]]<ref name="adweek"/><ref name="bbc">{{cite web|title=Massive web attacks briefly knock out top sites|url=http://www.bbc.com/news/technology-37728015|website=BBC News|date=21 October 2016}}</ref>
* [[FiveThirtyEight]]<ref name="Fusion"/>
* [[Fox News]]<ref name="Guardian">{{cite web|last1=Thielman|first1=Sam|last2=Johnston|first2=Chris|title=Major cyber attack disrupts internet service across Europe and US|url=https://www.theguardian.com/technology/2016/oct/21/ddos-attack-dyn-internet-denial-service|website=The Guardian|accessdate=21 October 2016|date=21 October 2016}}</ref>
* ''[[The Guardian]]''<ref name="Guardian"/>
* [[GitHub]]<ref name="adweek"/><ref name="atlantic"/>
* [[Grubhub]]<ref>{{cite web|last1=Hinckley|first1=Story|title=Did the East Coast just suffer a massive cyberattack?|url=http://www.csmonitor.com/Technology/2016/1021/Did-the-East-Coast-just-suffer-a-massive-cyberattack|website=Christian Science Monitor|accessdate=21 October 2016|date=21 October 2016}}</ref>
* [[HBO]]<ref name="Fusion"/>
* [[Heroku]]<ref name="nextweb">{{cite web|last1=Hughes|first1=Matthew|title=A massive DDOS attack against Dyn DNS is causing havoc online [Updated]|url=http://thenextweb.com/security/2016/10/21/massive-ddos-attack-dyn-dns-causing-havoc-online/|website=The Next Web|accessdate=21 October 2016|date=21 October 2016}}</ref>
* [[HostGator]]<ref name="Fusion"/>
* [[iHeartRadio]]<ref name="gizmodo"/><ref name="wjhg">{{cite web|title=Having internet problems today? Here's what's going on|url=http://www.wjhg.com/content/news/Having-internet-problems-today-Heres-whats-going-on-397907861.html|website=WJHG-TV|accessdate=21 October 2016}}</ref>
* [[Imgur]]<ref name="pcworld">{{cite web|last1=Chacos|first1=Brad|title=Major DDoS attack on Dyn DNS knocks Spotify, Twitter, Github, PayPal, and more offline|url=http://www.pcworld.com/article/3133847/internet/ddos-attack-on-dyn-knocks-spotify-twitter-github-etsy-and-more-offline.html|website=PCWorld|accessdate=22 October 2016}}</ref>
* [[Indiegogo]]<ref name="gizmodo"/>
* [[Mashable]]<ref name="reuters">{{cite web|last1=Menn|first1=Joseph|title=Cyber attacks disrupt PayPal, Twitter, other sites|url=https://www.reuters.com/article/us-usa-cyber-idUSKCN12L1ME|website=Reuters|accessdate=23 October 2016|date=22 October 2016}}</ref>
* [[National Hockey League]]<ref name="Fusion"/>
* [[Netflix]]<ref name="Fusion"/><ref name="Guardian"/>
* ''[[The New York Times]]''<ref name="adweek"/><ref name="atlantic"/>
* [[Overstock.com]]<ref name="Fusion"/>
* [[PayPal]]<ref name="bbc"/>
* [[Pinterest]]<ref name="atlantic"/><ref name="bbc"/>
* [[Pixlr]]<ref name="Fusion"/>
* [[PlayStation Network]]<ref name="atlantic"/>
* [[Qualtrics]]<ref name="gizmodo"/>
* [[Quora]]<ref name="Fusion"/>
* [[Reddit]]<ref name="gizmodo">{{Cite news|url=https://gizmodo.com/this-is-probably-why-half-the-internet-shut-down-today-1788062835|title=This Is Probably Why Half the Internet Shut Down Today [Update: It’s Happening Again]|last=Turton|first=William|newspaper=Gizmodo|language=en-US|access-date=2016-10-21}}</ref><ref name="atlantic"/><ref name="bbc"/>
* [[Roblox]]<ref>{{cite web|title=DDoS Attack on DNS; Major sites including GitHub PSN, Twitter Suffering Outage|url=https://www.hackread.com/ddos-attack-dns-sites-suffer-outage/|website=HackRead|accessdate=23 October 2016|date=21 October 2016}}</ref>
* [[Ruby Lane]]<ref name="Fusion"/>
* ''[[RuneScape]]''<ref name="gizmodo"/>
* [[SaneBox]]<ref name="nextweb"/>
* [[Seamless (company)|Seamless]]<ref name="pcworld"/>
* ''[[Second Life]]''<ref name="secondlife">{{cite web|title=[RESOLVED] Unscheduled Maintenance|url=https://community.secondlife.com/t5/Status-Grid/RESOLVED-Unscheduled-Maintenance/ba-p/3075187|accessdate=23 October 2016}}</ref>
* [[Shopify]]<ref name="adweek"/>
* [[Slack (software)|Slack]]<ref name="pcworld"/>
* [[SoundCloud]]<ref name="adweek"/><ref name="bbc"/>
* [[Squarespace]]<ref name="Fusion"/>
* [[Spotify]]<ref name="gizmodo"/><ref name="atlantic"/><ref name="bbc"/>
* [[Starbucks]]<ref name="gizmodo"/><ref name="wjhg"/>
* [[Storify]]<ref name="ibtimes"/>
* [[Swedish Civil Contingencies Agency]]<ref name="sr-20161024">Joel Westerholm. "[https://sverigesradio.se/sida/artikel.aspx?programid=83&artikel=6547041 Så sänktes Twitter och Regeringen.se i attacken]", [[Sveriges Radio]], 24 October 2016. Retrieved 30 October 2016.</ref>
* [[Government of Sweden|Swedish Government]]<ref name="sr-20161024"/>
* [[Tumblr]]<ref name="gizmodo"/><ref name="atlantic"/>
* [[Twilio]]<ref name="gizmodo"/><ref name="Fusion"/>
* [[Twitter]]<ref name="adweek"/><ref name="gizmodo"/><ref name="atlantic"/><ref name="bbc"/>
* [[Verizon Communications]]<ref name="atlantic"/>
* [[Visa Inc.|Visa]]<ref name="cbs">{{cite web|title=U.S. internet disrupted as firm hit by cyberattacks|url=http://www.cbsnews.com/news/internet-disrupted-dyn-hit-by-ddos-cyberattack/|website=CBS News|accessdate=21 October 2016}}</ref>
* [[Vox Media]]<ref name="Verge">{{cite web|last1=Lecher|first1=Colin|title=Denial-of-service attacks are shutting down major websites across the internet|url=https://www.theverge.com/2016/10/21/13357344/ddos-attack-websites-shut-down|website=The Verge|accessdate=21 October 2016|date=21 October 2016}}</ref>
* [[Walgreens]]<ref name="Fusion"/>
* ''[[The Wall Street Journal]]''<ref name="Guardian"/>
* [[Wikia]]<ref name="gizmodo"/>
* ''[[Wired (magazine)|Wired]]''<ref name="ibtimes"/>
* [[Wix.com]]<ref name="ars">{{cite web|last1=Gallagher|first1=Sean|title=DoS attack on major DNS provider brings Internet to morning crawl [Updated]|url=https://arstechnica.com/security/2016/10/dos-attack-on-major-dns-provider-brings-internet-to-morning-crawl/|website=Ars Technica|accessdate=21 October 2016}}</ref>
* [[WWE Network]]<ref>{{cite web|last1=Wolkenbrod|first1=Rob|title=Why is the WWE Network Down on Friday, October 21?|url=http://dailyddt.com/2016/10/21/wwe-network-down-ddos-attack/|website=Daily DDT|accessdate=22 October 2016|date=21 October 2016}}</ref>
* [[Xbox Live]]<ref>{{cite web|last1=Sarkar|first1=Samit|title=Massive DDoS attack affecting PSN, some Xbox Live apps (update)|url=http://www.polygon.com/2016/10/21/13361014/psn-xbox-live-down-ddos-attack-dyn|website=Polygon|accessdate=23 October 2016|date=21 October 2016}}</ref>
* [[Yammer]]<ref name="pcworld"/>
* [[Yelp]]<ref name="Fusion"/>
* [[Zillow]]<ref name="Fusion"/>
{{Div col end}}


==Investigation==
Lynn
[[File:Cyberattack Slows US Access to Popular Sites.webm|thumb|right|[[White House]] spokesperson [[Josh Earnest]] responds on October 21, 2016, the day of the attack]]
The [[United States Department of Homeland Security|US Department of Homeland Security]] started an investigation into the attacks, according to a [[White House]] source.<ref name=":0" /><ref>{{Cite news|url=http://www.politico.com/story/2016/10/websites-down-possible-cyber-attack-230145|title=Government probes major cyberattack causing internet outages|newspaper=POLITICO|access-date=2016-10-21}}</ref><ref>{{Cite web|url=http://time.com/4540921/internet-dyn-outage-homeland-security/|title=Homeland Security Is 'Investigating All Potential Causes' of Internet Disruptions|last=Finkle|first=Jim|last2=Volz|first2=Dustin|date=|website=TIME.com|publisher=|access-date=2016-10-21}}</ref> No group of hackers claimed responsibility during or in the immediate aftermath of the attack.<ref>{{cite web|url=http://money.cnn.com/2016/10/21/technology/ddos-attack-popular-sites/index.html|title=Popular sites like Amazon, Twitter and Netflix suffer outages|website=money.cnn.com|publisher=CNN Money|accessdate=October 21, 2016}}</ref> Dyn's chief strategist said in an interview that the assaults on the company's servers were very complex and unlike everyday DDoS attacks.<ref name=":02">{{Cite news|url=https://www.nytimes.com/2016/10/22/business/internet-problems.html|title=No, It’s Not Just You. The Internet Is (Still) Having Problems.|last=Perlroth|first=Nicole|date=2016-10-21|last2=Mccann|first2=Erin|newspaper=The New York Times|issn=0362-4331|access-date=2016-10-21}}</ref> [[Barbara Simons]], a member of the advisory board of the United States [[Election Assistance Commission]], said such attacks could affect [[electronic voting]] for overseas military or civilians.<ref name=":02" />

Dyn disclosed that, according to business risk intelligence firm FlashPoint and [[Akamai Technologies]], the attack was a [[botnet]] coordinated through a large number of [[Internet of things|Internet of Things]]-enabled (IoT) devices, including [[camera]]s, [[residential gateway]]s, and [[baby monitor]]s, that had been infected with [[Mirai (malware)|Mirai]] malware. The attribution of the attack to the Mirai botnet had been previously reported by BackConnect Inc. another security firm.<ref>{{Cite news|url=http://motherboard.vice.com/read/blame-the-internet-of-things-for-destroying-the-internet-today|title=Blame the Internet of Things for Destroying the Internet Today|newspaper=Motherboard|language=en-us|access-date=2016-10-27}}</ref> Dyn stated that they were receiving malicious requests from tens of millions of [[IP address]]es.<ref name="wired"/><ref>{{Cite news|url=https://www.nytimes.com/2016/10/22/business/internet-problems-attack.html|title=Internet Attack Spreads, Disrupting Major Websites|last=Perlroth|first=Nicole|date=2016-10-21|newspaper=The New York Times|issn=0362-4331|access-date=2016-10-22}}</ref> Mirai is designed to [[brute-force attack|brute-force]] the security on an IoT device, allowing it to be controlled remotely.

Cybersecurity investigator [[Brian Krebs]] noted that the source code for Mirai had been released onto the Internet in an [[Open-source software|open-source]] manner some weeks prior, which will make the investigation of the perpetrator more difficult.<ref>{{cite web | url = https://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-explained | title= How an army of vulnerable gadgets took down the web today | first = Nick | last = Statt | date = October 21, 2016 | accessdate = October 21, 2016 | work = [[The Verge]] }}</ref> Since then, Mirai has been adapted in other malware projects.<ref>{{cite web | url = https://www.eyerys.com/articles/timeline/ddos-dyndns-internet-breaks | title= DDoS To DynDNS: The Internet Breaks | date = October 21, 2016 | accessdate = October 21, 2017 | work = Eyerys.com }}</ref>

On 25 October 2016, US President Obama stated that the investigators still had no idea who carried out the cyberattack.<ref>CNN, 25 October 2016, [http://money.cnn.com/2016/10/25/technology/cyberattack-obama-dyn-ddos/index.html Obama: We have no idea who carried out huge cyberattack]</ref>

==Perpetrators==
In correspondence with the website [[Politico]], [[hacktivist]] groups SpainSquad, [[Anonymous (group)|Anonymous]], and '''New World Hackers'''<!--incoming redirect to section - see [[MOS:BOLD]], [[WP:R#PLA]]--> claimed responsibility for the attack in retaliation for [[Ecuador]]'s rescinding Internet access to [[WikiLeaks]] founder [[Julian Assange]], at their [[Embassy of Ecuador, London|embassy in London]], where he has been granted [[right of asylum|asylum]].<ref name="politico1">{{cite web|last1=Romm|first1=Tony|last2=Geller|first2=Eric|title=WikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skeptical|url=http://www.politico.com/story/2016/10/websites-down-possible-cyber-attack-230145|website=POLITICO|accessdate=22 October 2016}}</ref> This claim has yet to be confirmed.<ref name="politico1"/> WikiLeaks alluded to the attack on [[Twitter]], tweeting "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point."<ref name="smh">{{cite web|last1=Han|first1=Esther|title=WikiLeaks' strange admission around internet attacks against Netflix and Twitter|url=http://www.smh.com.au/technology/technology-news/wikileaks-points-to-its-supporters-for-massive-ddos-cyber-attack-20161021-gs881u.html|website=The Sydney Morning Herald|accessdate=22 October 2016|date=22 October 2016}}</ref> New World Hackers has claimed responsibility in the past for similar attacks targeting sites like [[BBC]] and [[ESPN.com]].<ref>{{Cite news|url=https://www.nytimes.com/aponline/2016/10/21/world/europe/ap-disruptive-cyberattack.html|title=Cyberattacks on Key Internet Firm Disrupt Internet Services|last=The Associated Press|date=2016-10-21|newspaper=The New York Times|issn=0362-4331|access-date=2016-10-22}}</ref>

On October 26, FlashPoint stated that the attack was most likely done by [[script kiddie]]s.<ref>{{cite news|last1=Lomas|first1=Natasha|title=Dyn DNS DDoS likely the work of script kiddies, says FlashPoint|url=https://techcrunch.com/2016/10/26/dyn-dns-ddos-likely-the-work-of-script-kiddies-says-flashpoint/|accessdate=26 October 2016|work=TechCrunch|date=26 October 2016}}</ref>

A November 17, 2016 ''Forbes'' article reported that the attack was likely carried out by "an angry gamer".<ref>https://www.forbes.com/sites/leemathews/2016/11/17/angry-gamer-blamed-for-most-devastating-ddos-of-2016/#78871c472dac</ref>

==See also==
{{Portal|Computer security|Internet}}
* [[WannaCry ransomware attack]]
* [[Mirai (malware)]]
* [[Vulnerability (computing)]]
{{clear}}

==References==
{{reflist|30em}}

{{Commons category|October 2016 Dyn cyberattack}}
{{Hacking in the 2010s}}

{{DEFAULTSORT:Dyn cyberattack, October 2016}}
[[Category:2016 in computer science]]
[[Category:Denial-of-service attacks]]
[[Category:October 2016 crimes in Europe]]
[[Category:October 2016 crimes in the United States]]
[[Category:Internet of things]]
[[Category:WikiLeaks]]
[[Category:Botnets]]
[[Category:Malware]]
[[Category:Domain name system]]
[[Category:Hacking in the 2010s]]
[[Category:Cloud infrastructure attacks & failures]]

Revision as of 09:48, 9 November 2017

Dyn cyberattack
Map of areas most affected by attack,
16:45 UTC, 21 October 2016.[1]
DateOctober 21, 2016 (2016-10-21)
Time12:10 – 14:20 UTC
16:50 – 18:11 UTC
21:00 – 23:11 UTC
[citation needed][needs update]
LocationEurope and North America, especially the Eastern United States
TypeDistributed denial-of-service
ParticipantsUnknown
SuspectsNew World Hackers, Anonymous
(self-claimed)

The 2016 Dyn cyberattack took place on October 21, 2016, and involved multiple distributed denial-of-service attacks (DDoS attacks) targeting systems operated by Domain Name System (DNS) provider Dyn, which caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America.[2][3] The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.[4]

As a DNS provider, Dyn provides to end-users the service of mapping an Internet domain name—when, for instance, entered into a web browser—to its corresponding IP address. The distributed denial-of-service (DDoS) attack was accomplished through a large number of DNS lookup requests from tens of millions of IP addresses.[5] The activities are believed to have been executed through a botnet consisting of a large number of Internet-connected devices—such as printers, IP cameras, residential gateways and baby monitors—that had been infected with the Mirai malware.

Timeline and impact

According to Dyn, a distributed denial-of-service (DDoS) attack began at 7:00 a.m. (EDT) and was resolved by 9:20 a.m. A second attack was reported at 11:52 a.m. and Internet users began reporting difficulties accessing websites.[6][7] A third attack began in the afternoon, after 4:00 p.m.[5][8] At 6:11 p.m., Dyn reported that they had resolved the issue.[9][10]

Dyn Chief Strategy Officer and spokesperson Kyle York led the communication response with customers, partners and the market.

Affected services

Services affected by the attack included:

Investigation

White House spokesperson Josh Earnest responds on October 21, 2016, the day of the attack

The US Department of Homeland Security started an investigation into the attacks, according to a White House source.[2][33][34] No group of hackers claimed responsibility during or in the immediate aftermath of the attack.[35] Dyn's chief strategist said in an interview that the assaults on the company's servers were very complex and unlike everyday DDoS attacks.[7] Barbara Simons, a member of the advisory board of the United States Election Assistance Commission, said such attacks could affect electronic voting for overseas military or civilians.[7]

Dyn disclosed that, according to business risk intelligence firm FlashPoint and Akamai Technologies, the attack was a botnet coordinated through a large number of Internet of Things-enabled (IoT) devices, including cameras, residential gateways, and baby monitors, that had been infected with Mirai malware. The attribution of the attack to the Mirai botnet had been previously reported by BackConnect Inc. another security firm.[36] Dyn stated that they were receiving malicious requests from tens of millions of IP addresses.[5][37] Mirai is designed to brute-force the security on an IoT device, allowing it to be controlled remotely.

Cybersecurity investigator Brian Krebs noted that the source code for Mirai had been released onto the Internet in an open-source manner some weeks prior, which will make the investigation of the perpetrator more difficult.[38] Since then, Mirai has been adapted in other malware projects.[39]

On 25 October 2016, US President Obama stated that the investigators still had no idea who carried out the cyberattack.[40]

Perpetrators

In correspondence with the website Politico, hacktivist groups SpainSquad, Anonymous, and New World Hackers claimed responsibility for the attack in retaliation for Ecuador's rescinding Internet access to WikiLeaks founder Julian Assange, at their embassy in London, where he has been granted asylum.[4] This claim has yet to be confirmed.[4] WikiLeaks alluded to the attack on Twitter, tweeting "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point."[41] New World Hackers has claimed responsibility in the past for similar attacks targeting sites like BBC and ESPN.com.[42]

On October 26, FlashPoint stated that the attack was most likely done by script kiddies.[43]

A November 17, 2016 Forbes article reported that the attack was likely carried out by "an angry gamer".[44]

See also

References

  1. ^ "Level3 outage? Current problems and outages". downdetector.com. Retrieved 23 October 2016.
  2. ^ a b Etherington, Darrell; Conger, Kate. "Many sites including Twitter, Shopify and Spotify suffering outage". TechCrunch. Retrieved 2016-10-21.
  3. ^ "The Possible Vendetta Behind the East Coast Web Slowdown". Bloomberg.com. Retrieved 2016-10-21.
  4. ^ a b c Romm, Tony; Geller, Eric. "WikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skeptical". POLITICO. Retrieved 22 October 2016.
  5. ^ a b c Newman, Lily Hay. "What We Know About Friday's Massive East Coast Internet Outage". WIRED. Retrieved 2016-10-21.
  6. ^ "Sites across the internet suffer outage after cyberattack". mashable.com. Mashable. Retrieved October 21, 2016.
  7. ^ a b c Perlroth, Nicole; Mccann, Erin (2016-10-21). "No, It's Not Just You. The Internet Is (Still) Having Problems". The New York Times. ISSN 0362-4331. Retrieved 2016-10-21.
  8. ^ a b Lovelace Jr., Berkeley (21 October 2016). "After cyberassault KOs Amazon, Twitter, Spotify, third attack reported". CNBC. Retrieved 21 October 2016.
  9. ^ "Dyn, Inc. Status - Update Regarding DDoS Event Against Dyn Managed DNS on October 21, 2016". dynstatus.com. Retrieved 21 October 2016.
  10. ^ "Red Stag Fulfillment - Can Hackers Shut Down Your Ecommerce Business?". redstagfulfillment.com. Retrieved 21 October 2016.
  11. ^ a b c d e f g h Heine, Christopher. "A Major Cyber Attack Is Hurting Twitter, Spotify, Pinterest, Etsy and Other Sites". AdWeek. Retrieved 21 October 2016.
  12. ^ a b c d e f g h i j k l Turton, William. "This Is Probably Why Half the Internet Shut Down Today [Update: It's Happening Again]". Gizmodo. Retrieved 2016-10-21.
  13. ^ a b c d e f g h i j k l m n o p q r s t u Chiel, Ethan. "Here Are the Sites You Can't Access Because Someone Took the Internet Down". Fusion. Retrieved 21 October 2016.
  14. ^ Chavez, Danette (21 October 2016). "Here's why half the internet went down today". The A.V. Club. Retrieved 21 October 2016.
  15. ^ a b c Murdock, Jason (21 October 2016). "Twitter, Spotify, Reddit among top websites knocked offline by major DDoS attack". International Business Times UK. Retrieved 21 October 2016.
  16. ^ a b c d e f g h i j k Meyer, Robinson; LaFrance, Adrienne. "What's Going On With the Internet Today?". The Atlantic. Retrieved 2016-10-21.
  17. ^ @TESOnline (21 October 2016). "We are still investigating intermittent login issues some players are experiencing across all megaservers" (Tweet) – via Twitter.
  18. ^ a b c d e f g "Massive web attacks briefly knock out top sites". BBC News. 21 October 2016.
  19. ^ a b c d Thielman, Sam; Johnston, Chris (21 October 2016). "Major cyber attack disrupts internet service across Europe and US". The Guardian. Retrieved 21 October 2016.
  20. ^ Hinckley, Story (21 October 2016). "Did the East Coast just suffer a massive cyberattack?". Christian Science Monitor. Retrieved 21 October 2016.
  21. ^ a b Hughes, Matthew (21 October 2016). "A massive DDOS attack against Dyn DNS is causing havoc online [Updated]". The Next Web. Retrieved 21 October 2016.
  22. ^ a b "Having internet problems today? Here's what's going on". WJHG-TV. Retrieved 21 October 2016.
  23. ^ a b c d Chacos, Brad. "Major DDoS attack on Dyn DNS knocks Spotify, Twitter, Github, PayPal, and more offline". PCWorld. Retrieved 22 October 2016.
  24. ^ Menn, Joseph (22 October 2016). "Cyber attacks disrupt PayPal, Twitter, other sites". Reuters. Retrieved 23 October 2016.
  25. ^ "DDoS Attack on DNS; Major sites including GitHub PSN, Twitter Suffering Outage". HackRead. 21 October 2016. Retrieved 23 October 2016.
  26. ^ "[RESOLVED] Unscheduled Maintenance". Retrieved 23 October 2016.
  27. ^ a b Joel Westerholm. "Så sänktes Twitter och Regeringen.se i attacken", Sveriges Radio, 24 October 2016. Retrieved 30 October 2016.
  28. ^ "U.S. internet disrupted as firm hit by cyberattacks". CBS News. Retrieved 21 October 2016.
  29. ^ Lecher, Colin (21 October 2016). "Denial-of-service attacks are shutting down major websites across the internet". The Verge. Retrieved 21 October 2016.
  30. ^ Gallagher, Sean. "DoS attack on major DNS provider brings Internet to morning crawl [Updated]". Ars Technica. Retrieved 21 October 2016.
  31. ^ Wolkenbrod, Rob (21 October 2016). "Why is the WWE Network Down on Friday, October 21?". Daily DDT. Retrieved 22 October 2016.
  32. ^ Sarkar, Samit (21 October 2016). "Massive DDoS attack affecting PSN, some Xbox Live apps (update)". Polygon. Retrieved 23 October 2016.
  33. ^ "Government probes major cyberattack causing internet outages". POLITICO. Retrieved 2016-10-21.
  34. ^ Finkle, Jim; Volz, Dustin. "Homeland Security Is 'Investigating All Potential Causes' of Internet Disruptions". TIME.com. Retrieved 2016-10-21.
  35. ^ "Popular sites like Amazon, Twitter and Netflix suffer outages". money.cnn.com. CNN Money. Retrieved October 21, 2016.
  36. ^ "Blame the Internet of Things for Destroying the Internet Today". Motherboard. Retrieved 2016-10-27.
  37. ^ Perlroth, Nicole (2016-10-21). "Internet Attack Spreads, Disrupting Major Websites". The New York Times. ISSN 0362-4331. Retrieved 2016-10-22.
  38. ^ Statt, Nick (October 21, 2016). "How an army of vulnerable gadgets took down the web today". The Verge. Retrieved October 21, 2016.
  39. ^ "DDoS To DynDNS: The Internet Breaks". Eyerys.com. October 21, 2016. Retrieved October 21, 2017.
  40. ^ CNN, 25 October 2016, Obama: We have no idea who carried out huge cyberattack
  41. ^ Han, Esther (22 October 2016). "WikiLeaks' strange admission around internet attacks against Netflix and Twitter". The Sydney Morning Herald. Retrieved 22 October 2016.
  42. ^ The Associated Press (2016-10-21). "Cyberattacks on Key Internet Firm Disrupt Internet Services". The New York Times. ISSN 0362-4331. Retrieved 2016-10-22.
  43. ^ Lomas, Natasha (26 October 2016). "Dyn DNS DDoS likely the work of script kiddies, says FlashPoint". TechCrunch. Retrieved 26 October 2016.
  44. ^ https://www.forbes.com/sites/leemathews/2016/11/17/angry-gamer-blamed-for-most-devastating-ddos-of-2016/#78871c472dac
Wikimedia Commons has media related to October 2016 Dyn cyberattack.
Retrieved from "https://en.wikipedia.org/w/index.php?title=DDoS_attacks_on_Dyn&oldid=809473571"