Across the US on Friday, people screamed at their phones and computers and went a little crazy trying to figure out which of their favorite websites were still working.
At 7 a.m. local time, folks on the East Coast discovered that sites like Twitter, Spotify, Etsy, Netflix and software code-management service GitHub were knocked for a loop. Hackers had flooded Dyn, one of the biggest internet management companies in the country, with junk traffic -- effectively shutting down services and websites throughout the region.
The outages eased after two hours but returned with a vengeance at midday, affecting areas across the US and parts of Europe.
"The earlier issues have resurfaced & some people may still be having trouble accessing Twitter," the company tweeted. "We're working on it!" Meanwhile, the US Department of Homeland Security said it was "investigating all potential causes."
It wasn't until late in the day that Dyn said the issue had been resolved.
Hackers had used what's known as a distributed denial of service attack (DDoS) -- conscripting hordes of internet-connected devices like computers, routers and security cameras into a botnet -- to cripple Dyn's servers.
Based in New Hampshire, Dyn is both a DNS service provider -- translating URLs into IP addresses -- and an internet management company, helping website customers get the best-possible online performance. It also filters out bad traffic headed to the websites, and that's where things fell apart Friday. By overwhelming Dyn, the attackers were able to overwhelm many of its customers.
Last month, noted security expert Bruce Schneier said core internet companies were seeing people probing their networks to learn how well they could respond to DDoS attacks. The title of his blog post: "Someone is learning how to take down the internet."
DDoS attacks have been around since the dawn of the modern internet, but they've been getting more powerful. Last month, the website of security expert Brian Krebs was hit with 620 gigabits per second of traffic.
Cybersecurity company Flashpoint said Friday the botnet attacking Dyn was built with the same malicious software that launched the attack against Krebs and French website OVH -- the two most powerful DDoS attacks on record. Called Mirai, the malware works by "enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks," Flashpoint researchers said in a statement.
Until now, successful attacks on sites as large and popular as Twitter, Reddit and Netflix have been rare.
"Given the drastic increase lately in the size and scope of DDoS attacks, DNS providers [like Dyn] are scrambling to increase bandwidth capacity to withstand the latest attacks," said Jeremiah Grossman, chief of security for cybersecurity company SentinelOne. "They are attractive targets for large-scale DDoS attacks."
Having just about everything connected to the internet doesn't help. Before, the bad guys had to rope in thousands of computers to launch their attacks. Now they have potentially millions of smart TVs, refrigerators, home routers, security cameras -- even baby monitors -- at their disposal.
Given how easy these devices tend to be for hackers to compromise, researchers like Shankar Somasundaram of Symantec think DDoS attacks will just get worse.
"There will be more of these attacks," he said.
First published October 21 at 6:52 a.m. PT.
Most recently updated on October 22 at 8:58 a.m.: After updates throughout the day Friday, which included the addition of comments from Twitter and others, as well as various background information, this story was recast Saturday to reflect that the outage had been brought under control.