This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider. Details of how the attack happened remain vague, but one thing seems certain. Our internet is frightfully fragile in the face of increasingly sophisticated hacks.
Some think the attack was a political conspiracy, like an attempt to take down the internet so that people wouldn’t be able to read the leaked Clinton emails on Wikileaks. Others think it’s the usual Russian assault. No matter who did it, we should expect incidents like this to get worse in the future. While DDoS attacks used to be a pretty weak threat, we’re entering a new era.
DDoS attacks, at the most basic level, work like this. An attacker sends a flurry of packets, essentially just garbage data, to an intended recipient. In this case, the recipient was Dyn’s DNS servers. The server is overwhelmed with the garbage packets, and can’t handle the incoming connections, eventually slowing down significantly or totally shutting down. In the case of Dyn, it was probably a little more complex than this. Dyn almost certainly has advanced systems for DDoS mitigation, and the people who attacked Dyn (whoever they are) were probably using something more advanced than a PC in their mom’s basement.
We are nevertheless getting a taste of what the new era of DDoS attacks look like, however. As security expert Bruce Schneier explained in a blog post:
“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.”
This sort of attack is deeply different than the headline-grabbing DDoS attacks of years past. In 2011, hacker collective Anonymous rose to fame with DDoS attacks that pale in comparison to today’s attack on Dyn. Instead of taking out an individual website for short periods of time, hackers were able to take down a major piece of the internet backbone for an entire morning—not once but twice. That’s huge.